TRUSTCO PLC.

Medium NHS Cloud Virtual Machine

2 vCPU 4GB vRAM VM (inc No OS License*, OS Management, Antivirus, 60MB SAN Storage)

Features

• 2 vCPU 4GB vRAM VM
• Elastic / burstable resources defined
• Guaranteed resources defined
• Type of hypervisor documented
• Upload and download of virtual machine images supported

Benefits

• 2 vCPU 4GB vRAM VM
• Elastic / burstable resources defined
• Guaranteed resources defined
• Type of hypervisor documented
• Upload and download of virtual machine images supported

£1,607.36 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@trustco.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

339397160176686

Contact

Craig Fairs
03448801999
frameworks@trustco.co.uk

Service scope

• Service constraints: N/A
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Trustco Plc's highly skilled technical team will monitor and manage your service 24x7
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Trustco's highly skilled technical team will monitor and manage your service 24x7.; SLA for availability.; Online access to our portal for incident/change management and reporting.; Quarterly reviews with a dedicated Service Delivery Manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: On boarding guidance is provided; User documentation provided
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Secure service available
• End-of-contract process: Migration service available

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: The service is self scaling
• Usage notifications: Yes
• Usage reporting:
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Virtual Machines
  • Database
• Backup controls: Users schedule their chosen backups through a web interface
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.9%
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
• Access restrictions in management interfaces and support channels: A combination of tools are utilised to enable granular, role-based access control and administrative delegation as part of a unified framework for managing security
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: 27001

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All change and configuration are managed in accordance with strict ITIL process
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability management approach is based on ensuring all platforms are patched and maintained according to vendor best practice. All configuration changes are subject to strict change control and are reviewed, logged and audited on a regular basis.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Intrusion detection
• Incident management type: Supplier-defined controls
• Incident management approach: Pre-defined, ITIL-based processes are in place for common events and event management processes are followed so that incidents are automatically logged and handed over to the required technical contact for diagnosis, triage and resolution. All incidents are included in formal quarterly service review reporting processes

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Based on the security requirements of the customer, the service will be provided using a dedicated platform to ensure absolute separation from other organisations

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: The Code of Conduct is an independent scheme in the EU to certify that a data centre has adopted energy efficiency best practices. Data centres measure their energy efficiency in Power Usage Effectiveness (PUE). The ideal value is 1 PUE, but the average PUE value is around 2.0. Trustco Plc will ensure that all services are delivered from datacentres that are a minimum of TIA-9424 Tier 3. Each datacentre is self-certified, and Trustco Plc can commit to providing visibility of the process plus compliance with the EU Code of Conduct for datacentre operations

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Trustco Plc is deeply committed to the continuous development and execution of our Carbon Net Zero Plan. We are actively enhancing our company policies and practices to effectively combat climate change. Recognising the variety of ways we can contribute to environmental recovery; we have identified several key areas of focus:; a. We influence and incentivise our staff, suppliers, customers, and the wider community by delivering contracts and services that support initiatives aimed at environmental protection and improvement.; b. We invest in adopting and deploying technologies across our entire supply chain that are critical in reducing carbon emissions during service delivery.; c. We are dedicated to investing in the monitoring and reporting of carbon emissions, not only within our corporation but also throughout our supply chain, and in the solutions that we deliver to our customers.; Through these strategic investments and initiatives, Trustco Plc not only adheres to its environmental commitments but also contributes to a broader transformation towards a greener tech industry.

  Equal opportunity

  Our organisation is committed to promoting equal opportunities across all aspects of our operations. We actively pursue activities and implement policies that address inequalities and enhance support for all employees, particularly those who are disabled or from disadvantaged or minority groups.; Firstly, we are committed to equality of opportunity in our recruitment process; our blind recruitment policy ensures that hiring decisions are based solely on merit and suitability for the role, removing any unconscious bias. Importantly, our commitment to inclusivity extends beyond recruitment; for example, we empower employees with disabilities to take a leading role in identifying the reasonable adjustments required to support their success, ensuring they can thrive in our workplace.; We also offer employee-led training opportunities, that support individuals in developing new skills relevant to their roles. These training opportunities are designed to lead to recognised qualifications, enhancing employability and career progression within our organisation.; In addressing inequalities in employment, skills, and pay, we conduct regular reviews of our workforce data to identify and address any disparities. Our commitment to the living wage and flexible working policies supports in-work progression, helping employees from all backgrounds to advance into higher-paid roles and develop new, contract-relevant skills.; Our organisation's commitment to equality is also reflected in the way we gather feedback from employees. Anonymous surveys allow us to capture honest feedback and insights, which are crucial in shaping our policies and initiatives. This feedback mechanism ensures that our strategies remain effective and responsive to the needs of our workforce.

  Wellbeing

  Trustco Plc is dedicated to promoting wellbeing both internally within our organisation and externally in the wider community. ; We have implemented an Employee Assistance Programme called Spill, which provides our team members with accessible and confidential mental health support, enabling them to seek help when needed without fear of stigma. ; Additionally, our signing of Mind’s Commitment to Mental Health at Work further solidifies our pledge to implement and uphold high standards of mental health practices within our workplace. Complementing this, our investment in training and certifying two of our staff as Mental Health First Aiders allows us to offer immediate and knowledgeable support onsite. ; These efforts are reflective of our dedication to building a culture of openness and support around mental health, challenging industry norms and encouraging a broader societal shift towards better mental health awareness and care.

Pricing

• Price: £1,607.36 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@trustco.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.