Stone Technologies Limited trading as Converge Technology Solutions

Stone Redstor Cyber Resilience

The Stone Redstor offering provides a full data management suite, that includes; Fully redundant offsite backup; Data Archiving to save primary storage space; Multiple format search and discovery

Features

• Instant Data Recovery
• Secure Cloud Backup and Recovery/GDPR Compliant
• Archiving
• Disaster Recovery
• O365 backups
• Remote Access
• Search and Insight
• Local Copy
• Data Migration
• Centralised Management

Benefits

• Eliminate downtime. Instant Data provides on-demand access to your data
• End delays accessing archived data, whilst reducing primary storage costs
• Meet your recovery targets with instant recovery
• Discover, search and action the entirety of your data
• Stop cloud lock-in. Move data between different clouds and platforms
• Manage hundreds of sites through a single console
• Capita Approved for the protection of SIMS
• Secure, Dual UK Data Centres, Redstor hold ISO 27001/22301/9001

£0.50 a gigabyte

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@stonecomputers.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

267473717960831

Contact

Antony Mellor
08448 22 11 22
tenders@stonecomputers.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Some features not available for older operating systems (2008 original and older).
• System requirements:
  • Windows
  • Macintosh
  • Linux clients available

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our UK-based support team typically respond to queries within minutes. We have a detailed SLA agreement with varying guaranteed response times depending on severity, from 1 hour for the highest severity issues to 48 hours for the lowest severity.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Unknown
• Web chat accessibility testing: Unknown
• Onsite support: Onsite support
• Support levels: SEVERITY RATING ESTIMATED RESPONSE TIME ; Severity 1 - 1 HRS ; Severity 2 - 2 2 HRS ; Severity 3 - 24 HRS ; Severity 4 - 48 HRS ; ; SEVERITY RATING ESTIMATED RESOLUTION TIME ; Severity 1 4 HRS ; Severity 2 24 HRS ; Severity 3 48 HRS ; Severity 4 - TBC ; Severity rating one means that a critical Service is unavailable. The impact on the End User’s business is severe with multiple users unable to perform their normal work, or there is a serious, adverse business or financial impact. The users have no readily available alternative way of performing their normal work. Severity rating two means that a non-critical service is unavailable. There is a minor impact on business. The End User is having difficulty in performing their normal work or can undertake other work whilst the problem is being rectified. Severity rating three means that the Service is impaired. Therefore, there is no direct immediate impact on the End User’s business and its users; though employees are inconvenienced by the problem. End User has readily available alternative ways of performing normal work. Severity rating four means that the End User requires additional services non-critical in nature. Support is provided through a ticket system.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Initial training is provided by web demonstrations from our operations and support team. Full onsite training is also available at additional cost. Full documentation is available in the form of FAQs and manuals available through the support site.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers can restore their data at any time before the end of the contract. Any archived data should be restored/downloaded before the end of the contract.
• End-of-contract process: Data is retained for 30 days following termination. There is no extra charge for this.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The API is developed and maintained by Redstor. Redstor provides an API (RESTful) as part of the service which allows users to perform a variety of actions. This includes the ability to query the storage platform for account information (reporting), provisioning accounts (automated/integrated provisioning) and much more. Further information regarding the use of the Redstor API can be found on our support site in the following user guide: https://partners.redstor.com/system/files/downloads/docs/redstor-backup-pro-v16/backuppro-sp-api-quick-guide-v16-rev1.pdf
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The service provides various customisation options. These include but are not limited to; 1) Ability to customise collection/group structure. - Customer controlled via the management console 2) Ability to customise backup selections - Customer controlled via the management console/local agent 3) Ability to customise backup schedules - Customer controlled via the management console/local agent 4) Ability to customise features and functions that are used - Customer controlled via the management console/local agent 5) Ability to customise email reporting - Customer controlled via the management console/local agent 6) Ability to request custom reports. - Customer requested via support channels (email/telephone/form submission) and actioned by Redstor's support team.

Scaling

• Independence of resources: As part of our adherence to ISO27001 (Information Security) and 22301 (Business Continuity) we maintain a Capacity and Storage Management Policy. This policy outlines how we manage capacity and storage for all our critical systems. We proactively monitor all platform components to ensure optimum service delivery and availability. The platform is designed with scale in mind and can be scaled up as required to meet the demands of our customer base. We also have load balancing in place to ensure that service degradation does not occur as a result of increased demand for our services.

Analytics

• Service usage metrics: Yes
• Metrics types: A variety of metrics are available in user configured dashboards and reports (automated or ad-hoc). These include total data stored in the cloud, data selected on client machines, rate of change per backup, backup duration, backup outcomes etc
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Redstor

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Backed up data can be downloaded directly or shipped on a NAS or USB device. The recovery process can be done in a variety of ways, for example browsing the backup and drag/drop individual files, streaming recovery or even recreating entire machines through bare metal recovery or as virtual machines using our Instant Data system. These options can be selected by the user from the recovery interface. More information on the recovery methods available can be found at support.redstor.com
• Data export formats: Other
• Other data export formats:
  • Original format (files and folders)
  • VHD/VHDX/VMDK virtual machine
  • Bare metal recovery on similar hardware
• Data import formats: Other
• Other data import formats:
  • Any file type can be backed up
  • Full server/workstation backups can be performed

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: If REDSTOR fails to achieve the Services Level Targets specified for the Services above, and if the End User requests REDSTOR to do so within five (5) Business Days after the target is not met, the End User may claim a credit (up to a limit of £1000 per month) based on the monthly recurring charge for the Services (excluding any variable charges) calculated as a percentage as follows: Services availability in a given Month Rebate (% of monthly recurring charge) (“MRCs”) Less than 99.5% and greater than or equal to 98.0% 25% Less than 98.0% and greater than or equal to 95.0% 50% Less than 95.0% 75%
• Approach to resilience: Redstor uses accredited UK based datacenters for our cloud product. Each server uses RAID6 for customer data, allowing two simultaneous disk failures without any data loss, and each server is mirrored to produce a second identical copy of the backup data in a separate datacenter. These datacenters are in physically separate locations to insure that in the event of even a large scale disaster the service will not be interrupted. Examples of the certifications for the datacenters we use are: PCI DSS SSAE 16/ISAE 3402 SOC-1 Type II FACT ISO27001
• Outage reporting: Our management console and dashboard application is available to all authorised users, and there is an API should other monitoring be required. Planned maintenance windows are announced by email in advance.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access to the management console is restricted via user accounts which are password protected. Each authorized user can be provided with a username and password which they can then use securely login to the management interface. Access to the support portal is twofold. Content defined as "public" is not restricted and can be accessed/consumed without the requirement for a unique login. For users to check the status of existing tickets via the portal login is required. This too is password protected and available to authorized users only.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DAS Certification
• ISO/IEC 27001 accreditation date: 23/01/2018
• What the ISO/IEC 27001 doesn’t cover: All UK services are covered by the 27001 certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Redstor have put in place an Information Security Management System (ISMS) in order to ensure that all Information and Systems will be protected against data loss, unauthorised access and disclosure. The ensured confidentiality, integrity and availability of all processing services, both internal and external are of the utmost importance. Redstor consider Information Security aspects as a top priority for customer confidence and the protection of the brand. Redstor are committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout the organization, in order to preserve its assets, legal, regulatory as well as contractual, compliance and image. Redstor is committed to providing a service according to client’s expectations, ensuring that we take all aspects of Information Security in delivering our services to our clients. It is the policy of Redstor to commit and maintain an ISMS designed to meet the requirements of the current ISO27001 standard in pursuit of its primary objectives. In order to drive continual improvement within the ISMS Redstor set objectives on an annual basis as part of the Management Review Process. All objectives are communicated to all staff and include key responsibilities, timescales and appropriate measures of success.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: As part of our adherence to ISO 27001, Redstor maintains a Change Management Policy and a Network Management Policy. The Change Management Policy stipulates that updates to hardware (including firewalls, routers, and switches) will take place as and when necessary to ensure the security vulnerabilities are patched at the earliest available opportunity having ensured the appropriate due diligence (research and testing) has taken place first. Changes are discussed, approved and tracked through to completion using our change management process to ensure any potential risks are minimised. Changes are also documented and audited within the Change Management System.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: As part of our adherence to ISO 27001, Redstor maintains a Change Management Policy. The policy stipulates that updates to software and hardware will take place as and when necessary to ensure the security vulnerabilities are patched at the earliest available opportunity having ensured the appropriate due diligence (research and testing) has taken place first. Changes are discussed, approved and tracked through to completion using our change management process to ensure any potential risks are minimised. Changes are also documented and audited within the Change Management System Redstor also operates a weekly risk meeting to discuss vulnerabilities/risks in depth.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We routinely review audit logs from each of our systems to ensure compliance with our security policies in adherence to ISO27001. We maintain/monitor each of our systems on a daily basis ensuring up-time and sufficient capacity as per our capacity planning and storage management policy. We maintain 24/7/365 monitoring of all production systems. Redstor also maintains a Malware Protection Policy and a Management of Technical Vulnerabilities Policy. Redstor uses a variety of controls to reduce the risk of virus infection of our systems/services. Redstor also provides security awareness notifications/training to staff to ensure that such risks are minimised.
• Incident management type: Supplier-defined controls
• Incident management approach: In adherence to ISO27001, Redstor maintains an Information Security Incident Policy. The policy details this at length. Herein is an extract: Employees report the security incident to the Technical Department via the Helpdesk, phone or email; the IMS Representative will then raise an Improvement Form, if the incident is considered to be minor. On form completion the IMS Management Representative will conduct the requisite investigation or the Technical Department will investigate and fix the problem. If required, the incident will be escalated to a Director. The Improvement Process should be followed in this instance. Further detail can be provided.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Redstor recognises the importance of protecting the environment and is committed to tackling climate change. As part of our commitment, we consider our impact on the environment and the possibilities for reducing our carbon footprint. Where possible, Redstor seeks to implement initiatives that are complimentary to our business objectives and have a positive effect on the environment. Additionally, it is our policy to ensure that we:; • Integrate the consideration of environmental concerns and impacts into all of our decision making and activities.; • Promote environmental awareness among our employees and encourage them to work in an environmentally responsible manner.; • Train, educate and inform our employees about environmental issues that may affect their work.; • Reduce waste through re-use and recycling and by purchasing recycled, recyclable or re-furbished products and materials where these alternatives are available, economical and suitable.; • Promote efficient use of materials and resources throughout our facility including water, electricity, raw materials and other resources, particularly those that are non-renewable.; • Avoid unnecessary use of hazardous materials and products, seek substitutions when feasible, and take all reasonable steps to protect human health and the environment when such materials must be used, stored and disposed of.; • Where required by legislation or where significant health, safety or environmental hazards exist, develop and maintain appropriate emergency procedures.; • Communicate our environmental commitment to clients, customers and the public and encourage them to support it.; • Strive to continually improve our environmental performance and minimise the social impact and damage of activities by periodically reviewing our environmental policy in light of our current and planned future activities.; • Review our policies for continued suitability as part of the Management Review.

  Covid-19 recovery

  Redstor is committed to doing its part in relation to post COVID-19 pandemic recovery efforts. Redstor has throughout the pandemic continued to invest in its people, its products and its services to improve the post COVID-19 outlook for our employees, customers, and the wider community. Redstor believes its commitment to investment along with many other organisations within the United Kingdom will help drive recovery both social and economic.; We are committed to ensuring safe working environments for all our staff to help prevent the spread of COVID-19. Furthermore, we continue to follow government guidance and have support mechanisms in place should our staff wish to use them.

  Tackling economic inequality

  Redstor aims to tackle economic inequality through several initiatives. Most notability through effective supplier management ensuring that we only work with likeminded suppliers with standards of excellence for ethics and that maintain good working practises within the countries in which they operate. Redstor also maintains a zero-tolerance policy towards modern day slavery wherever it may occur.; Additionally, Redstor has a responsibility to adhere to the Corporate Criminal Offence of the Failure to Prevent the Facilitation of Tax Evasion (‘CCO’). Therefore, Redstor take a zero-tolerance approach to tax evasion; this type of conduct is absolutely prohibited whether committed or facilitated by employees or anyone else acting on Redstor’s behalf. This legislation makes all persons liable for tax activities not just company owners/Directors. In order to comply with the legislation tax activities have been risk assessed within Redstor.; All staff are responsible for carrying out tax activities in an honest manner in accordance with legislation and reporting any issues or potential facilitation of tax evasion to top management as soon as possible. Failure to comply could result in disciplinary action.; Furthermore, Redstor maintains a zero tolerance policy towards money laundering and is committed to ensuring that effective systems and controls are in place to safeguard against such activities. Redstor also complies with the legislation pertaining to money laundering and the proceeds of crime where applicable.

  Equal opportunity

  Redstor is an equal opportunity employer and is committed to the implementation and maintenance of employment practices which will ensure that no potential or current employee is treated less favourably on the grounds of gender, sexual orientation, marital or family status, race, nationality, ethnic or national origin, religion, age or membership of the travelling community, colour or physical condition, nor is disadvantaged by the application of any rule, condition or requirement which cannot be justified in either job related terms or as a requirement of law.

  Wellbeing

  Redstor is committed to protecting the health and safety of all individuals affected by our activities, including our employees, customers and the public. Redstor will provide a safe and healthy working environment and will not compromise the health and safety of any individual. Redstor provides a number of wellbeing initiatives for its employees and periodically reviews these initiatives to ensure relevance and value are maintained.

Pricing

• Price: £0.50 a gigabyte
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full use of the service for a limited time period – usually two weeks

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@stonecomputers.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.