Redinet Ltd

Azure Cloud Computing Platform

Azure is a comprehensive cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed datacenters. There's a range of services, including those for computing, analytics, storage, and networking. Buyers can pick and choose from these services in the public cloud.

Features

• secure storage
• scalability
• reliability
• diverse data handling

Benefits

• Multilayer security trusted by enterprises, governments, and startups.
• Flexible pricing options—only pay for what you use.
• The most comprehensive set of compliance offerings

£1 to £1,000 a virtual machine a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mike.beeson@redinet.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

338288258333312

Contact

Mike Beeson
020 8249 7000
mike.beeson@redinet.co.uk

Service scope

• Service constraints: N/A
• System requirements: Access to the internet

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: We target our service desk with a One-Hour valid first response. Our first response is based on an engineer responding with an action and not an automated response. Our support team are targeted on a number of Key Performance Indicators. We are committed to providing buyers with the highest level of support possible. Examples of these is, Telephone pickup KPI which is within 10 seconds and consistently averages at 93%, well above our target of 85%. First Response to Tickets within One-hour SLA averages at 97%, which is above our target of 94%. These are reviewed on a quarterly basis.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Redinet offer support to fit the needs of our clients. Standard Business Hours are, Monday to Friday, 8am to 6pm. We also provide support outside of these hours (up to 24/7) to fit the needs of all business and can be tailored as required. Our SLA for first response is 1-hour for a valid response from an engineer who has been assigned to the ticket. Support package costs can be discussed on a per customer basis dependant on required levels
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We can provide top level documentation of the platform for buyers to show network topology. We can also provide training of the platform during and after the build of the environment.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data does not need to be extracted. We can quickly hand over access to the platform as it is.
• End-of-contract process: Redinet has a customer leavers process as part of our ISO27001 policies. Ultimately, we would hand over access to any Azure services and remove our access without the need of any migrations.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can have access to the service to make changes to the setup if given Admin access if approved by the buyer.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Via a weblink provided
• Web interface accessibility testing: This is a well known Microsoft product that many users use across the world
• API: Yes
• What users can and can't do using the API: Through standard Azure API's
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
• Using the command line interface: The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources. The Azure CLI is available across Azure services and is designed to get you working quickly with Azure, with an emphasis on automation.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: We can configure the services to auto-scale or have services configured but switched off so there is zero cost associated
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft Azure

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • All files
  • All virtual machines
  • Databases
  • Network Config
  • Active Directory
• Backup controls: The policies are all set on the Azure Web Interface
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: As this is a third party service from Microsoft we would publish their SLA for uptime. These are published at https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1
• Approach to resilience: Microsoft have datacentres all over the world and we designate a region for data residency so infrastructure can move around between datacentres in this region.
• Outage reporting: Email alerts and Public pages

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We can include policies that only allow certain IP addresses access to admin centres
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance UK Limited
• ISO/IEC 27001 accreditation date: 27/01/2023
• What the ISO/IEC 27001 doesn’t cover: We made the decision to cover everything we do under our certificate. We don't cover other businesses with our accreditation.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow ISO27001 policies and processes

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Formal change management process. If changes are requested to the infrastructure these would go through the project team to make sure that changes are thought about to avoid risk.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We suggest using third party vulnerability cloud services to detect out of date software or end of life software. If a support contract is in place we would carry out patching within 14 days or a patch being released.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have MDR & threat hunting services but these are a separate service. We respond within an hour to isolate and mitigate.
• Incident management type: Supplier-defined controls
• Incident management approach: If there is a support contract in place with us users would be able to respond to incidents via our service desk and have incident management processes as part of our ISO27001 accreditation.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: The datacentres are managed by Microsoft

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a business we have an environmental policy in place.

  Covid-19 recovery

  We are flexible with staff to ensure they can work from home as and when required. We support local business with sponsorships to help our community around us.

  Tackling economic inequality

  We have run apprentice programs for students doing IT and Security courses at College. We also have continual improvement programs to continue to upskill internal staff with our strategic Vendor partnerships.

  Equal opportunity

  At Redinet we have an inclusion policy to ensure that we give as many people the right opportunity as possible.

  Wellbeing

  We regularly run charitable events and team building in conjunction with mental health initiatives. We have employee healthcare services in place that incorporates mental health and wellbeing services to be used.

Pricing

• Price: £1 to £1,000 a virtual machine a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mike.beeson@redinet.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.