Thinc

Microsoft Azure Cloud Hosting and Migration

Microsoft Azure cloud hosting, migration, consulting and support services.

Features

• Discovery and assessment
• Architecture design
• Road-map creation
• Project and delivery management
• Disaster Recovery
• Back-up
• Microsoft Cloud Solution Provider
• Microsoft Azure cloud purchased and managed for you
• Microsoft accredited engineers and architects

Benefits

• Access to multiple Azure cloud services
• Reduce costs and pay for what you use
• Build highly available services
• Reduce CapEx spend
• Improve security posture
• Fully managed service
• Improve operational resilience

£850 a person a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@wearethinc.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

306463798102403

Contact

Richard Stathers
0808 168 8922
accounts@wearethinc.com

Service scope

• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Same day response.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Proactive Account Management part of standard support package for more details refer to terms and conditions. ; ; Core support hours M-F 8:30-17:00, extended support is available by arrangement.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Thinc use a three step enablement methodology. Please refer to the Service Description for more details.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Export of data is supported via disk image export, file export or replication of data.
• End-of-contract process: Service is decommissioned. Extra costs may be incurred depending on the method of data extract.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: System scaling and capacity reviews are performed frequently.
• Usage notifications: Yes
• Usage reporting: Other
• Other usage reporting: Via account management team.

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Consultancy, implementation and support services.

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual machine
  • Database
  • File level
  • Disaster Recovery
• Backup controls: This is configured as part of a managed service. Requests may be made for specific schedules.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Refer to Service Definition document.
• Approach to resilience: The service is designed to be resilient, data is stored across multiple physical locations. Further details available on request.
• Outage reporting: Dashboard based reporting.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: A variety of two-factor authentication is used to restrict access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Security reporting to Board level. Policies and processes have defined review cycle.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Components are tracked through their full life cycle from implementation to decommissioning. Changes are reviewed prior to implementation to assess for potential security impact.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Qualys scanning is built in to the solution. Security patch scheduling is based on vulnerability assessment.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Proactive monitoring is in place to provide early warning. Escalation procedures are in place to respond to incidents quickly.
• Incident management type: Supplier-defined controls
• Incident management approach: ITIL aligned incident management processes in place. End users report incidents via email or telephone. Incident reports are provided on request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Via Microsoft Azure UK based data centres.

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  We review the impact of data centers used to deliver services, aligning ourselves with low carbon and carbon off setters.

Pricing

• Price: £850 a person a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@wearethinc.com. Tell them what format you need. It will help if you say what assistive technology you use.