CSI Limited

Archival, Backup and Disaster Recovery Services

CSI can build a scalable, resilient, robust and cost-efficient infrastructure solution for backup and recovery. Provisioned in a private, public or hybrid approach we offer; long term archival; fast disaster recovery with pre-defined recovery and restore SLAs; data tiering; fully managed backup solutions for your physical and virtual machines

Features

• Comprehensive reporting, monitoring and alerting
• Unlimited technical support
• Remote management and out-tasking
• Guaranteed backup success, underpinned by service credits
• Can provision an offsite recovery vault for long-term retention
• Cost optimisation via cloud storage solutions and various licensing models
• Regular service, capacity and performance reviews
• Data Protection Maturity Model identifies your as-is and to-be environment

Benefits

• Reduce business risk by identifying critical applications and data
• Provide insight and visibility of your IT infrastructure
• Ensure 98% success rate for backup and recovery
• Reduce TCO of data protection environment.
• Faster recovery times - reduced risk of revenue/productivity loss
• Meet compliance and regulatory requirements

£0.07 to £0.35 a gigabyte a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.billett@csiltd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

250541597900128

Contact

Jennifer Billett
08001088301
jennifer.billett@csiltd.co.uk

Service scope

• Service constraints: Our suite of Helix Protect offerings supports the majority of backup infrastructures (providing reporting, monitoring, support or management) on a minimum of 1 year contract. Please see relevant Service Definition Document.
• System requirements:
  • Operating systems and applications at supported levels.
  • Suitable internet links to transfer data.
  • Provision of physical or virtual hosts to host the software.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Request for Information – 4 hour response – whether emailed, phoned or on the Community Restore Request – 2 hour response Critical Restore Request – 1 hour response – must be phoned through Out of Hours – Chargeable for all 10x5 customers – contract hours are 8am – 6pm Monday to Friday Monday – Friday between 6pm – 8am Must phone the Service Desk 6pm – 10pm - £150 per hour All day Saturday - £150 per hour 10pm Saturday – 6am Monday - £200 per hour
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: CSI provide advanced monitoring, reporting and alerting, access to a first, second and third line service desk, through to a fully managed solutions. Most accounts will be allocated a Technical Account Manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The service is simple and easy to understand. However, CSI provide full support in helping our clients familiarise themselves and ensure successful roll-out of the service. Online training and documentation will also be provided
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: In the vast majority of cases, data remains within the customer's core infrastructure, and is only remotely managed. Where CSI are hosting data, we will work with the customer during the off-boarding process to facilitate extraction of the data.
• End-of-contract process: The principle of the suite of services is to provide insight, support or remote management of the customer's backup infrastructure. Therefore, at the end of the contract, we will disengage and hand responsibility back the customer as per our off-boarding process, which is included within the cost of the contract.

Using the service

• Web browser interface: Yes
• Using the web interface: The web interface allows users to raise questions, incidents and requests. It also gives access to knowledge, databases, forums and comprehensive reporting consoles.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Interface doesn't comply with EN 301 549 9 as this specifies how much users can zoom, how colour is used, and the contrast of web pages.
• Web interface accessibility testing: Interface doesn't comply with EN 301 549 9 as this specifies how much users can zoom, how colour is used, and the contrast of web pages.
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Through regular monitoring with performance and capacity management of the overall infrastructure.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics:
  • Backup success rates.
  • Backup statistics.
  • Storage utilisation.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: IBM and Dell-EMC

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Majority of servers, applications, files and volumes (see SDD).
  • Mobile and endpoint devices.
  • Cloud applications (e.g. O365).
• Backup controls: CSI will define a data protection catalogue which the customer or CSI will use to govern the backup policies. There is huge flexibility on what can be backed up, when and how
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: In the vast majority of cases, data is held within the customer's backup environment, and CSI provide remote support and management as required.
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: For our managed service (Helix Protect Enterprise) CSI provide an SLA of greater than 98% backup success rate, with a 5% service credit if we are unable to meet this SLA. Please see relevant Service Definition Document for more details.
• Approach to resilience: CSI have ensured their service delivery is resilient in terms of site loss and component failure.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Each user can have policy-driven profiles applied to govern their level of access.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password
• Devices users manage the service through: Dedicated device on a government network (for example PSN)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas
• ISO/IEC 27001 accreditation date: 14-01-2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: NCC Services Ltd
• PCI DSS accreditation date: 27/02/2022
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: CSI subscribe to and actively embrace ISO 27001. Our internal auditing process and the annual external audits ensure that the policies are being followed. Any breach of our information security policy is logged and escalated to the information security officer for a full and thorough review.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: As a service provider,CSI have a mature change-management process, which includes risk analysis, roll-back plans, and approval and verification steps.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: CSI subscribe to multiple threat-alert channels through our security partners and vendors. Critical patching will be completed within 3 days. Routine patching is completed on either a monthly or quarterly cycle.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: CSI use regular vulnerability scans and penetration testing to identify potential compromises which will be addressed as soon as commercially reasonable.
• Incident management type: Undisclosed
• Incident management approach: Our incident management process is based on ITIL and has been refined over the many years of CSI being a service provider. Individual incidents are addressed and closed. Multiple incidents can trigger a problem management process. Major incidents will generate a incident report.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: CSI provide a TCO Tool which provides the output on cooling requirements to make sure that the energy requirements are optimised.

Social Value

• Fighting climate change:

  Fighting climate change

  Whilst CSI is not a manufacturer of hardware or software we are focused on producing 100% commitment to minimise any activities, which could do harm to the environment. In order to achieve this objective, we will: • Assess the environmental impact of all current and likely future operations. • Continuously seek to improve environmental performance. • Wherever possible purchase goods and services which are manufactured in an environmental and responsible manner. • Progressively improve levels of environmental protection and reduce the waste generated by the operations and commercial activities of the company, promoting recycling or reuse of objects/materials. • Raise awareness, encourage participation and train employees in environmental matters, and make information available where necessary. • Expect similar environmental standards from our suppliers and contractors. • Assist customers to use products and services in an environmentally sensitive way where possible. • Participate in discussions about environmental issues when necessary. • Do all that is necessary to comply with any legal or regulatory requirements. • Review the policy on an annual basis or as and when applicable and revise if necessary. • We share the industry’s concern about the impact on the environment of obsolete IT equipment that is not recycled and believe no computer should go to waste. We have a strong commitment to keep environmentally sensitive IT materials out of landfills. We work with our suppliers to enable materials to be reused or recycled, and to help conserve natural resources.
• Covid-19 recovery:

  Covid-19 recovery

  CSI has improved workplace conditions that support the COVID-19 recovery effort by closing down a London based office and improving conditions in our remaining two office locations. At our remaining two office locations in the UK we have enforced effective social distancing, testing kits on site that require a negative test before being granted access, a booking system to ensure that numbers of staff on site are not exceeded, sanitising of workspaces as well as hand sanitising products provided across the buildings. All employees are able to work and function fully remotely.
• Tackling economic inequality:

  Tackling economic inequality

  CSI only work with reputable organisations that have robust an ethical supply chains in place to provide the equipment our clients require. Eg - IBM IBM does business with suppliers that are environmentally & socially responsible, and encourages environmental leadership among them. IBM routinely responds to requests from clients and governments for information about the environmental attributes of our products. The source for this information is their suppliers. The objectives of our requirements for suppliers and their supplier evaluation program include: • Ensuring that IBM does business with environmentally responsible suppliers that are actively managing and reporting on their environmental impact • Helping our suppliers build capabilities and expertise in the environmental area • Avoiding transfer of responsibility for environmentally sensitive operations to any company lacking the commitment or capability to manage them properly • Reducing our suppliers' environmental and workplace health and safety risk • Protecting IBM, to the greatest extent possible, from potential environmental liabilities or adverse publicity Supplier social and environmental management system requirements Since 2010, IBM has required that all of its first-tier suppliers maintain a management system to address their social and environmental responsibilities. Our objective is to help our suppliers build/enhance their own capability to succeed in this area. Environmental evaluations As part of its global environmental management system, IBM conducts a three-stage supplier environmental evaluation for suppliers executing processes - IBM has specified or furnished chemicals or process equipment or providing hazardous waste management services or product end-of-life management services, with increasing levels of detail, depending on the risks associated with and the potential environmental impacts from the supplier's operations. Supplier Code of Conduct IBM endorses the Responsible Business Alliance Code of Conduct for its internal operations and requires the same of our direct suppliers for hardware, software and services. https://www.ibm.com/ibm/environment/supply/ms_requirement.shtml https://www.ibm.com/ibm/environment/supply/evaluations.shtml https://www.ibm.com/ibm/environment/supply/supplier_coc.shtml
• Equal opportunity:

  Equal opportunity

  We aim to provide equal opportunities and avoid discrimination in all aspects of employment and to ensure that the talent and skills of all individuals are maximised. Our approach applies to recruitment, terms and conditions of employment (including pay), appraisals, promotion, disciplinary and grievance procedures and training. This policy applies to employees, officers, agency workers, casual workers, consultants and self-employed contractors. Part-time and fixed-term staff should be treated the same as comparable full-time or permanent staff and enjoy no less favourable terms and conditions (pro rata where appropriate), unless different treatment is justified. The following forms of discrimination are prohibited under our policy and are unlawful: a) Direct Discrimination b) Indirect Discrimination c) Harassment d) Victimisation e) Disability Discrimination You must not discriminate against or harass individuals including other employees, former employees, job applicants, clients, customers, suppliers and visitors. This provision applies within the workplace and outside of the workplace on work related business or events (including but not limited to client visits, meetings, networking, social events).
• Wellbeing:

  Wellbeing

  The CSI Employee Assistance Programme is designed to provide staff, and their immediate family that live with them, a confidential telephone support service. LifeWorks consultants are available 8am to 8pm, Monday to Friday. Counsellors are available 24 hours a day, 7 days a week, 365 days a year. Access to the EAP confidential helpline staffed by independent advisers with access to specialist counsellors. The helpline provides help with physical, mental, financial and social issues and is available 24 hours a day 7 days a week. The helpline number is 0800 048 2702. Access to hundreds of articles and other resources that will help support your wellbeing via the Employee Assistance Program. Health and lifestyle assessment including Health, Financial, Physical and Social assessments. This is a voluntary screening service, which helps advise employees on their general health including stress.

Pricing

• Price: £0.07 to £0.35 a gigabyte a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A 2 week POC can be requested and provided by CSI.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.billett@csiltd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.