Flat Rock Technology

Content Delivery Network

We cover all phases of cloud application development – from research, through design, development, implementation, maintenance and support.
As part of our services package we provide content delivery analysis, migration of data to cloud storage if needed and content delivery setup, support and maintenance.

Features

• Deep integration - works seamlessly with other cloud services
• Massive capacity - handles sudden traffic spikes and heavy loads
• Developer-friendly - Azure APIs and developer tools are available
• Robust security - mitigates security threats
• Multiple providers - choice of providers like Akamai,Verizon,Microsoft
• Advanced analytics-gain insights by tracking engagement with the content
• Cache static objects using the closest point of presence server
• Accelerate dynamic content as well
• Leverage various network and routing optimizations

Benefits

• Reduce load times
• Save bandwidth
• Speed responsiveness
• Optimize delivery across many scenarios
• Instantly distribute content
• Stream any media - anywhere, at any scale
• Enables fast, localized download
• Delivering high-bandwidth content
• Can be hosted in Azure or any other location

£7.00 an instance a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ran@flatrocktech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

290551116091656

Contact

Ran Berger
07980854961
ran@flatrocktech.com

Service scope

• Service constraints: We need to do initial evaluation of the existing applications, data and infrastructure before proposing the full solution.
• System requirements:
  • Contract with Flat Rock Technology for the specified services
  • Flat Rock Technology is indicated as Digital Partner of Record

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Depends on the severity but in the worst case up to 1 business day.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: SLA for Azure CDN - https://azure.microsoft.com/en-us/support/legal/sla/cdn/v1_0/. ; Support levels (can be client specific and negotiable) and cost are described in the pricing document.; Flat Rock Technology provide technical account manager / cloud support engineers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide onsite training, online training and user documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: They request it and we extract the relevant data.
• End-of-contract process: In general, given no time restriction to the agreement, the end of the contract is marked by a successful completion, i.e. all goals and objectives defined in the contract have been delivered. This leads to client's acceptance of the deliverables and finalisation of all payments.; ; At the end of the contract, and once the client have paid all outstanding amounts, Flat Rock Technology handover all documentation, code and any other IP to the client.; ; In the price of the contract is included the pricing for the corresponding project scope according to the team estimation.; ; Every new, additional work comes at an additional cost after proper task definition and estimation.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can set up the service through the web interface and Flat Rock Technology can do this for them, too (preferred option).; Users, depending on 'Role Based Access' and upon successful authentication, can make changes through the web interface .; There are no limitations to making changes, it is up to the assigned rights and responsibilities.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: The web interface is accessible as a public portal.
• Web interface accessibility testing: It is up to the public Cloud providers we are using.
• API: No
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: The Azure CLI is a command-line tool providing a great experience for managing Azure resources. The CLI is designed to make scripting easy, query data, support long-running operations, and more.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: We use products from the biggest public cloud providers so the users demand can be handled.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft, Amazon

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • The App Service (if applicable)
  • Files, if this is in the scope of the contract
  • Databases, if this is in the scope of the contract
• Backup controls: Users can define different schedules for each resource.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: The connection is secured and encrypted.; Connections with remote management tools like Azure PowerShell, Azure CLI, Azure SDKs, REST APIs, are all encrypted.; All communication over the App Service connectivity features, such as hybrid connection, is encrypted.; Communication of secrets (such as connection strings) between your app and other Azure resources (such as SQL Database) stays within Azure and doesn't cross any network boundaries. Secrets are always encrypted when stored.; 24-hour threat management protects the infrastructure and platform against malware, distributed denial-of-service (DDoS), man-in-the-middle (MITM), and other threats.
• Data protection within supplier network: Other
• Other protection within supplier network: Your app resources are secured from the other customers' Azure resources.; VM instances and runtime software are regularly updated to address newly discovered vulnerabilities.; Communication of secrets (such as connection strings) between your app and other Azure resources (such as SQL Database) stays within Azure and doesn't cross any network boundaries. Secrets are always encrypted when stored.; Connections with remote management tools like Azure PowerShell, Azure CLI, Azure SDKs, REST APIs, are all encrypted.; 24-hour threat management protects the infrastructure and platform against malware, distributed denial-of-service (DDoS), man-in-the-middle (MITM), and other threats.

Availability and resilience

• Guaranteed availability: Depends on the Cloud provider and the Business Tiers.; For Azure: https://azure.microsoft.com/en-us/support/legal/sla/cdn/v1_0/
• Approach to resilience: Available on request.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Multifactor Authentication Process
• Access restrictions in management interfaces and support channels: We use Azure Active Directory in combination with Azure Role Based Access Control.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Multifactor Authentication Process
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Less than 1 month
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Less than 1 month
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas
• ISO/IEC 27001 accreditation date: 06/2018
• What the ISO/IEC 27001 doesn’t cover: The whole ISO 27001 scope is covered with no exceptions.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have an Integrated Management System which combines the requirements of ISO 9001 and ISO 27001. We have defined Security Policies and each employee gets familiar with them when starting his job and then we regularly check if the policies are followed as well as if we can improve the policies. We have a combination of automated and manual reporting.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We manage access to resources and their settings with Azure Role Based access control (RBAC).; https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal; With Azure Active Directory (Azure AD) reports, you can get the information you need to determine how your environment is doing.; Audit logs - Provides traceability through logs for all changes done by various features within Azure AD. Examples of audit logs include changes made to any resources within Azure AD like adding or removing users, apps, groups, roles and policies.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: With regards to the specified services we rely from one side on the vulnerability management process of the cloud providers we use: Microsoft Azure, Amazon AWS. There are provided services which actively monitor and assess potential threads and provide results and suggestions to the users.; From other side we rely on our development and implementation process to provide quality cloud services.; We use Azure DevOps-CI/CD so we can react really fact if new developments or patches need to be deployed.; We get information from the cloud providers and our penetration and security tests.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use Monitoring services from the cloud providers: Microsoft Azure, Amazon AWS.; We respond to incidents depending on the severity.
• Incident management type: Supplier-defined controls
• Incident management approach: We are ISO 27001 certified.; We have defined incident management process described in a respective procedure.; We have systems where users can report incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: Azure runs on a customized version of Hyper-V. It’s fairly close to Hyper-V core in construct or theory, but that’s where all the similarities end. It’s super hardened and stripped down to ensure only signed and authorized components run on top of it.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: We use Microsoft Azure and Amazon AWS

Social Value

• Fighting climate change:

  Fighting climate change

  Flat Rock Technology received a Carbon Footprint assessment Certification and became Carbon Neutral. As a responsible company, we understand the importance of being sustainable and reducing the negative impact on the environment. At Flat Rock Technology, we decided to be carbon neutral to ensure that our output has a neutral impact on the environment. To achieve our goal, we approached Carbon Footprint Ltd that helped us assess our carbon footprint and become carbon neutral by becoming a part of their Gold Standard Carbon Offsetting projects. Calculating and understanding our carbon emissions is just a first step. We aim to reduce the amount of carbon dioxide we emit to minimalize our negative impact. At the same time, we became carbon neutral. Being Carbon Neutral means that we will offset the amount of carbon dioxide our organization is responsible for. With the partnership of Carbon Footprint Ltd, Flat Rock became a part of the Gold Standard Carbon Offset Projects. It gives us the opportunity to fund green projects that bring social, environmental, and community benefits, with the equivalent of how much CO2 we spent.

Pricing

• Price: £7.00 an instance a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ran@flatrocktech.com. Tell them what format you need. It will help if you say what assistive technology you use.