Azure Backup
With the Azure Backup service, you can easily, safely, and affordably back up your data and restore it from the Microsoft Azure cloud.
Features
- Storage accounts used by Recovery Services vaults are isolated
- Access is only allowed through Azure Backup management operations
- Fine-grained access control using Azure role-based access control (Azure RBAC)
- Backup data at rest is encrypted by default using Microsoft-managed-keys.
- Immutability prevents data alteration or deletion before the retention period
Benefits
- Security and Reliability
- Scalability and Simplicity
- Protection for Azure IaaS VMs
- Offload On-Premises Backup
- Backup data is stored in geo-replicated storage
- 99.9% service availability, Azure Backup provides excellent operational uptime
Pricing
£23.76 an instance a month
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
4 1 0 7 4 3 8 3 7 9 2 5 2 4 7
Contact
iomart Managed Services Limited
Seema Griffiths
Telephone: 0800 040 7228
Email: gcloud@iomart.com
Service scope
- Service constraints
- See https://docs.microsoft.com/en-gb/azure/ to determine applicable constraints based on purchasers requirements.
- System requirements
-
- See MS documents https://docs.microsoft.com/en-gb/azure/
- Supported Platforms: Workloads must be a supported platform
- Azure Subscription: You need an active Azure Subscription
- Azure Active Directory: Ensure you have Azure AD tenant configured
- Requires connectivity between source and Azure
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Our Service Desk provides 24/7/365 support, including weekends and holidays. Tickets are triaged within 15 minutes and addressed based on priority, in strict adherence to our SLAs, ensuring prompt and reliable resolution.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Iomart offers a tailored support structure with various levels and pricing models to match your specific business needs, ranging from unmanaged/self-managed to fully managed solutions.
For unmanaged or self-managed services, we provide basic support at no additional charge. On the other hand, our fully managed services are competitively priced on a solution-specific basis. For instance, OS management is available from £75/month per host, and for consumption-based environments like Azure, we offer pricing models based on a percentage of consumption.
Our comprehensive management package encompasses all aspects of service configuration and managed changes, enhanced by proactive monitoring and alerting systems. This approach is designed to identify and mitigate potential issues proactively, minimizing their impact on your services whenever possible. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- See https://azure.microsoft.com/en-us/resources/ plus comprehensive online documentation for various solutions available across the platform.
- Service documentation
- No
- End-of-contract data extraction
- During the decommissioning phase, iomart will work with the users to migrate or destroy data as agreed and required. Multiple export methods from Azure exists, such as over-the-internet transfer, via VPN or Expressroute, or direct extraction from storage via Azure Lockbox, etc.
- End-of-contract process
- The default process would be that all Azure services are shut down for a period of 7 -days, after which all data will be securely erased using Microsoft Azure's in-built deletion methods and a certificate of data destruction provided, verifying the work is complete. Any costs associated with data migrated externally will be borne by the user.
Using the service
- Web browser interface
- Yes
- Using the web interface
- Iomart provide a control panel where if required clients can manage M365 licences or login directly to their Azure Management Portal.
- Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- The web interface is compatible with standard Windows accessibility options.
- Web interface accessibility testing
- None.
- API
- Yes
- What users can and can't do using the API
- Users are able to utilise the Azure API Managament service to create their own API's for the solutions they deploy on to the platform. Additionally we have the Azure Service Management API which provides programmatic access to much of the functionality available through the Management Portal. Available here https://msdn.microsoft.com/en-us/library/azure/ee460799.aspx
- API automation tools
-
- Terraform
- Other
- API documentation
- Yes
- API documentation formats
- HTML
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Other
- Using the command line interface
- Azure CLI 2.0 is optimized for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager. See https://docs.microsoft.com/en-us/cli/azure/install-azure-cli
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
-
Microsoft Azure is a Hyper scale Public cloud service.
Microsoft has SLAs, monitoring in place and other mechanisms to avoid disruptions to each individual user and organisations. - Usage notifications
- Yes
- Usage reporting
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Reporting types
-
- API access
- Real-time dashboards
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Microsoft
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Hardware containing data is completely destroyed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Virtual machines
- Storage
- Backup controls
- User defined control
- Datacentre setup
-
- Multiple datacentres with disaster recovery
- Multiple datacentres
- Single datacentre with multiple copies
- Single datacentre
- Scheduling backups
- Users schedule backups through a web interface
- Backup recovery
-
- Users can recover backups themselves, for example through a web interface
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
-
Technical controls are employed to protect data in transit within iomart's network. These include restriction of traffic via firewall configuration rules and appropriate segregation of data.
For data in transit, Azure uses industry-standard secure transport protocols, such as TLS/SSL, between user devices and Microsoft datacenters.
Availability and resilience
- Guaranteed availability
- 99.9%
- Approach to resilience
- All iomart UK datacentres maintain appropriate resilience and redundancy, including diverse power and connectivity with at least N+1 power redundancy via UPS and generators. All sites feature appropriate fire detection and suppression equipment with regular maintenance and testing of M&E facilities and operational controls carried out in line with iomart's business continuity management system which is accredited to ISO 22301: 2019. Additionally, iomart's network infrastructure is replicated across multiple sites.
- Outage reporting
- Service interruption notifications by email and the iomart Control Panel.
Identity and authentication
- User authentication
-
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Access to all service interfaces (for consumers and providers) is constrained to authenticated and authorised individuals. Remote management access is authenticated and directly associated to authorised individuals rather than group accounts. All managed systems monitored and access logged and tracked for auditing purposes
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
- Dedicated device over multiple services or networks
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- ISOQAR
- ISO/IEC 27001 accreditation date
- 27/10/2023
- What the ISO/IEC 27001 doesn’t cover
-
Iomart's Statement of Applicability excludes the following controls:
- A.6.1.4 Contact with special interest groups
- A.14.2.7 Outsourced development - iomart does not outsource software development
- A.14.3.1 Protection of system test data - only artificially generated data is used for testing purposes - ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- One Compliance Cyber Ltd
- PCI DSS accreditation date
- 23/02/2024
- What the PCI DSS doesn’t cover
-
Hosting provider:
- application / software
- hardware
- infrastructure / network
- physical space (colocation)
- storage
- web
- security services
- share hosting provider
Managed Services
- systems security services
- IT support
- physical security
- other services (PCI Compliant Infrastructure as a Service) - Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- Police Assured Secure Facility
- NHS Data Security & Protection Toolkit
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
-
Cyber Essentials
NIST
PCI DSS level 1 service provider
NHS Data Security & Protection Toolkit
UK GDPR - Information security policies and processes
- Iomart maintains a comprehensive information security policy framework and has implemented an information security management system which has been assessed and verified as meeting the requirements of ISO27001:2013 by a UKAS accredited certification body.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Iomart's configuration and change management processes have been developed in line with the requirements of ISO 20000-1:2018 and ITIL. Changes are assessed for potential security impact as part of this process which is also aligned with PCI DSS and ISO 27001.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Iomart manages vulnerabilities according to an ISO27001 aligned policy and maintains membership of a pre-public disclosure forums.
This approach also aligns with PCI DSS and Cyber Essentials. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Iomart Protective Monitoring process is aligned with ISO27001:2013 control A.12.4 which details:
• Event Logging
• Protection of log information
• Admin & operator logs
• Clock synchronisation
• Incident Management - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Iomart incident management process is aligned with ISO27001:2013 control A.16.1 which details:
• The full incident management procedure
• Responsibilities & procedures
• Assessment of and decision on security events
• Response process
• Evidence collection
• Learning from incidents
This process also aligns with ISO 20000-1:2018 and ITIL.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- Other
- Other virtualisation technology used
- Azure Native
- How shared infrastructure is kept separate
- As per Microsoft Terms & Conditions
Energy efficiency
- Energy-efficient datacentres
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
iomart recognises the environmental impacts of our business operations and continually seeks to minimise this impact with a commitment to achieving Net Zero by 2050, or earlier. To control and reduce our environmental footprint, iomart implemented a sustainability and energy efficiency programme aligned with a number of the UN Sustainable Development Goals, specifically #13 – Climate Action, which aims to take urgent action to combat climate change. This programme complies with the requirements of ISO 14001:2015 and ISO 50001:2018, which form the basis of iomart’s Energy Management and Environmental Management Systems, respectively. As part of this programme, iomart: • Partners with Schneider Electric to establish carbon reduction targets and implement a roadmap to reduce our overall emissions in alignment with UK Government targets • Purchases Renewable Energy Guarantees of Origin (REGO) certified renewable energy across our entire UK data centre estate, resulting in a 99% decrease in total carbon emissions under the market-based reporting approach since our benchmark year of FY21 • Continues to meet the UK Government Streamlined Energy and Carbon Reporting (SECR) requirements, including energy use and carbon emissions information in its annual report • Carries out assessments under the Energy Savings Opportunity Scheme (ESOS), administrated by the Environment Agency to identify tailored measures to save energy and achieve carbon savings • Operates an ongoing programme of energy efficiencies across its data centre estate, including the installation of LED lighting and the upgrade of UPS battery power systems • Has relocated its headquarters to a more sustainable premises with green commuting encouraged • Maintains responsible business operations including recycling/segregation of waste, considering environmental factors during the procurement process and encouraging employee involvement in energy efficiency improvement initiatives • Is rolling out new initiatives to reduce environmental impact, including the installation of solar panels at its flagship data centreCovid-19 recovery
iomart recognises the continued impact of Covid-19 on communities, businesses and staff. Having implemented a Business Continuity Plan aligned with ISO 22301 best-practice guidelines, iomart was able to seamlessly transition to a remote working policy for the majority of employees at the start of the global pandemic. Safe working practices were introduced for those working at our data centre sites to support Critical National Infrastructure during this time. Reflecting on this era, iomart recognised that many employees value the ability to work from home. In response, iomart introduced a hybrid working policy in order to balance the needs of the business with the flexibility for employees to work both from the office and remotely. As a managed services provider, iomart continues to provide the necessary infrastructure and support to many customers which allow them to offer their staff remote and hybrid working, enjoying the same benefits as many iomart employees. Having provided many customers with financial initiatives to delay invoice payments during the pandemic to help with their cashflow, iomart played a pivotal role in ensuring that a significant number of small and medium business continue trading today and continues to work closely with them to provide business-critical services. iomart continues to partner with the organisation Business Volunteers to support various charities within the local communities in which it operates. Through numerous volunteering engagements, iomart employees have supported a food-growing charity to encourage families to get outdoors, exercise and grow healthy food. They have contributed towards the rejuvenation of the site with a new seating space and raised beds, repairing compost bins and digging up areas that had overgrown. Our teams have also volunteered at a food bank warehouse, taking in food and household items and distributing parcels to local organisations that provide essential support to families, post Covid-19.Tackling economic inequality
iomart takes its responsibility in this areas very seriously and is committed to acting ethically and with integrity in all of our business relationships. This commitment and subsequent efforts to operate responsibly are fulfilled through the operation of corporate governance processes and ISO-certified business procedures. iomart has implemented robust controls and checks, including continual monitoring, to ensure that there is no modern slavery or human trafficking in its supply chain or in any part of the business. We conduct internal risk and material assessments within our supply chain, requiring suppliers to undergo a due diligence process prior to product or service provision. Employees are paid fairly, with salaries paid directly into their own bank accounts. Cyber security risks are identified and managed via iomart’s Information Security Management System which is based on the requirements of ISO 27001, an internationally-recognised standard governing the protection of personal records and sensitive information. Conformity with this rigorous security standard is monitored continuously and assessed by iomart’s UKAS-accredited certification body, providing external assurance of the controls validated. iomart operates an Equality, Diversity and Inclusion programme which is aligned with the United Nations Sustainable Development Goal #8 - Decent Work and Economic Growth – which promotes sustained, inclusive and sustainable economic growth, full and productive employment and decent work for all. Actions and initiatives to support this goal include: • Mentoring partnerships with MCR Pathways, supporting equality of education outcomes, career opportunities and life chances • Regular engagements with SmartSTEMs, a charity which aims to provide equity of access and opportunity for all young people to STEM education and career opportunities • Partnership with and recruitment via Generation, a non-profit organisation transforming education to employment systems to prepare, place and support people into life-changing careers that would otherwise be inaccessibleEqual opportunity
iomart is committed tackling workforce inequality. Closely aligned with the United Nations Sustainable Development Goal #5 - Gender Equality, which aims to achieve gender equality and empower all women and girls, iomart’s approach aims to shine a spotlight on diversity, inclusion, belonging and talent whilst ensuring our policies, recruitment and frameworks are free from bias. To achieve this, iomart: • Operates a diversity and inclusion strategy devised to reduce any real pay gap in the longer term, with an annual Gender Pay Gap report published annually • Has implemented measures to monitor key demographic data, which allows us to set targets to improve representation in key areas • Continues to refresh and expand our employee networks, working towards a gender balance of 30% female representation by 2030 whilst tracking diversity statistics to ensure informed decision making across the business. • Partners with Empowering You, an organisation aiming to build an empowered community of diverse, authentic and confident leaders who can inspire a meaningful and sustainable cultural shift that benefits their organisation, wider industry and society at large • Has implemented an Equal Opportunities Policy in accordance with the Equality Act (2010) • Provides training for managers to better understand neurodivergent and disabled employees’ needs • Publishes a statement on Modern Slavery in accordance with section 54(1) of the Modern Slavery Act 2015, reflecting iomart’s commitment and efforts to operate responsibly • Redacts demographic information from CVs to reduce unconscious bias during the recruitment process • Operates a flexible working policy to promote a healthy work-life balance whilst allowing staff to fulfil other duties outside the workplace such as childcare and supports them working to their individual strengthsWellbeing
iomart promotes the wellbeing of our people though a number of employee benefits and initiatives that impact physical and mental health. These include: • An Employee Assistance Programme with 24/7 support • A cycle to work scheme, with Head Office facilities designed to encourage green commuting • Enhanced benefits with length of service, such as medical and dental cover • Neurodiversity training • Flexible and hybrid working policies to promote a healthy work-life balance This commitment to wellbeing is extended throughout our local communities whereby iomart actively participates in charity engagement and volunteerism. Through our partnership with Business Volunteers, iomart works with local charities to support strong, integrated communities. We began hosting Volunteer Days at our Glasgow and Manchester sites in 2021. We have cooked and served Christmas dinners vulnerable people in Manchester and volunteered at the Glasgow Community Garden Trust to support a food-growing charity in encouraging families to get outdoors, exercise and grow healthy food. Employees helped to rejuvenate the site with a new seating space and raised beds, repairing compost bins and digging up areas that had overgrown. Additionally, iomart worked with FareShare UK to help deliver food that would prepare 40,000 meals for people in need. To further promote the physical health and wellbeing of staff and the wider community, iomart seeks to develop more sustainable business operations intended to reduce its environmental footprint.
Pricing
- Price
- £23.76 an instance a month
- Discount for educational organisations
- No
- Free trial available
- No