Alfresco Hosting
Alfresco is a secure open source Content Management System designed for enterprise level businesses with complex requirements. Axis12 is an ISO 27001 certified company, providing cloud-based web hosting services since 2005. Our Alfresco hosting service provides a resilient and scalable infrastructure designed to service critical digital services and applications.
Features
- Alfresco hosting from Tier 3 UK based data centre
- Alfresco hosting is ISO 27001 accredited, best for security
- Alfresco hosting PCI DSS compliant, bearing the BSI Kitemark
- Independent testing regularly takes place to ensure security compliance
- Multiple environments available (Development, Test, Staging, Production)
- Comprehensive monitoring and reporting
- Alfresco hosting is Intrusion Detection System (IDS) protected
- Choice of multiple UK data centres for Alfresco hosting
- Amazon/Azure/Platform.SH hosted option available upon request for Alfresco hosting
- Edge caching and Content Delivery Network (CDN) provided
Benefits
- Alfresco ECM provides robust and scalable architecture
- Axis12 provide seamless integration to Alfresco development workflows
- Axis12 are experts in open source and follow best practice
- Alfresco instances are available on demand
- Axis12 offer flexible configuration based around your requirements
- 24/7 support option is available
- Disaster Recovery and BCP available as standard
- Data centres staffed by security, technical and network staff 24x7x365
Pricing
£215 a unit a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
3 0 6 2 0 5 2 8 5 6 5 5 5 6 0
Contact
Axis12 Limited
Luke Harrop
Telephone: +44 (0) 203 397 8514
Email: tenders@axistwelve.com
Service scope
- Service constraints
- No known constraints. All OS and hardware configurations supported
- System requirements
-
- KVM or Docker based virtual machines
- Linux or Windows based operating system
- Base unit = 2 x CPUs and 2GB memory
- Any number or combination of base units allowed
- Alfresco and any other application licenses paid for by client
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Acknowledgement of questions raised in a support ticket is conducted within 5 minutes. Tickets are triaged and actioned in accordance with our strict SLAs, which range from 60mins through to 5 business days depending on the urgency and severity of the issue.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- Axis12 use Olark for web chat communications. Olark is independently verified for accessibility.
- Onsite support
- Yes, at extra cost
- Support levels
- Axis12 provide a range of different support ranging from 24/7 x 365 through to Core hours: Office hours (08:30 – 17:30 Monday to Friday on standard UK business days). Costs vary depending on level of service required and staff type. Every client will have a named account manager experienced in diagnosing and directing requests to the correct resource.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
This first step we take during on-boarding is to create a support project in our back-office support system (Jira). You will need to supply us with a primary contact (through which all change requests will be routed)
plus one or more email addresses for alerts and tickets. Training in how to use Jira for logging tickets will be provided as part of the on-boarding process.
We will confirm your architecture requirements and your servers will then be commissioned and configured.
Provisioning generally takes anywhere from 2-3 hours up to 2-3 days depending on the complexity of your requirements. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- This can be provided by logging a support request with the team.
- End-of-contract process
- Off-boarding involves removing all accounts associated with back-office systems involved in your deployment and securely deleting all data held in line with our ISO 27001 processes. We can provide an archive of all support tickets if requested. Data held on the servers can be packaged and delivered on request although this may incur a small fee. We will also securely delete all tickets in the Jira project we created for you.
Using the service
- Web browser interface
- Yes
- Using the web interface
-
For non-production environments "Podium" is Axis12’s proprietary container based hosting platform, with a web interface that allows seamless delivery of code deployment through to realtime infrastructure build.
Built on leading Enterprise class open source technology, it is a ‘no Ops’ solution to building scalable and performant infrastructure on demand and can save development teams countless hours and delays through no longer having to rely on DevOps to build and deploy code to virtual servers.
For production servers, pre-configured "Jenkins" jobs, available via a web interface can be made available should the client wish to have control over live deployments. - Web interface accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web interface accessibility testing
- None, but planned for 2022
- API
- Yes
- What users can and can't do using the API
- There is, but it is only made available on request and subject to certain conditions.
- API automation tools
-
- Ansible
- Chef
- Terraform
- Puppet
- Other
- Other API automation tools
- Jenkins
- API documentation
- Yes
- API documentation formats
-
- HTML
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Other
- Using the command line interface
-
For non-production servers we provide a command interface that can be accessed through a web interface and so is accessible via any OS and any browser.
For production servers, unless explicitly requested the command line interface is for Axis12 DevOps staff only. However we are able to provide access via VPN if required and subject to certain conditions.
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- Network separation, pinned resources with hosts, strict allocation of resources on underlying hosts.
- Usage notifications
- Yes
- Usage reporting
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Hardware containing data is completely destroyed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Files
- Databases
- Configuration
- Backup controls
- Users can backup at different times and frequency depending on client need
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users contact the support team to schedule backups
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
99.95% uptime as standard. Higher uptime guarantees on request.
Support for Level 1 issues and planned Support Requests (Levels 2-5) where agreed in advance. An out-of-hours telephone number is provided for The Customer to escalate any Level 1 issues. The Supplier will respond to and action any Level 1 issues in accordance with the response targets.
Hosting and infrastructure issues will be actioned within the resolution targets.
Level 1 issues caused by an application or content change made within non-Core hours will be actioned on a best efforts basis. Outages caused by these issues will be exempt from the uptime measurements and Service Level Credit calculations, and the support services may be chargeable. - Approach to resilience
- Resilience is provided across our Priority 1 systems through load-balanced firewalls and switches,multiple reverse proxy servers with automatic failover capability, multiple high-availability webservers and a scale-out NAS file system.
- Outage reporting
-
Our monitoring systems produce email alerts in near real-time.
A ticket is automatically created in our web based ticketing system called Jira. Client is also telephoned immediately. Investigation commences, and any updates to the Jira ticket (at least one every 15 minutes in the case of an outage) triggering update emails to client.
Month end reporting will show full duration and detail of any outages based on monitoring and Jira statistics.
By tracking all support activity through Jira and giving our client full access we provide you with total transparency over the way an issue is being handled and report on our activities against the service level agreement each month.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Two factor authentication, IP White list, VPN
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
- Dedicated device over multiple services or networks
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 02/03/2020
- What the ISO/IEC 27001 doesn’t cover
-
Scope Statement
Axis12 ISMS encompasses all aspects of the organisation’s business and operations in support of discharging their obligations as defined in the Service Agreements with their clients from their London site, with hosting services provided in UK based datacentres and Amazon Cloud Services based in EA. This includes software development, hosting, support and training, the provision of consultancy and all other defined service offerings together with the associated supporting business processes.
Exclusions
Recruitment services are not currently in scope as they are not relevant to our certification. - ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- ISO27001
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Axis12 have been ISO 27001 certified (certification no. 598644) for more than three years and work closely with a CLAS certified consultant who ensures our processes meet the high standards of data security.
We are familiar with HMG Security Policy Framework (Cabinet Office, October 2013; www.gov.uk/government/publications/security-policy-framework) and our experience spans design, development and support of a number of IL2-certified systems, and the implementation and support of IL3 systems.
All of our processes and procedures incorporate Physical, Human and Digital security capability to ensure that client data and systems are continuously secure against threats to Confidentiality, Integrity and Availability.
All of our employees undergo security screening and CRB checks, and are provided with solid training to ensure that the needs of our clients are managed and the aspirations of our workforce remain high.
We can guarantee security by only providing certain levels of access (e.g. server-level access) to suitably qualified and trained Axis12 staff covered by our ISO 27001 certificate.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Change Control Steps:
1. Documenting the Change Request through Axis12 Change Control system.
2. Formal assessment of change looking at risks, benefits and security impact of making the change evaluated by the Change Approver.
3. The team responsible for the change creates a detailed plan for its design and implementation.
4. The implementation team designs a program for the software change and tests it. If successful a release date is requested.
5. The team implements the program and stakeholders review the change.
6. Final assessment involves requestor and change approver confirming the implementation success/failure and Change Request is closed/reopened. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Axis12 are constantly monitoring the various major alert/information channels for threats to our system. Each threat is classified Critical, High, Low with expected implementation times as follow.
- 'Critical’ patches should be deployed within hours.
- 'High’ patches should be deployed within 2 weeks of a patch becoming available.
- ‘Low’ patches deployed within 8 weeks of a patch becoming available. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Axis12 have a range of automated and manual approaches to protective monitoring that are constantly being reviewed as new threats are identified within the industry. We work closely with our hosting partners and other industry experts. The exact process is available on request.
Incident responses are reviewed and classified in our ‘Security Incident (System)’ and assigned to the appropriate Service Level to the incident with the appropriate level of technical resources to resolve the issue. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
1. Issue identified.
2. Service desk reported by phone or email.
3. Tickets created in our ticketing system.
4. For Severity 1 issues, an action plan is formulated as soon as the call is logged and regular conference calls scheduled until the issue is fixed.
5. Diagnosis begins according to our SLA.
6. Ticket updated regularly, triggering an automated email to the client.
7. When issue has been resolved, the system is updated as completed and all interested parties automatically alerted via email. This means that tickets can never be closed without the person who logged the ticket being aware.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- KVM hypervisor
- How shared infrastructure is kept separate
- Separate virtual machine, locking down connections by ip whitelist.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
https://cyberfortgroup.com/about/environmental-policy/
In addition to this Cyberfort are also certified to the industry recognised environmental standard ISO14001 which validates this commitment, certificate attached for your records.
Finally, specifically in Ash we source our power from a company called Bryt which is a zero carbon and 100% renewable electricity supplier.
Social Value
- Fighting climate change
-
Fighting climate change
Our Datacentre partners, Cyberfort Group Limited are committed to promoting sustainable development by reducing, as far as practical, their environmental impacts from business activities. An Environmental Management System (EMS) has been implemented which meets the requirements of BS EN ISO 14001:2015. Our primary emphasis is on improving performance and the prevention of adverse environmental impacts, rather than treatment after occurrence. Priority is given to areas where the environment is most at risk. This policy covers our datacentres and operations including all aspects specific to these activities to ensure our business processes are carefully monitored, measured, and controlled to promote continual improvement whilst enhancing environmental performance. The Environmental Management System helps us protect the environment and response to changing environmental conditions in balance with socio-economic needs. We have adopted a systematic approach to enable us to contribute to sustainable development and have made the following commitments. - Protect the environment by preventing or mitigating adverse effects caused by our activities, products, and services. - Ensuring we fulfil our compliance obligations meeting statutory and regulatory requirements relevant to the environment. - Adopt risk-based thinking and a process approach, reviewing risks and opportunities to help us continually improve and enhance environmental performance. - Promote a sustainable approach in our business, with our suppliers, employees, clients, neighbours, and other stakeholders. - Becoming a net-zero and environmentally conscious company by conserving energy, minimising consumption, reducing, and preferring low pollution materials, maximising environmental efficiency, whilst ensuring waste is managed and controlled. - Controlling or influencing our activities and how our Product and Services are implemented by integrating sustainability considerations into our business decisions. - To adopt management practices and environmental control procedures which comply with the latest version of ISO 14001. - Set documented environmental objectives based on our significant environmental aspects and compliance obligations. - Covid-19 recovery
-
Covid-19 recovery
Axis12 has policies in place that: - Support our employees in recovering from the impacts of COVID-19, including those worst affected or who are shielding. - Support the physical and mental health of any of our staff affected by COVID-19, including reducing the demand on health and care services. - Improve workplace conditions that support the COVID-19 recovery effort including social distancing, remote working, and sustainable travel solutions. - Tackling economic inequality
-
Tackling economic inequality
Since our inception, Axis12 has been contributing to local charities tackling economic inequality and hardship through direct action. We are proud sponsors of Camden's streets kitchen initiative donating products and services (like food, sleeping bags, gloves, socks, warm weather gear etc) which is then distributed directly to homeless people during London's worst weather. Our efforts have helped 100's of homeless people over the years with their immediate needs of warmth, food, and clothing. - Equal opportunity
-
Equal opportunity
Axis12 is committed to the principle of equality among its employees and embraces diversity. We aim to provide equal opportunities for all, regardless of whether individuals are employees, customers, suppliers, agents or otherwise. We firmly believe all employees and job applicants have the right to be protected from unfair treatment and we will only differentiate on merit and the ability to do the job.
We aim to provide an equal and fair working environment, which is free from all forms of discrimination. Accordingly, all employees will be treated fairly in respect of any protected characteristics they may have. Protected characteristics are; race, religion and belief, pregnancy and maternity, sex, marriage and civil partnership, disability, gender-reassignment, age and sexual orientation.
This policy applies to all areas of employment at Axis12 including; recruitment, promotion, training and development, secondments, transfers, performance management, remuneration, grievance and disciplinary procedures, selection for redundancy and dismissal.
Our policy also applies to temporary staff, contractors and consultants and all third parties that we engage with. Unless otherwise stated, all reference to employees includes potential employees, former employees, as well as agency workers, temporary workers and contractors.
Our managers are responsible for implementing our Equal Opportunities Policy and for applying the policy as part of their day to day management.
All Axis12 employees have a responsibility not to discriminate against fellow employees and to report any such behaviour of which they become aware. - Wellbeing
-
Wellbeing
All of our employees are offered a free Vitality package supporting their physical and mental wellbeing as well as free private medical insurance.
We are members of the Governments ride to work scheme which subsidises the purchase of aBicycle, and also offer generous maternity and child care packages to our employees well in excess of government mandated pay. We host an annual summer house working opportunity in Europe each year and financially support all employees working from home with additional top up expenses.
Pricing
- Price
- £215 a unit a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Full service, time limited
- Link to free trial
- On request