Proact IT UK Limited

CommVault Managed Backup Service (BaaS) as a service

Proact's CommVault Managed Backup Service (BaaS) as a service offering provides organisations of all types with a real alternative to an in house backup system. Built on enterprise technology, Proact's CommVault Managed Backup (BaaS) includes compute, storage, and the backup of all data types protecting the customer’s data and systems

Features

• Fully managed backup service
• Options for local and remote deployments
• Includes all all OS, application agents and encryption
• Backups up SAN, NAS and DAS storage
• Onsite cache available for fast restore
• Built on enterprise technology
• Replication to second datacentre available
• Optional Self-service portal for restore and management
• Flexible service to scale up and down

Benefits

• Reduce backup costs
• Reduce time spent managing backups
• Reduce capital costs
• Align backup spending with business usage
• 24x7 management reduces the impact of backup failures
• Comply with data retention regulations

£7.20 to £394.40 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@proact.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

371254914001346

Contact

Proact IT UK Sales
01246266300
bids@proact.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: If the vendor OS license is end of support life, this will impact our ability to provide service management
• System requirements:
  • One VM is required for monitoring
  • Sufficient internet bandwidth
  • Jump box or logmein - one VM may be required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email and online ticketing support availability ; ; 24 hours, 7 days a week
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: A single point of contact will quickly allocate specialised experts to resolve incidents up to 24/7, while coordinating with multiple vendors to minimize business impact. We take ownership of the issue and work with your team to secure a resolution.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All of Proact's managed cloud service contracts are started with an initiation meeting, it is as this point that the design and delivery are agreed. Formalisation training is provided as part of the project. This will take the form of either remote or onsite dependent on the customer's preference. Documentation is also provided.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Prior to contract end, the Service Delivery Manager at Proact will approach the customer to agree a contract exit strategy, this includes data extraction. In addition the customer can add change or remove their data at any time with or without Proact's technical input.
• End-of-contract process: Once the contract has reached its term, the customer can either terminate or renew their contract. In this situation, there are no additional costs to the customer to exit the agreement or to renew. However, If the contract is terminated early, or the customer wishes to make significant changes to the contract before renewing, charges may be applicable. Please refer to our T&Cs for further information.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service includes a Self-Service management portal to view and/or manage backup activities. Access is generally provided over the Internet VPN. The Self-Service interface, enables management of user access, client auditing, backup job configuration, job history and status, backup retention management and recovery of data.
• Accessibility standards: None or don’t know
• Description of accessibility: The service includes a Self-Service management portal to view and/or manage backup activities. Access is generally provided over the Internet VPN. The Self-Service interface, enables management of user access, client auditing, backup job configuration, job history and status, backup retention management and recovery of data.; ; Any other activities such as hardware management or patching are undertaken by Proact as this is a fully managed service.
• Accessibility testing: None.
• API: No
• Customisation available: Yes
• Description of customisation: Customer may scale to size. ; Customer may combine service types as needed. ; Change controls and user approval as needed

Scaling

• Independence of resources: Our environment is monitored 24x7x365. We work closely with our users to plan for increase demand. We always have a minimum of 20% overhead for capacity, and where appropriate we encourage our customers to do the same.

Analytics

• Service usage metrics: Yes
• Metrics types: Reporting for service usage is provided under Proact Service Management. These can be provided on request or as part of a pre agreed contract.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The customer would need to provide Proact with a medium to write the data to export - this would be a collaborative effort. Proact would not restrict a customer from accessing their own data. Please refer to T&Cs included in this product description.
• Data export formats: Other
• Other data export formats: This is application dependent - the file types aren't applicable
• Data import formats: Other
• Other data import formats: This is application dependent - there are no restrictions

Data-in-transit protection

• Data protection between buyer and supplier networks: IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.5% for the BaaS platform in Proact's data centre.
• Approach to resilience: Our default methodology for all cloud services is to operate a platform with no single point of failure.
• Outage reporting: Outages are reported to the customer via: - Dashboard - LogicMonitor In addition to this regular reviews are scheduled between the customer and the Service Delivery Manager, where additional information can be provided surrounding any outages that may have occurred. Where relevant, email would be used and or the emergency contact would be directly informed.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Role Based Access Control is in effect. Traffic is segregated onto dedicated VLANs – no routing between VLANs is allowed other than via a firewall
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance UK Limited
• ISO/IEC 27001 accreditation date: 27/04/2022
• What the ISO/IEC 27001 doesn’t cover: Any products or services that fall outside of the managed cloud portfolio
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: IG-SOC

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: "The high level “Information Security Policy” describes the considerations to achieve the company information security objectives and is separated in to the key Tier 2 detailed security policies:; ; • Technical Security Policy; • Physical Security Policy; • Business Continuity Policy; • Data Handling; • 3rd Party Supplier Management Policy; • Network and Infrastructure Management Policy; ; All of these policies are condensed to form the Acceptable Use Policy, which is trained to all new starters during their induction and included in annual security awareness training. These policies are reviewed at least annually prior to security retraining and after changes to compliance requirements. Staff are invited to comment on this policy and suggest ways in which it might be improved by contacting the Chief Security Officer.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change management is an ITIL process managed through a ticketing system, which tracks changes to configuration items. Extensive changes are approved by the Change Approval Board.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Under Proact's managed services all public IP addresses are vulnerability scanned on a weekly basis. The Proact Cloud infrastructure is also vulnerability scanned weekly. Penetration test are carried out at 6 monthly intervals. There is continual monitor of vendor security notifications and bulletins. Vulnerability remediation is typically between seven days to one month and is dependent on critical nature and OS/application type.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Proact’s Protective monitoring of logs watching for IoC, to alert in accordance with predetermined processes. The Investigation Team perform in-depth analysis, looking for further evidence, or most often to eliminate false positives. Customers are included in Investigations, as an IoC could be a benign activity known by the customer; authorised change or penetration test in progress. If a compromise is suspected or confirmed then the response team will work with the customer to follow established response procedures to cover Containment, Eradication, Recovery and advice on strengthening security controls to prevent similar occurrences.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents can be reported over the phone to the support team or via the web interface. The Service Delivery Manager can also be contacted, but will be included in communications in any case. Incident reports are made available in the dashboard and as part of the regular review meeting with the Service Delivery Manager.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Proact’s environmental sustainability strategy is founded on a whole-of-lifecycle, circular supply chain approach. Our Carbon Reduction Plan (CRP) commits to achieving ‘Net Zero’ carbon emissions by 2050, through maintaining annual records of our Scope 1, 2 and a subset of 3 emissions. ; • We have implemented monitoring across all our services, to identify improvement initiatives for power consumption and CO2 emissions. ; • We are transitioning our managed storage platforms to solid-state systems technology to deliver substantial power and reduce emissions.; We are committed to protecting the climate, having recently implemented solar roof panels at our head office, installed EV charge points, converted to LED lighting. ; We encourage our employees to be environmentally conscious through our environmental training, cycle to work and electric car schemes, providing video conferencing tools and work from home programs to avoid unnecessary travel, source only 100% renewable electric. ; Contract specific Social Value additionality is provided using the National Themes, Outcomes, and Measures (TOMs) Framework and is available on request.

  Covid-19 recovery

  Proact acknowledge that the COVID-19 pandemic has exacerbated existing economic and social challenges and created many new ones. As a responsible organisation we have continued to develop social values that provides additional benefits which can aid the recovery of local communities and economies, especially through employment, re-training and return to work opportunities, utilisation of employee volunteering days in community support opportunities, developing new ways of working and supporting the physical and mental health of those affected by the virus.; During the pandemic Proact launched a Loneliness guide Part 1 to support the impact of isolation, and the need to understanding loneliness and how to support themselves and others. ; Following the lift of lock down, home working has become a permanent fixture in peoples lives, as such we decided to launch Loneliness guide Part 2, as we felt an obligation to continue to support and protect all our employees. Part 2 includes, Relationships and Interactions, talking about feelings, our connections online and media, and how to look out for the signs of loneliness. ; Contract specific Social Value additionality is provided using the National Themes, Outcomes, and Measures (TOMs) Framework and is available on request.

  Tackling economic inequality

  Proact are committed to tackling economic inequality, including creating new opportunities, jobs, and skills, as well as increasing supply chain resilience Support innovation and disruptive technologies throughout the supply chain to deliver lower cost and/or higher quality goods and services. ; We influence staff, suppliers, and customers in support of Proact’s development of scalable and future-proofed new methods to modernise delivery and increase productivity.; Proact continue to identify skills-gap to ensure we can provide all the necessary training to individuals, in 2023 Proact expanded its Apprenticeship scheme, which has enabled 20 more employees’ access to achieving recognised technology skills. Throughout 2023 and into 2024 Proact continued recruiting women-in-tech across the business to tackle the gender inequality. ; Contract specific Social Value additionality is provided using the National Themes, Outcomes, and Measures (TOMs) Framework and is available on request.

  Equal opportunity

  Proact continues to drive equal opportunity, including reducing the disability employment gap and tackling workforce inequality, Improving health.; Support in-work progression to help people, including those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant and recognised qualifications. ; Our policy is to protect all job applicants, employees, and those within our supply chain are not discriminated against either directly or indirectly on the grounds of race, colour, ethnic or national origin, religious belief, political opinion or affiliation, sex, marital status, sexual orientation, gender reassignment, age, or disability. ; Contract specific Social Value additionality is provided using the National Themes, Outcomes, and Measures (TOMs) Framework and is available on request.

  Wellbeing

  Influencing staff is our key objective and through the delivery to provide ongoing support in wellbeing, and the physical and mental health of every member of staff. We provide regular workshops, offering relevant media and access to private professional advice via several social media channels including 24/7 telephone support lines. ; Within our Proact community support framework, we have developed a Wellbeing Hub, accessible by all staff, giving them an abundance of information including, Private healthcare, mental health first aiders, employee assistance programme that offers a confidential telephone services 24 hours a day, a Financial Wellbeing Money Centre offering an interactive budgeting course, debt related mental health counselling, and a dedicated recession-proofing health check.; Proact’s wellbeing hub continues to evolve as we listen to our employee needs, having recently introduced the Perkbox incentive that provides multiple savings on everyday purchase helping with the increased living costs, in conjunction with annual reviews and appraisals, Proact has rolled out a real living wage initiative for 2024.; Contract specific Social Value additionality is provided using the National Themes, Outcomes, and Measures (TOMs) Framework and is available on request.

Pricing

• Price: £7.20 to £394.40 a unit a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@proact.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.