READY COMPUTING LIMITED

Lot 1 Cloud Hosting

Ready offers cloud hosting through leading hosting providers, including Google Cloud Platform, Amazon Web Services (AWS), and Microsoft Azure.

Features

• Cloud storage
• Off-premises
• Compliance with security protocols
• Data integrity and redundancy

Benefits

• Cost-effective
• Improved performance
• State-of-the-art security
• Redundant backups
• Availability
• Robustness
• Security
• Scalability
• Non-geographic isolation

£1,000 a licence

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@readycomputing.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

420899659436009

Contact

Philip Colbourne
020 755 06328
info@readycomputing.com

Service scope

• Service constraints: There are no constraints to our cloud hosting services.
• System requirements:
  • Certain legacy applications may not be able to be hosted.
  • Must have at least a broadband connection.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times differ based on the severity of the issue. Weekend/after-hours support depends on the level of severity.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat features include real-time chat, proactive chat invitations, customizable chat button, chat window docking, real-time typing view, chat history, maximum queue length, and internal chat messenger. Users can also choose a department to chat with.
• Web chat accessibility testing: Ready has a thorough understanding of accessibility requirements, especially as they relate to Information and Communication Technology (ICT).
• Onsite support: Yes, at extra cost
• Support levels: Ready offers IT managed services under Lot 3 Cloud Support Services to fully manage a client's operational environment, including your application and IT infrastructure. We offer Tier 1 and 2 support models and Tier 3 vendor management to assist clients at multiple levels.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a presentation for transition to service, provide virtual or on-site training of the client's users on the service, and provide user documentation.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: PPT
• End-of-contract data extraction: Ready maintains client data, but we do not own it. At all points in the process, the client owns its data. We will work with the client to determine the appropriate data extraction/transmission to the subsequent provider.
• End-of-contract process: Based on the terms and conditions of the client's contract, as the contract end date nears, we send the client notification of renewal/termination. At that point, we will work with the client to transition their data and services. There are no additional costs related to ending a contract or renewal.

Using the service

• Web browser interface: Yes
• Using the web interface: Ready uses Jira Service Management for user support. Users and roles include project administrators, agents, customers, and collaborators.; ; Project administrators can: ; • access all features in Jira Service Management; • manage users and roles in service projects; • set up portals, request types, queues, reports and SLAs; • perform all tasks that agents can; ; Agents can:; • view the portal, queues, reports and SLA metrics within a service project; • view, add, edit and delete customer-facing and internal comments on issues; • add customers to a service project; • view, create and manage content in the knowledge base; • manage customers and organizations; ; Customers can:; • raise requests through the portal, email, or widget; • track their requests in the portal; • comment on their requests; • read knowledge base articles; • approve other customers' requests; • share requests with other customers (if allowed by customer permissions); ; Collaborators can:; • view issues, comments and attachments; • add attachments and delete their own attachments; • add internal comments to issues and delete their own comments; • watch and vote for issues; • view other watchers and voters
• Web interface accessibility standard: WCAG 2.1 AAA
• Web interface accessibility testing: We understand accessibility requirements, especially as they relate to ICT. We actively find ways to integrate these requirements into our service offerings to be as compliant as possible.; ; We strive to make our products and services as accessible and simple to use as possible, including conforming to all ICT compliance requirements. Specific areas of focus include communication methods, graphical user interface appearance of products, general navigation of any of our products, and simplified color schemes. These are only some of the key aspects we look for when integrating and infusing accessibility compliance standards into our products and services.
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Ready monitors performance aspects at every angle. All cloud hosting solutions incorporate automated load-balancing utilities that automatically that adjust factors to manage resource allocations to maintain the highest levels of performance. We offer additional proactive monitoring capabilities through our Lot 2 Cloud Software Wellbase Monitoring tool.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Google Cloud Platform, Amazon Web Services, Microsoft Azure

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • We back up all data points specified in the contract.
  • Data points include files, databases, and virtual machines.
  • Also network device configurations and other digital files.
• Backup controls: Backup schedules are determined per the client's contract and are performed when systems are at their most idle state. Users can specify what is backed up at which time, including full backups through the change control process.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Availability is typically guaranteed at 99.5% available, with no greater than 1% decrease in availability over a one-month period. Availability is applicable to unexpected outages. Specifics related to the guarantee and refund are determined per contract.
• Approach to resilience: By using global hosting providers, we take advantage of mass economics of resiliency.
• Outage reporting: We will email and call the client per agreed-upon SLAs. In addition, the outage would be displayed in the client portal.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Business requirements for access control are determined based on the data and systems each employee or third party needs to perform their job responsibilities; authorisation policies of the data and system asset owners; and applicable governmental policy and directives.; ; Adherence to these requirements keeps systems and data secure by reducing vulnerabilities to data loss, compromised data, and other security incidents.; ; Requests for access to Ready data and systems are submitted to Information Security for evaluation and approval. Access requests must state the business requirements to be met by access controls. We use the principle of least privilege.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QAS International
• ISO/IEC 27001 accreditation date: 16/03/2022
• What the ISO/IEC 27001 doesn’t cover: Ready's management systems (e.g., policies and procedures that prove our standard of delivery) are certified.
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: QAS International
• ISO 28000:2007 accreditation date: 16/03/2022
• What the ISO 28000:2007 doesn’t cover: Ready's management systems (e.g., policies and procedures that prove our standard of delivery) are certified.
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Ready has a corporate information privacy and security policy that governs all of our operations and security. We follow these guiding principles when developing and implementing information security controls:; • We strive to protect the confidentiality, integrity, and availability of our information assets and those of our clients.; • We comply with applicable privacy and data protection laws.; • We balance the need for business efficiency with the need to protect sensitive, proprietary, or other confidential information from undue risk.; • We grant access to sensitive, proprietary, or other confidential information only to those with a need to know and at the least level of privilege necessary to perform their assigned functions.; • Recognizing that an astute workforce is the best line of defense, we security training opportunities and expert resources to help individuals understand and meet their information security obligations.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All change requests must be documented. An evaluation of the current and potential impact of the change on any other governance documents, IT services, and IT and information security configuration items are performed. After assessment, if the change is deemed acceptable, it will be authorized by the appropriate local manager or client. Once implemented, the change will be reviewed, and subject to the findings of the review, closed.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Ready's Privacy and Security Officer is charged with maintaining a process to identify and track applicable vulnerabilities, scan devices for current patch status, and advise system administrators. They schedule any necessary updates using standard change management processes and according to risk level, and they make all Ready-owned devices available to InfoSec for timely patching and related activities.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We use a third party to perform all advanced cybersecurity services. Through proactive and continuous monitoring of internal and external transactions, we can identify real and potential compromises. We respond as quickly as possible, no longer than 30 minutes after identification.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Ready has an incident handling policy which governs how we handle actual or potential incidents. This policy includes:; • Incident reporting; • Incident response and mitigation; • Breach notification; ; Users report incidents to their support team. We provide incident reports via self-service, client dashboard, email, and other requested methods.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Different organisations are kept apart using logical partitioning, separate encryption keys, per customer/client security roles in groups, and segregated networking.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Ready's Google Cloud Platform (GCP), Amazon Web Services (AWS), and Azure datacentres adhere to the EU Code of Conduct for Energy Efficiency. For example, Google commits to being carbon-neutral. Their goal is to run on carbon-free energy, 24/7, at all data centres by 2030. Amazon is also committed to innovation in energy. They reached 65% renewable energy across the business in 2020, and became the world’s largest corporate purchaser of renewable energy. Further, they decreased their overall carbon intensity by 16% from 2019 to 2020. Finally, Microsoft Azure has committed to focus on four key areas of environmental impact to local communities—carbon, water, waste, and ecosystems. Their goals are 100% renewable energy by 2025, water-positive by 2030, replenishing more water than they consume by 2030, zero-waste certification by 2030, and net-zero deforestation from new construction.

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  Ready tackles economic inequality by helping organisations to lessen health disparities caused by socio-economic factors, such as lack of housing, food insecurity, ethnicity, and other Social Determinants of Health (SDoH). For example, we integrate clinical, SDoH, and other relevant data to support healthcare and social care professionals, in particular with our Lot 2 Cloud Software Channels360 workflow and care coordination solution.

  Equal opportunity

  Ready helps organisations provide equal opportunity for healthcare services by implementing integrated health IT and data solutions to help inform their care. Solutions, such as our Lot 2 Cloud Software Channels360 workflow and data management offering lessens health disparities caused by socio-economic factors, such as lack of housing, food insecurity, ethnicity, and other Social Determinants of Health (SDoH) by integrating clinical, SDoH, and other relevant data to aid in decision-making.

  Wellbeing

  Ready implements solutions to promote whole health and well-being which includes both clinical and socio-economic factors. Solutions, such as our Lot 2 Cloud Software Channels360 workflow and data management offering, promotes wellbeing by providing organisations with data and tools to improve individual and community health. Channels360 integrates clinical, Social Determinants of Health (SDoH), and other relevant data to make the data "actionable" - automating and prioritising care for individuals.

Pricing

• Price: £1,000 a licence
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@readycomputing.com. Tell them what format you need. It will help if you say what assistive technology you use.