TECHNOLOGY SERVICES GROUP

Office 365 Backup - Datto SaaS Protection

Datto SaaS Protection for Office 365 is the leading cloud-to-cloud backup solution offering an all-in-one backup, search, restore and export solutions for Office 365.
SaaS Protection ensures that companies can access, control, and most importantly, own the data they entrust to the cloud.

Features

• Automatic 3x/day backup for Exchange, OneDrive, SharePoint & Teams
• Perform additional backups as needed at any time
• Dashboard for notifications at a glance
• Option for unlimited data storage in Datto Cloud
• Backup, Search, Restore
• Option for 1 yr time based retention data storage

Benefits

• Trusted Backup
• Security, secure
• Data protection

£2.00 to £2.40 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@tsg.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

366241825119023

Contact

Marketing Team
03332200777
info@tsg.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Office 365 subscriptions covering Teams, SharePoint, etc
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance for core SaaS product
• System requirements:
  • Office 365 account, and subscription
  • G Cloud account

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 08:00 - 18:00 Weekdays Excluding Bank Holidays and 24x7 cover if the client has TSG SystemCare support add-on. 1 to 4 hour response dependent on priority call, P1 - 30 mins, P2 - 1 hour, P3 - 4 hours, and P4 - 1 day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Interface has a compliant contrast ratio: 11.3 as well as WCAG compliant features which enable the use of page readers and keyboard navigation.
• Onsite support: Yes, at extra cost
• Support levels: 08:00 - 18:00 Weekdays Excluding Bank Holidays, and 24x7 cover if relevant SystemCare agreement is in place
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: TSG would work with clients, from a pre-sales point of view to understand the needs, and provide the relevant associated service costs.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • Other
• Other documentation formats: Help guides
• End-of-contract data extraction: The administrator of the Datto SaaS protection account can securely export users data using user name, date range and files to various formats of: ; Email MBOX format, then to PST (3rd party tool); Calendar: to iCal (ICS) format; Contacts: to .VCF format; OneDrive: to a zip file; SharePoint sites: to a zip file
• End-of-contract process: The price is a monthly cost with a minimum term.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Self service portal to allow backup, and restore of files.
• Accessibility standards: None or don’t know
• Description of accessibility: Via the DATTO SaaS protection portal, with valid user account
• Accessibility testing: Utilised in-house
• API: No
• Customisation available: No

Scaling

• Independence of resources: The service is reviewed by DATTO to look at resource levels.

Analytics

• Service usage metrics: Yes
• Metrics types: Datto user portal
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Datto

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The administrator of the Datto SaaS protection account can securely export users data using user name, date range and files to various formats of: ; Email MBOX format, then to PST (3rd party tool); Calendar: to iCal (ICS) format; Contacts: to .VCF format; OneDrive: to a zip file; SharePoint sites: to a zip file
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • MBOX
  • ICS
  • VCF
  • ZIP
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: All service level agreements are as per the ones supplied by DATTO, and published by them.
• Approach to resilience: Its available on request with Datto
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Supplier defined controls
• Access restriction testing frequency: Never
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register
• ISO/IEC 27001 accreditation date: 22/07/2021
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: TSG have internal controls in place to ensure security governance, departmental access, device encryption policies, password policies, conditional access policies all form part of this.
• Information security policies and processes: TSG follow our own Information Security policy, more info available on request. Ultimate responsibility for ensuring Information Security rests with TSG’s Senior Management Team. They are responsible for ensuring a culture where Information Security is taken seriously by all employees and third parties acting on behalf of TSG. Responsibility for securing specific IT systems rests with the Head of IT, the Group Applications Director and the Service Delivery Director depending whether the systems are internal to TSG or are hosted on behalf of a customer.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The components of services are tracked through their lifetime Services are defined in conjunction with customer requirements at the point of initial engagement and as part of the onboarding process. During this definition of service, change management and service lifecycle management processes are designed around customer requirements and specific service needs. Changes are assessed for potential security impact All service changes are evaluated by a technical resource with focus on service performance, availability and security impacts.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability management approach Annual penetration tests carried out by a verified tester. We have an industry std Anti-Virus package deployed, utilise std tools such as threat management tools, anti ransomware etc. TSG also have a documented Disaster recovery policy. Patches are deployed weekly to end user devices/servers after been through internal testing. TSG have bespoke reporting and management software to assist in identifying potential threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All devices have a monitoring agent on them which can identify potential issues and report back to our service desk. If an issue is identified we have an internal 4HR SLA to ensure remedial actions are carried asap, the seriousness of an incident will be assessed on discovery so that any priority issues can be responded to quickly. The internal SLA on a P1 is 30 minutes.
• Incident management type: Supplier-defined controls
• Incident management approach: TSG have a pre-defined incident process for common events. Users can report incidents via the Support desk. Incident reports are also provided via Support desk and/or Account management team. Benefits The benefits of a robust Incident Management process include: • Higher end user satisfaction through improved resolution time and quality of services. • Better performance against agreed service levels through higher service availability. • Higher efficiency and productivity for the customer due to fewer hours lost to interruptions to IT service. • Better alignment and collaboration between internal TSG departments.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  TSG are actively working to reduce their own Carbon output and evolving services and practices to support our customers on this journey as well.

Pricing

• Price: £2.00 to £2.40 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@tsg.com. Tell them what format you need. It will help if you say what assistive technology you use.