Digital Craftsmen Limited

Fully Managed Drupal Cloud Hosting

Fully-managed, highly-secure Drupal cloud hosting for public and third-sector organisations who want complete peace of mind with their cloud infrastructure. Supported by a 24/7/365 UK-based service desk, full ITIL documentation, a 99.95% availability guarantee, fully qualified architects and a dedicated account manager.

Features

• Fully-qualified Drupal expertise, ITIL documentation, UK-based support, 99.95% availability
• Tailored procurement or financing solutions
• Fixed price contracts available using credits
• Incident management, on-hand support, rapid deployment
• ISO 27001 and Cyber Essentials accredited
• Platform-agnostic hosting (AWS/Azure/GCP/etc.), scalable, secure and redundant infrastructure
• Data can be hosted securely in the UK region
• One bill to pay - support and infrastructure together
• Proactive monitoring for critical application workloads
• Proven track record with public sector projects

Benefits

• Flexible cloud hosting managed by a team of certified engineers
• A range of procurement models to support your buyer needs
• Deployment planning workshops to help you define the requirement
• Pay-as-you-go and fixed price models supported (Reserved Instances, etc.)
• 24/7 support available for mission-critical applications
• Security, intrusion detection, firewall and encryption supported
• Helping your department or project to remain GDPR compliant
• Suitable for any website, application or database needs
• Establish hybrid or multi-cloud solutions where needed
• Additional discounts available for public sector customers

£95 to £245 a virtual machine a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simons@digitalcraftsmen.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

288936822248391

Contact

Simon Stewart
020 3745 7706
simons@digitalcraftsmen.com

Service scope

• Service constraints: Support package must be included with any infrastructure with the appropriately selected Service Level Agreement e.g. Critical.; ; Digital Craftsmen will provide a minimum of 24 hours' notice for any planned maintenance necessary to safeguard the integrity of any systems or applications we are hosting on behalf of public sector buyers.
• System requirements:
  • Choice of Operating System (Linux, Windows, RHEL, etc.)
  • Estimated RAM, CPU and Storage required
  • Unlimited Virtual Machines or Instances
  • Choice of Region or Availability Zones
  • Firewall with up to date ACL recommended
  • Essential, Growth or Critical Support Packages

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 1) Major & Critical Support - 24/7; 2) Critical Support - 24/7; 3) Business Hours - Monday to Friday, 09:00 - 17:00
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Chat client compliance with WCAG 2.0 standards. Chatbox is navigable by keyboard using screen reader software.
• Onsite support: Yes, at extra cost
• Support levels: Tier 1 - Response to requests during normal business hours in the event of a disruption including daily backups of your data. This service also includes standard security including basic monitoring and capacity reporting. Services on the level of office productivity tools, required for business to operate.; ; Tier 2 - Incorporating all the benefits of our Essential package, plus 24/7 critical support and resiliency designed to minimise any reasonable risk. Advanced monitoring to provide hardened security to defend your website against defacement and hacks. A target of 99.9% uptime to keep your site up and running. Rollback from 12 to 24 hours with a smooth recovery. Including incident reporting and configuration setup and management. Contributing to efficient business operation but out of direct line of service to customer.; ; Tier 3 - In addition to all Tier 2 services: business service monitoring, project management, and a disaster recovery time measured in minutes. A proactive role taken in preparing your business for the future, including designing business processes focused on protecting your data. A mission critical service that requires continuous availability. ; ; Management Procedures, Email, Database Administration, Monitoring, Troubleshooting, Security, Configuration, Change Management, Domain Management, Backup, Migration, Application Management
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Typically, we start with a Discovery Workshop where we are able to accurately scope and define your technical requirements. Once your cloud infrastructure environment has been defined and made available to the customer we are happy to provide remote or on-site training with accurate documentation for our users. We typically operate the infrastructure on behalf of our public sector customers and provide access to the applications or development environments they require for their use case.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Public sector customers remain in control of their own data. Upon termination of the contract, the data may be transferred to a storage medium best suited to the customer or downloaded on request (depending on the type of data and the storage size requirements). It may also be appropriate to use long-term data archiving which we offer.
• End-of-contract process: At the end of the contract, a customer handover document is provided with any necessary migration recommendations to a new provider or a shut-down workflow if the project is complete and the infrastructure no longer needed. A ticket would be opened and our support team would work with the public sector buyer closely to ensure that any data is preserved and returned in accordance with this agreement.

Using the service

• Web browser interface: Yes
• Using the web interface: Customers can log tickets and view progress.
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: Available with screen reader and supports accessibility options.
• API: Yes
• What users can and can't do using the API: Programmatically using Chef, Puppet, Automator and other tools to access web services across AWS, Azure or GCP. API access is managed on behalf of the client where the supplier has direct API access to the hosting environment which can be exposed as necessary to clients. API available for Request Tracker where internal ticketing system integration is required - available upon request.
• API automation tools:
  • Ansible
  • Chef
  • Terraform
  • Puppet
  • Other
• Other API automation tools:
  • AWS CloudFormation
  • Azure Blueprints
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • Other
• Using the command line interface: SSH access available or other CLI tools operated on behalf of the client. Access to infrastructure made available to developers or other systems administrators upon request.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Dedicated hosts are available for each client and users may define the tenancy for their applications. Where managing customers on public cloud providers such as AWS or Azure, capacity management and separation of hosts is managed by the vendor. In private/hybrid cloud environment, zero contention maintained by Digital Craftsmen on our infrastructure.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Amazon Web Services, Google Cloud Platform, Microsoft Azure

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Databases
  • Virtual Machines
  • Websites
  • Objects
  • Containers
  • Files / File Stores
  • Applications
  • Other
• Backup controls: Users are provided with backup, replication and disaster recovery options at the time of onboarding to define what level of redundancy they require. Users may increase or decrease the frequency e.g. from hourly to weekly of their backup cycles in line with it's Recovery Point Objective.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.99% network uptime guarantee on our private cloud and response times to incident response guaranteed with service credits available in the unlikely event of us failing to meet SLA requirements.; ; For priority support:; Standard - 2 hours; Major - 1 hour; Critical - 30 minutes
• Approach to resilience: Private cloud has no single point of failure. Additional measures for redundancy and business continuity provided as part of our standard service. Additional information available upon request.
• Outage reporting: A public dashboard, email alerts and Slack notifications.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Customers will be provided with a username and password to access support channels through Request Tracker (encrypted with TLS).; ; Management interfaces only accessible via VPN connection.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: 30/01/2018
• What the ISO/IEC 27001 doesn’t cover: - Third party client infrastructure not directly covered e.g. a customer's third party appliances or servers in our datacentre
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Complying with PCI-DSS standards
  • Certifications from AWS or Azure available directly from vendors

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus; ISO 27001:2013
• Information security policies and processes: - Digital Craftsmen operates an Information Security Management System (ISMS) in accordance with ISO 27001.; - All staff are cleared with background checks and criminal background checks with their employment history and proof of identity above Baseline Personnel Security Standards (BPSS clearance).; - Only designated systems administrators have secure access to client environments with identify and access management tightly controlled.; - Regular security audits are performed by our technical team, including penetration testing, intrusion detection, firewall updates, anti-virus, encryption, patching and additional IT security measures.; - Digital Craftsmen operates an Information Security Forum at which vulnerabilities, security incidents and other threats are monitored and subsequently addressed in accordance with out ISMS policies.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Capacity Reporting - Service and resource usage and performance Reported on in monthly reviews; Change Management - To ensure that standardised methods and procedures are used for efficient and prompt handling of all changes, in order to minimise the impact of change-related incidents upon service quality All non-standard changes are follow the Change Management Procedure and are reported on fully.; Capacity Planning - Gives different scenarios for predicted business demand and offers costed options for delivering the service-level targets specified ; Collect, analyse and propose a capacity improvement plan directed by: capacity shortages, forecast, adjustment, reserves and monitoring.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Secure VPN - Adding security and privacy to private networks and the sharing of data over public networks. VPN Access can be restricted using firewall rules dependent on your requirements.; ; Managed Firewall - Managed firewall services based on a hardened Linux image running IP Tables. Initial access is limited to only web traffic and any changes to firewalls are strictly controlled by your approved authorisers. ; Clustered HA configured firewalls are also available for near-zero downtime demands. ; ; Additional Processes; Operating System Patching, Middleware Patching, Anti-virus, User management, Access control across multiple platforms and applications; Certificate/ Key Management Deployment Directory Services.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Depending on Essential, Managed or Critical Support SLA.; ; 1 - High; - All users of a specific service ; - Personnel from multiple agencies are affected; - Public facing service is unavailable; - Any item listed in the Crisis Response tables; ; 2 - Medium; - Multiple personnel in one physical location; - Degraded Service Levels but not processing within SLA constraints or able to perform only minimum level of service; - It appears cause of incident falls across multiple functional areas"; ; 3 - Low; - One or two personnel; - Degraded Service Levels but still processing within SLA constraints
• Incident management type: Supplier-defined controls
• Incident management approach: Incident reporting - Incidents can be investigated and reported on through a post-incident report. The service desk assigns a category and priority to service requests in accordance with the SLA, providing a measurable and consistent service.; ; Incident Triage - Conduct investigation of alerts and reported incidents to determine cause. Escalate to client or internal team as appropriate; ; Incident Resolution - Own resolution of incident and restoration of service; ; Problem management - Ownership of recurrent incidents to identify and rectify root cause; ; Severity/impact; defined by SLA: response within 2 hours to 30 minutes, resolution of 4 or 8 hours respectively.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Customers are separated by VLAN. Multiple firewall levels. Customers may request their own tenancy options e.g. dedicated hosts.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Information available upon request.

Social Value

• Fighting climate change:

  Fighting climate change

  a
• Covid-19 recovery:

  Covid-19 recovery

  a
• Tackling economic inequality:

  Tackling economic inequality

  a
• Equal opportunity:

  Equal opportunity

  a
• Wellbeing:

  Wellbeing

  a

Pricing

• Price: £95 to £245 a virtual machine a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Proof of Concept and Limited Time Trials available.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simons@digitalcraftsmen.com. Tell them what format you need. It will help if you say what assistive technology you use.