VaraTech

Cloud Hosting Services

Backing up of data and restoring in case of disaster
Platform as a Service
Infrastructure and platform security

Features

• Chain Free Backup
• Recovery Points from 15 minutes
• Protection from Ransomware
• Backup of Physical or virtual machines
• Monitoring of network activity
• Network security using software applications

Benefits

• Quickly recover from a disaster
• Minimise data loss against Ransomware
• Secure devices against malware and malicious threats

£200 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rohin@varatechuk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

291644322384069

Contact

Rohin Vara
02039208886
rohin@varatechuk.com

Service scope

• Service constraints: Server maintenance - Backups will occur everyday. Periodic updates installed after hours (Typically between 20:00 - 05:00); ; Yearly servicing of Pc's and Laptops; ; Software vendor maintenance - performed by the software vendor usually after hours (20:00-05:00)
• System requirements: Windows 10 Operating System

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are within 6 hours including weekends via email. An online ticketing system will be available in Q4 2022.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Level 1 - Pay As You Go - Charged at an hourly rate whether over the phone, email or onsite; ; Level 2 - All You Can Eat support - charged as a monthly fee per user, per month. Will cover any support except parts.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We can provide online and onsite training with a group or 1-2-1. Most vendors have documentation in order to help with using their product.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We will work with the new provider to seamlessly migrate data/tenancies to them.; We can also provide access to the services for an extended period of time, after the end of the contract, so that the users can extract the data themselves.; As a last resort, we can securely extract data to a physical hard drive.
• End-of-contract process: Included in the contract price will be the cost of services taken by the buyer/user.; Not included are additional project costs, Pay As You Go maintenance fees, parts for computers. We can also provide data destruction (software or physical) at an additional cost, if needed.; At the end of the contract, any leased equipment will be returned to us.; We will work with the new supplier to transfer services to them.; There may be additional labour charges for the time spent migrating any data.

Using the service

• Web browser interface: Yes
• Using the web interface: We can provide a portal for users to request and provision services. ; The service will allow the up-scaling or down-scaling of most services. ; Any requests have to be approved by us before they are supplied.; Users can see billed services
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Users can request and provision new or additional services for their users.; The request will have to be approved by us before it is actioned.; Users can view their billing for each service that they have with us.
• Web interface accessibility testing: None
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Services are typically restricted by the internet connection of the user. We use data centres who provide 99.999% uptime. Service usage is planned prior to the service going live (in the case of servers) and the server/service can be increased (or decreased) as necessary.; Each buyer/user will have their own dedicated (not shared) infrastructure.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
  • Other
• Other metrics:
  • Infected machines
  • Machines needing software updates
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Axcient, Microsoft, SentinelOne, ESET, DropSuite, Keeper Security, UKFast, Avanan, KnowBe4

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files and Folders
  • Servers
  • Pc's/Laptops
  • Virtual Machines
• Backup controls: Users don't control what is backed up for security and Disaster Recovery reasons. We will perform all backups on the agreed schedule with the users.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: 256-bit AES encryption; SHA256 and above
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: 256-Bit AES; SHA256 and above

Availability and resilience

• Guaranteed availability: 99.999% up-time from data centre's.; If services are unavailable for 30 days, then we will issue a refund for the 30 days.
• Approach to resilience: Available on request
• Outage reporting: A dashboard and a status update page; Email alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: This will be done via the user profiles. Access to certain privileges will be dependent on the users role within the organisation
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Security governance is handled by the 3rd party supplier and include (but not limited to) ISO 27001, ISO 9001 and Cyber Essentials Plus Certification,
• Information security policies and processes: All reporting is made directly to the CEO/Owner of the supplier. They, along with the 3rd parties, are responsible for the adherence of policies. This includes (but not limited to) policies affecting Access Control, Computer access, Application access, network access and removable media and

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We follow the following process for change and configuration management: -; 1. Identify the change, 2. Identify the details of the change, 3. Plan the approach, 4. Implement, 5. Monitor.; Any changes are assessed for security impacting on such things as the user, the network, the device and user underdtanding.; Services are typically tracked through vendor online portal given user usage.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use threat monitoring software to alert us to any potential threats. It is AI driven so it automatically updates threat risks to prevent them. All threat information is found in our security dashboard provided by the vendor.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have monitoring software which alerts us to unusual activity on a network. Software can also log login attempts (failed and successful). Software can see where the attempted logins occurred in the world. Any compromised systems are immediately taken offline and investigated further. A network scan is also conducted to identify any other compromised systems. Compromised systems can be rolled back via previous backups. Incidents are responded to within 2 hours.
• Incident management type: Supplier-defined controls
• Incident management approach: We monitor activity on a users network. If a user has to report an incident, this can be done via ticket, email or telephone. Incident reports can be provided upon request via email to the user.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: UK Fast, FastHosts
• How shared infrastructure is kept separate: They are given a dedicated server for their needs. Virtulisation occurs within this infrastructure.; ; Public cloud virtualisation is managed by the 3rd party

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: The data centre has the the ISO 14001:2015, PAS2060 certification and is certified as carbon neutral, and compliant with the Energy Savings Opportunity Scheme

Social Value

• Fighting climate change:

  Fighting climate change

  We currently use carbon neutral data centres based within the UK. We recycle 100% of old computer equipment which we collect when we replace them. We utilise cloud based servers to ensure there are no additional electricity costs for us as a company or for our clients.
• Tackling economic inequality:

  Tackling economic inequality

  We work with recruitment and HR companies to ensure that all team members (current and new) are compensated in line with agreed industry salaries according to skill and competence. This is reviewed on a yearly basis. We also have links to training providers to ensure all staff have the opportunity to upskill based on the career path which they want to take.
• Equal opportunity:

  Equal opportunity

  For skills and pay - we work with recruitment and HR companies to ensure that team members are compensated in line with industry salaries according to skill and experience.; For team members with disabilities - We allow all staff the option to work remotely. Therefore, team members are not restricted in the performance of their work as they can work in the comfort of their home environment without the need to commute.; For training - we offer every team member the opportunity to upskill based on their career path and their desire.
• Wellbeing:

  Wellbeing

  Staff are encouraged to work from home. As long as key goals are met, team members can structure their day accordingly. There may be an opportunity in the future for team members to work 4-day weeks.; Team members are encouraged to remove themselves from their work space and to engage in some form of exercise.

Pricing

• Price: £200 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Not all services, It is vendor specific. Usually 30 days full trial of software/services

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rohin@varatechuk.com. Tell them what format you need. It will help if you say what assistive technology you use.