EXELA TECHNOLOGIES LIMITED

CloudX-Service

Next Generation Multi-Cloud Managed Services

Features

• Scalable as per Business Need
• Highly available : Redundancy
• Secure: End to End Data Protection
• AI based Automated, fast response
• Enhance End user Experience
• Less Manual Intervention

Benefits

• AI can significantly reduce manual work and optimizing workflows
• AI helps eliminate human error in data collection, analysis,decision-making.
• Pay as per usage
• Service Transparency

£407 to £633 a user a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at daren.williams@xbpeurope.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

241406767374685

Contact

Daren Williams
07960191798
daren.williams@xbpeurope.com

Service scope

• Service constraints: None
• System requirements: Connectivity - Stable and Secure Connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our response times will be based on the Incident category. For critical issues impacting business, we respond within 5~10 minutes. and General inquiries not impacting any business typically receive a response within 4~8 hours during business hours. Weekend response times may be slightly extended, but we strive to maintain consistent service whenever possible.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: Services support offerings based on business requirements and budgets. ; ; Bronze Support: This cost-effective plan provides access to our online knowledge base, self-service ticketing system, and email support with a response time of 8~24 hours for general inquiries.; ; Silver Support: Ideal for most businesses, this plan includes everything in Basic Support, plus phone support with extended hours and a guaranteed response time of 4~8 hours for priority issues.; ; Gold Support: this premium plan offers dedicated phone support with even faster response times of 15 minutes to 1 hour. A Technical Account Manager will be assigned.; ; Across all support levels, our team has experienced professionals with a strong understanding of Datacenter and Cloud IT domains.; ; By offering a range of support options, we ensure you get the right level of service at a price that aligns with your budget and technical requirements.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Once the service is deployed in the environment, KT session will be provided along with the SOP documents
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Via for General data self-service portal and more specific data need to submit request data retrieval upon termination.
• End-of-contract process: Following are the Three possibilities ; 1. Contract renewal - Upon agreement with both parties on terms and Pricing the contract will be renewed. ; 2. Contract End - Once services is delivered and paid for, the contract ends. Both parties meet all their terms as mentioned in the contract ; 3. Contract Termination/Breach - The contract breach will include a penalty.

Using the service

• Web browser interface: Yes
• Using the web interface: 1. users will have a dedicated portal to set up services. ; 2. based on the level of access provided to the users can make changes. ; 3. No
• Web interface accessibility standard: WCAG 2.1 AAA
• Web interface accessibility testing: Improves overall usability for everyone by identifying navigation and functionality issues.
• API: Yes
• What users can and can't do using the API: Users will do API integration which seamlessly communicates with the service.
• API automation tools:
  • Ansible
  • OpenStack
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: The cloud-based infrastructure allows automatic scaling of resources up or down based on real-time demand. This helps ensure sufficient resources are available for the users without any impact on service performance.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: GCP, Oracle, AWS, Azure

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files - Individual file back up
  • System - Full back of system files
  • Application - Back of entire Application
  • Database - Fully Automatic Data back and Secure it.
• Backup controls: AI-Enabled Fully automated and managed backup solution. with 24x7 Backup Support. Backup set design. we make sure your data is always protected. The Recovery for individual file restored to full restoration.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We offer services with a tide Service Level Agreement (SLA) and guaranteed uptime percentage. means your critical systems will be available for 99.99% of the year, with minimal downtime. with proactive monitoring and redundant infrastructure to ensure rapid issue identification and resolution. in case of SLA breach, the team will do an impact analysis, and based on that the severity and duration of the downtime. We offer transparent credit towards your next invoice, ensuring accountability for our performance.
• Approach to resilience: We are offering highly resilient and secure data center services to minimize disruptions and end-to-end data protraction. Data Centers are strategically located in diverse geolocations. All critical infra elements (This includes hardware, software, and network connections.) are in a High Availability (HA) setup which provides a great level of service uptime and infra availability even if one element fails. Also with a comprehensive disaster recovery plan in place, we resume normal operations as quickly as possible after a major incident. With AI-based monitoring systems we constantly monitor, Infra and services for any potential issues. This allows us to identify and address problems before they significantly impact service delivery.
• Outage reporting: Real-time status of system health regarding ongoing outages, scheduled maintenance, and incidents, will be available on the Dashboard which users can access anytime to get updates on any service outage/impact, We also send Customer Notification Letter (NCL) via email with detailed information on the service disruption, time to resolve. API-integrated monitoring and Alert platform with the customer environment help user to get details information about the incident and its nature.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
• Access restrictions in management interfaces and support channels: By implementing an access control policy, role-based user access with MFA, and access to the management interfaces locked down with strong passwords. User verification and access are based on specific permissions. This ensures that only authorized user can access infrastructure and sensitive data.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Available on request
• ISO/IEC 27001 accreditation date: 2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Exela has a range of Information Security Policies & Standards covering the following domains: Asset Management, Asset Protection, Asset Identification & Classification, Acceptable Use, Threat Assessment & Management, Vulnerability Assessment & Management, Security Awareness, Risk Management, Business Continuity, Data Protection, Privacy, Physical Security, Cloud Services, and Third Party Suppliers.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Exela adheres to an established change control process for requesting and managing customer changes to agreed-upon project scope and related operational processes and procedures. We implement a mutually agreed-upon change control process with our customers during the planning phase of each implementation to provide adequate balance between flexibility and scope management. A change request is defined as any material alteration to the project scope, schedule, or budget after each is considered complete and/or has been baseline approved. Each change is assessed for impact to business continuity as well as all aspects regarding security.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Exela’s solutions are built on the objectives established within our threat assessment and monitoring policy and provides specific requirements for responding to security incidents including, general security incidents, information exposures, and infrastructure intrusions (i.e., operational, physical, and technical security incidents). The incident response approach includes detection, analysis, containment, eradication, and recovery (including public relations and reputation management as appropriate). Suspected incidents, anomalous events, breaches, or unauthorized information exposures are reported by management, operational staff, account managers, system or network administrators, and other personnel to Information Security & Risk (InfoSec) or the company hotline.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Incidents are reported internally to InfoSec as soon as possible upon discovery, but no later than 24 hours. If the incident involves the use of computing technology and information system assets, We may, at our discretion, use approved outside forensic investigators to assist in resolution. Upon identifying the cause, the cognizant manager works with InfoSec to determine a plan to mitigate any damages and remediate the root cause. Customer account managers maintain a list of customer contact information to be used to report security incidents as appropriate and are engaged in all incidents which involve customer resources or customer information.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are reported internally to InfoSec as soon as possible upon discovery, but no later than 24 hours. If the incident involves the use of computing technology and information system assets, and the investigation requirements are beyond the skill set of the InfoSec department staff, approved outside forensic investigators may be engaged. Upon identifying the cause, the cognizant manager works with InfoSec to determine a plan to mitigate any damages and remediate the root cause. Customer account managers or designated operation management maintains a list of customer contact information that shall be used to report security incidents as appropriate.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Oracle VM
• How shared infrastructure is kept separate: We offer a multi-tenant infrastructure environment, Virtualization provides secure and isolated virtual infra for multiple organizations where data, applications, and other sensitive information are hosted securely, and all information will remain safe.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: N/A

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Exela is dedicated to delivering environmental benefits alongside our contractual obligations. This includes achieving net zero greenhouse gas emissions. Here's how:; ; Understanding Our Impact:; ; We have developed a Carbon Reduction Plan aligned with PPN 06/21, can be supplied electronically and will be published on our new website soon.; ; We'll conduct an environmental impact assessment to identify areas for improvement across our operations and supply chain.; ; Collaboration for Change:; ; We'll work with suppliers to reduce their environmental footprint through energy efficiency, waste reduction, and sustainable materials.; ; Investing in the Future:; ; We're transitioning our fleet to electric vehicles and exploring new technologies like renewable energy to minimise our impact.; Empowering Action:; ; We'll educate staff and customers on environmental sustainability, fostering a culture of responsible practices.; ; Measurable Progress:; ; We're ISO 14001 certified (with equivalent accreditations across EMEA) and have a three-year plan to deliver environmental benefits:; Year 1: Understand our impact.; Year 2: Collaborate with suppliers.; Year 3: Invest in new technologies.; ; Transparent Reporting:; ; We'll monitor progress using key metrics like greenhouse gas reduction, waste recycling, energy saving, and employee sustainability training.; Quarterly reports and publicly available data ensure transparency.; ; Engaging Stakeholders:; ; Throughout the process, we'll engage with staff, suppliers, customers, and communities through:; Open communication; Educational training; Partnerships with environmental organisations; Encouraging employee volunteerism; ; Working Together for a Sustainable Future:; ; Exela is committed to achieving net zero emissions and delivering lasting environmental benefits. We believe collaborative action creates significant impact.; ; Additional Considerations:; ; We'll actively promote environmental awareness through marketing and communication channels.

  Tackling economic inequality

  Exela is committed to strengthening supply chain resilience. Here's our approach:; ; Rigorous Onboarding:; ; We conduct financial stability checks, sanctions screening, and collect regulatory documents from all suppliers. Risk assessments ensure a robust supply chain with staged reviews and audits.; Collaborative Approach:; ; We'll work with suppliers to improve resilience through diversified supply chains and contingency plans. We understand customer expectations and leverage local suppliers where possible, fostering long-term partnerships with local cleaning, stationery, catering, and maintenance providers.; Empowering Suppliers:; ; Training and support will be offered on risk management, supply chain planning, and crisis management, enhancing their resilience and reducing disruption vulnerability.; Innovative Solutions:; ; We'll collaborate to develop solutions like blockchain-powered tracking or new storage and distribution methods. Exploration of AI and machine learning will further improve our ability to predict and respond to disruptions.; A Three-Year Plan:; ; Year 1: Focus on understanding supplier and customer needs.; Year 2: Provide training and support to suppliers.; Year 3: Develop innovative solutions for supply chain challenges.; Measuring Progress:; ; Metrics include number of trained suppliers, customer satisfaction with resilience measures, and disruptions avoided. Quarterly reports and publicly available data ensure transparency.; Stakeholder Engagement:; ; We'll engage with staff, suppliers, customers, and communities through:; Ongoing communication; Co-designing solutions; Training on risk management and crisis preparedness; Partnerships with relevant organisations; Encouraging employee volunteerism; Working Together for Success:; ; By collaborating with all stakeholders, Exela believes we can significantly increase supply chain resilience, benefiting our entire ecosystem.

  Equal opportunity

  Exela is dedicated to fostering a diverse and inclusive workforce . Here's how:; ; Understanding the Challenge:; ; We actively monitor diversity metrics like race, gender, disability, and age (when provided voluntarily). This data helps us identify and address specific inequalities within our company.; ; Implementing Equality Measures:; ; Our policies promote non-discrimination across recruitment, training, promotions, and benefits. All employees have equal access to training and career advancement based on merit.; ; Monitoring and Evaluation:; ; We regularly review our practices to ensure accessibility for disabled employees and analyse diversity data in recruitment to identify underrepresented groups.; We monitor pay gaps and publish our Gender Pay Gap report (see: https://emea.exelatech.com/sites/default/files/Gender-Pay-Gap-Report-Summary-2020.21.pdf).; ; Metrics for Success:; ; We track progress using metrics like:; Number of hires/promotions from underrepresented groups; Number of training participants; Number of employees utilizing flexible work arrangements; We report progress to stakeholders quarterly and publish data for transparency.; ; Engaging Stakeholders:; ; We collaborate with staff, suppliers, customers, and communities through:; Open communication; Unconscious bias and equal pay training; Encouraging employee volunteering in the local community (e.g., Harlow, Essex); A Long-Term Commitment:; ; Tackling inequality is a core value for Exela, fostering a motivated and diverse workforce. We believe transparency and collaboration will lead to significant progress.

  Wellbeing

  Exela recognises the importance of safeguarding employee wellbeing. With the pandemic, employees have felt extra pressure and stress. In order to support employees, Exela UK appointed 3 Wellbeing champions last year.; These 3 champions look after the mental and physical health wellbeing of the entire workforce.; A designated helpline has been set up to assist with everything from financial worries to physical health and it directs employees to the correct organisation.; The HR department facilitates different initiatives and social activities such as Walking and Running groups or promotes more educational workshops such as healthy eating.

Pricing

• Price: £407 to £633 a user a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at daren.williams@xbpeurope.com. Tell them what format you need. It will help if you say what assistive technology you use.