THRIVE OPERATIONS LIMITED

Thrive – Managed Back-Up as a Service (BaaS)

Thrive Managed Backup provides rapid, secure and reliable protection for your essential business data; where and when you need it. Offering short back-up and recovery times, the service consolidates multiple data sources to minimize storage requirements without compromising data integrity.

Features

• Data stored and managed in geographically distributed UK Datacentres
• Tier 3+ Data Centre accredited to ISO9001 and ISO27001 standards
• Frequent, automated data checks ensure ongoing data integrity and availability
• 24x7 support Service
• Fast Recovery Point Objective, Fast Recovery Time Objective
• Secure data centre, data encryption at rest and in motion

Benefits

• Flexible and scalable to quickly adapt to changing demand
• Pay monthly for what you need frees up capital expenses
• End-to-end security provides compliant data protection
• Best-in-class hardware and software components deliver high performance, industry-leading SLAs
• Easy to set-up and manage; eliminates on-site maintenance

£139.00 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pcotterill@thrivenetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

401968629207601

Contact

Phil Cotterill
01582 429999
pcotterill@thrivenetworks.com

Service scope

• Service constraints: The Managed Backup Service is agentless for VMWare and Hyper-V virtual workloads only. The backup service covers all workloads via a backup agent installed on the source
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Range of SLA's from P1 (15 min confirmation, 30 min engineer response & 2 hour resolution) to P4 (Service request: 1 hour confirmation, 24 hour engineer response and 48 hour resolution)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Each incident raised is classified in accordance with the impact it has on the customer; P1 - Major Incident 15 minutes response. P2 - Critical Incident 30 minutes response. P3 – Urgent Incident 60 minutes response. P4 - Normal Incident 4 hour response. Thrive Engineers resolve issues through telephone support, diagnostics tools and vendor support. All resolution activities are documented within the client portal and the incident is closed upon the customer’s approva
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Thrive complete the install of the BaaS Thrive will configure (with the customer) all the backup sets. Test restores will be completed as part of the sign off criteria for the start of the service.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Thrive can provide point in time copies of any restore points required onto media supplied by the customer.
• End-of-contract process: The contract can be renewed. If the contract is not renewed it would be normal practice to have an alternate Backup in place and run them in parallel until the desired retention is achieved within the new service. If required the contract can be extended for the amount of time required to achieve the desired retention on the replacement service.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can view all the success criteria for all jobs and see logs
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Via HTTPS connection over the internet
• Web interface accessibility testing: N/A
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: All services are run within a strict capacity management processes. Thrive use capacity management tools on the BaaS service to ensure there is a minimum capacity resource of 30% available. Additional components are added to maintain a minimum of 30% capacity availability.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics:
  • Backup job success
  • Restore job success
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Physical and virtual servers
• Backup controls: Backups are controlled through an Agent server installed within the customers network. The agent server has the job scheduler on it.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: For backup, all data is encrypted before being sent across the internet using 128K encryption. It is stored in Thrives Datacentres in its encrypted format.
• Data protection within supplier network: Other
• Other protection within supplier network: The backup data is stored in its encrypted format.

Availability and resilience

• Guaranteed availability: The management platforms for this service are hosted within Thrive's Data Centre environment which has a 100% uptime guarantee.
• Approach to resilience: The Backup service is fully redundant between two Datacentres's with all system components existing at both sites. The customers' backup data is also stored at both sites and self heal from each other if any of the data blocks become corrupted. All the systems are running on a fully redundant Flexpod architecture with no single points of failure.; The DR service is a hot standby copy of live servers in one of Thrives datacenters.
• Outage reporting: The systems are monitored 24/7 and use e-mail alerting into the Thrive24/7 support team. Outages are monitored for all hardware and networking and virtual infrastructure

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: To access the web portal each customer is granted an admin user with which they can manage their own security for additional staff if required.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS UK Limited
• ISO/IEC 27001 accreditation date: 30/06/2021
• What the ISO/IEC 27001 doesn’t cover: All items not defined by our scope of certifcation and statement of applicability version 3.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials ISO9001 BS10012:2017
• Information security policies and processes: The information security policies and processes followed by Thrive are in line with the ISO27001 specification.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Thrive using best practice as outlined in the ITIL framework
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities are managed within Thrives in house service management system. Vulnerabilities are identified through vendor notification, onsite tools and systems. Each vulnerability is assessed to ensure high priority items are actioned immediately in accordance with Thrives change processes. All vendor security patching and vulnerabilities are actioned immediately. Other vulnerabilities are reviewed at Operations Meetings and scheduled for assessment and rectification appropriate to the issue. Thrives cloud design is highly resilient with multiple layers of security to ensure vulnerabilities are minimised or removed. The mature platform has been operational for many years with no client outages or client affecting security impacts.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Thrive staff are located on site at Thrives datacentre premises to continuously monitor all aspects of the Nimbus Cloud Services. Thrive use multiple monitoring applications across all aspects of the service from environment, security, VMware, OS and infrastructure. All monitoring platforms alarm on triggered events but also threshold breaches. By monitoring in this way Thrive mitigate all impacts before they become client effecting. ; ; All elements up to and including Microsoft or Linux Operating Systems are monitored and alerts are sent to the service team 24x7. Security patching and vulnerabilities from Microsoft or VMware are actioned immediately.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are captured from customers, Thrives engineers and monitoring platforms, and adhere to the nine ITIL Incident Management activities. Each incident Event is logged on Thrives management system and categorised in agreement with the customer according to the business impact; Priority 1 - Network down 30 minutes engineering response. Priority 2 - Major loss of service 30 minutes engineering response. Priority 3 – Non-urgent 4 hours engineering response. Thrive Engineers work to resolve the issue through telephone support, diagnostics tools or vendor support. All resolution activities are documented and the incident is closed upon the customer’s approval.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Infrastructure is set-up in dedicated instance/tenant; clients do not have global administrative access to these environments, only to their particular tenant.; Within the virtual environment, VmWare vCloud Director virtual datacenters are used for the seperation.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: The Thrive Datacentre has an energy power usage efficiency (PUE) rating of 1.3 and achieves this through the use of Fresh Air Cooling Systems (using outside ambient fresh air rather than chillers whenever possible) in addition to utilising hot isle containment and efficient UPS systems. Thrive has a policy of continual energy efficiency, heat reclamation system, and hot and cold air segregation.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  Thrive are providing additional environmental benefits in the performance of the contract such as flexible working, car share programs for office based staff and are actively working towards net zero greenhouse gas emissions as well as ISO14001 certification.

  Covid-19 recovery

  Thrive are a high growth business operating in a high growth sector and have created new employment opportunities, offer re-training via our Rising Tide program and other return to work opportunities for those left unemployed by COVID-19.

  Tackling economic inequality

  With our cloud and cloud managed cyber security offerings Thrive are creating a number of new roles across our organisation. In the last year the team has grown by over 300 people as we create employment and training opportunities. The current skills shortage in the UK for cyber security staff currently stands at 11,200.; Thrive has also been supporting educational attainment relevant to our G-Cloud offerings, including training to address skills gaps and result in recognised qualifications.

  Equal opportunity

  Through our "Rising Tide" program, that has been in place since 2020, Thrive are fully supporting in-work progression to help people, including those from disadvantaged or minority groups, to develop their careers and move into higher paid work by developing new skills many that are relevant to the services we are offering through the G-Cloud program.

Pricing

• Price: £139.00 a unit a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pcotterill@thrivenetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.