Automation Consultants

Managed Services by Automation Consultants

Automation Consultants provides Managed Services to host applications, provide troubleshooting support and active maintenance and patches. AC offers migration services, custom architecture and tailored access to applications and a choice of hosting platform with ongoing support. Holistic support including continuous health checks resulting in regular reports and optimisations

Features

• Troubleshooting in the event of problems or failures
• Active maintenance of applications
• Days allocated for small improvement projects or configuration changes
• An initial systems inventory and review
• Customisable support package
• Data Residency as required
• Secure physical environment
• Custom infrastructure design and architecture
• Choice of all major operating systems
• Choice of all major databases

Benefits

• Permits applications which must be UK hosted
• Ownership not subject to foreign jurisdiction
• Customisable physical and data access arrangements
• UK-based support and helpline
• Full, no-downtime, migration service, no effort required
• Intelligent Cloud design from infrastructure experts
• Heightened and customisable Cloud security
• 24/7 support available

£10 a virtual machine

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@automation-consultants.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

264689051670842

Contact

Francis Miers
+44 01189323001
info@automation-consultants.com

Service scope

• Service constraints: None
• System requirements: None, AC can be flexible on this

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLAs are bespoke and can be tailored to individual customers' needs. Our highest tier of support offers a 15 minute time to response for Level 1 incidents.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is bespoke based on customer requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Automation Consultants can provide onsite training, online training and user documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: AC will provide a CSV file containing all customer data.
• End-of-contract process: A CSV file containing all customer data will be provided on request at the end of the service. Any additional activities required of Automation Consultants may be charged for.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Automation Consultants monitors resource utilisation on its servers. If resources are close to maximum utilisation, the resources are increased. Slow performance due to unmet resource requirements stemming from volume of utilisation has not been a problem to date.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest: Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Virtual machines
  • Databases
• Backup controls: By arrange with service provider
• Datacentre setup: Single datacentre with multiple copies
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Controlled access to data network.

Availability and resilience

• Guaranteed availability: Typical uptime is 99.9%. There are no set compensation arrangements for outages.
• Approach to resilience: Twin application and database layer nodes. Offsite backup in case of disaster.
• Outage reporting: Alerts are passed automatically by mobile app to AC staff.

Identity and authentication

• User authentication:
  • Username or password
  • Other
• Other user authentication: VPN or IP filtering available
• Access restrictions in management interfaces and support channels: At an application level, privileged access is allowed to users who are designated as managers on particular projects. For access to infrastructure level settings, access is restricted to a small number of named individuals. Two-factor authentication is required to access these resources.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 14/12/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Credit card transactions are performed via Stripe

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: The Chief Technology Officer, reporting to the board, co-ordinates security. Security decisions are taken by the CTO in consultation with the board.
• Information security policies and processes: A set of security policies documented internally is followed, based on industry best practice. The policy is administered day to day by the CTO. Major decisions are taken by the CTO in consultation with the board.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Major changes must be approved by the board and documented. All changes are reviewed for security among other factors. The application documentation is used to track components through their lifetime.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats are assessed by internal analysis and by monitoring user feedback. So far no vulnerabilities have been reported by users. Patches are deployed overnight if it is considered by the board that there is a security vulnerability to be fixed.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring for potential compromises is performed through logs and alerts. On finding a potential compromise, the evidence is assessed by the CTO and other relevant staff to determine whether a compromise really occurred or not. If a potential security compromise is identified, A patch is normally put in place within 24 hours.
• Incident management type: Supplier-defined controls
• Incident management approach: A common process is followed for most events. Users may report incidents by email, telephone or the company's JIRA-based service desk. Incident reports are provided ad hoc and on demand.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: Separate VM, dedicated VLAN preventing traffic flow between organisations and control to network resources using Active Directory security

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: AC Data Centres follow the standards set by the EU Code of Conduct.

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Automation Consultants’ Cloud services facilitate and promote means of remote working, helping our customers to connect with teams across great distances and remove the need to for unnecessary travel. Tangible reductions in carbon emissions can be traced through use of the tools we support, for instance Atlassian Jira Software or monday.com, which allow teams to work together remotely without face-to-face interaction. The cloud hosting of the software systems and solutions that Automation Consultants provides also contribute to an overall reduction in carbon footprint. This can be seen through the more efficient storage of data on Cloud hosting suppliers such as AWS and MS Azure when compared to local hosting solutions and in-house data centres. Within our own organisation, staff still work remotely most of the time. Many of our projects that would have once been on-site are now performed remotely including internal projects. This has resulted in a net-reduction of thousands of miles of weekly travel through commuting and off-site visits. Automation Consultants also has a Carbon Reduction plan which commits AC to net zero by 2035. This extends to our services. A copy of this policy can be shared upon request.

Pricing

• Price: £10 a virtual machine
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@automation-consultants.com. Tell them what format you need. It will help if you say what assistive technology you use.