MIS EMERGENCY SYSTEMS LIMITED

MIS Emergency Systems Cloud Hosting Services

MIS Emergency Systems use best of breed cloud native technologies with our innovative and thought leading service architecture to deliver first class IT Services with real-time compliance which is both unique and unrivalled.

Features

• Native Cloud Technologies
• Real-time compliance and monitoring
• Scalable and high-performance
• Speed and Agility
• Secure, Flexible and Reliable
• Cost-Effective
• High availability and resilience
• Global multiple regions
• Best-in-class vendor neutral PaaS & IaaS offerings
• Expert Cloud Support Engineers & Architects

Benefits

• Use enterprise-class datacentres without the running cost
• Enables flexible provision of IT services across your organisation
• Simplified billing
• Flexible licensing options
• Facilitates easy mobility and a reliable consistent platform
• Allows rapid deployment of both simple and complex applications
• Uncover key insights for improving business processes and decision making
• Access from anywhere anytime with standard Internet connection
• Provide better visibility, monitoring and security of your data
• Pay-as-you-go consumption model, only pay for what you use

£3 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@mis-es.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

430437292018964

Contact

Sales
0845 330 4425
info@mis-es.com

Service scope

• Service constraints: Our services are based on public cloud platforms and infrastructure, as such only the usual constraints around IaaS and PaaS architectures apply. We always engage in a full discovery exercise with our customers to fully understand and scope the requirements and before proposing any solution.
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Normal Support Hours : Monday–Friday 09:00–17:00 excluding English public holidays. 24/7 and emergency call out support may be provided outside of the Normal Support Hours subject to a separate agreement and costs
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We supply tailored support levels based on specific customer requirements. These range from full platform and end-user support, management and monitoring, consultancy and training to simple provisioning support. Our support also extends to assisting the customer with migration from on-premise to the cloud including hybrid configurations. We can also provide support levels for disaster recovery and business continuity solutions either within the context of the cloud i.e. between regions to enable a highly available and resilient solution or as a backup to on-premise systems. Support costs are always flexible and agreed in advance with the customer, based on the level and detail of support required. All support contracts regardless of size include both account managers and support engineers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training will be provided and is available for users at every step of the project from planning to follow-up analysis. This can be provided by our consultants onsite if required or delivered online via audio and visual conferencing tools such as Cisco Webex or MS Teams. In addition to this, standard user documentation and materials will be made available in electronic format which can be saved locally by the user.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Support will be provided to assist users with exporting or extracting their data in a suitable format where possible. Examples of this range from SQL backup images, file share backups or disk images. In most cases the exported data would be downloaded by the customer over the network (network consumption charges will apply). Amazon Web Services offer an Import/Export services that accelerates moving large amounts of data into and out of AWS using portable storage devices for transport. For significant data sets, AWS Import/Export is often faster than Internet transfer and more cost effective than upgrading your connectivity. You can use AWS Import/Export for migrating data into the cloud, sending backups to AWS, and interchanging data with other cloud providers. Azure Import/Export service can also be used to transfer data from Azure Blob storage to disk drives and ship to your on-premises sites.
• End-of-contract process: At the end of any contract the customer will be invited to migrate or export any of their data. This should be completed before the end of the contract to avoid any contract extensions or additional services charges. When the customer has confirmed in writing they are no longer using the service and have successfully migrated any required data we will safely and securely terminate the service and delete all associated data in accordance with our GDPR and data destruction policies. Backups of customer data will be made available for download in the formats documented in the terms and conditions, any costs associated with storing the backups or bandwidth costs for download will charged at the prevailing storage and bandwidth rates. Any requests for data extractions not included in the terms and conditions will be at the sole discretion of MIS Emergency Systems and subject additional charges.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can provision pre-approved templates which are specific to the customers’ requirements
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: AWS Service Catalogue adheres to Voluntary Product Accessibility Template (VPAT) . Access is via the interface using secure portal for named users. Tasks include provisioning pre-approved templates which are specific to the customers’ requirements
• Web interface accessibility testing: These are performed by AWS
• API: Yes
• What users can and can't do using the API: Our APIs are primarily based on AWS and Azure APIs, which offer extensive API calls for customer cloud tenants
• API automation tools:
  • Chef
  • OpenStack
  • Puppet
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: AWS and Azure CLIs are documented on their respective sites

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: We use public cloud auto scaling features which maintains application availability by automatically adding or removing virtual machines according to pre-defined conditions . Dynamic scaling responds to changing demand and predictive scaling automatically schedules the right number of virtual machines based on predicted demand. Dynamic scaling and predictive scaling can be used together to scale faster.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: AWS, Azure and Google Cloud

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines
  • Databases
  • Storage
  • Files
• Backup controls: Backup policies are configured from a central backup console, simplifying backup management and making it easy to ensure that your application data is backed up and protected. Backups, restores, and setting backup retention policies across services in the cloud and on premises can be done using a central console, APIs or command line interface. Automated backup schedules, retention management, and lifecycle management are all included.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: We provision logically isolated virtual networks which include advanced security features, access controls and encryption levels. The 3-tier architecture design, plus DMZ, provides an architectural framework around any provisioned server or service. The default for any server or service will be a zero-trust model and as such the Customer will need to work in partnership with us to ensure requests meet the agreed security policies including enforcing encryption standard when possible. We also pro-actively monitor with specialist third-party tools which provide: Antivirus IPS/IDS Events & Alerts Vulnerability Analysis Policy Compliance Cloud Firewall Master Control

Availability and resilience

• Guaranteed availability: We use AWS and Azure for provision of our cloud infrastructure service, each cloud product has an individual SLA which is largely dependant on the configuration of individual service. Example, a Web server in a single availability zone would not have the same SLA as a multiple load balanced web servers in multiple availability zones or regions. Disk storage availability and durability is measured based on the individual storage products levels. As part of any contract we clearly define and set out the expected SLAs for each component of the service based on the customer requirements. Where required additional configuration and design choices can be made to bring the SLA to the desired level. All claims concerning SLA guarantees must be made in writing by the Customer within seven days following the end of the month in question and will be shown as a credit (once agreed by MIS Emergency Systems) on the next regular service charge invoice. MIS Emergency Systems will use all information reasonably available to it to validate any claims and make a good faith judgement on whether the SLA and/or credits apply to the claim.
• Approach to resilience: We use Microsoft Azure and Amazon AWS global Infrastructures and datacentres. Every component of the infrastructure and our solutions are designed and built for redundancy, reliability and uptime. All data is stored in UK regions and data centres by default (unless otherwise agreed) on highly durable and redundant infrastructure which can span geo-locations for DR/BC purposes, sensitive data can also be encrypted at rest. Network load balancing and redundant routing is also configured where appropriate including the facility to use direct connections. MIS Emergency Systems preferred approach is to design a hosting solution and application layout that supports an active-active approach across multiple datacentres. This is a standard approach in AWS via availability zones, which allow applications to run across 2+ datacentres concurrently. This approach has a similar cost to a load balanced high availability solution in a single datacentre, with the obvious advantage that a datacentre failure results in near zero downtime and data loss, it also significantly reduces the cost and impact to the business of regular DR tests. As with every solution we provide our aim is to provide the best service at the lowest cost, rather than the lowest cost at the expense of risk.
• Outage reporting: We have multiple channels to communicate any service outages. These include all the standard facilities offered by AWS and Azure such as public dashboards like 'Azure Status' which shows in detail (refreshed every 2-mins) the status of each cloud region down to individual cloud products. Amazon Web Services publishes also has a public dashboard posting up-to-the-minute information on service availability. As with Azure this can be personalised by the individual user to include notifications. In addition we can also create email notifications and expose API information on a case-by-case basis. This would be for specific components of a particular customer cloud solution managed by MIS Emergency Systems such as availability of a Web Server or SQL Server etc. Our AI monitoring builds a Root Cause Analysis assessment and provides the ability to replay the issue as it happened. This data will be passed into an automated ticket which can then be routed to the Service Provider, which may be the Infrastructure provider. The Customer will have access to all this data via the monitoring console, as well as access to the tickets.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
• Access restrictions in management interfaces and support channels: Both AWS and Azure have Identity and Access Management controls built-in as standard that offer a very granular level of control and permissions. These permissions can be granted at the user or group level including policy and role based. Each resource on the cloud platform can be individually secured.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 06/03/202
• What the ISO/IEC 27001 doesn’t cover: ISO27001 applies to the infrastructure and services controlled by our Group company Incline IT, not necessarily the application software.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our cloud solutions are based on Microsoft Azure and Amazon Web Services. Both of these vendors are certified to ISO27001. MIS Group has attained ISO27001 and we expect MIS Emergency Systems to be compliant in 2024/5. Our internal processes and security policies already follow the guidance and principles set out in the certification
• Information security policies and processes: Our cloud solutions are based on Microsoft Azure and Amazon Web Services. Both of these vendors are certified to ISO27001. MIS Group has attained ISO27001 and we expect MIS Emergency Systems to be compliant in 2024/5. Our internal processes and security policies already follow the guidance and principles set out in the certification.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Any configuration changes must follow an internal change management process which consists of the following stages: a) Change control form to identify why the change is needed. b) Who is accountable for administrating the change. c) testing outcomes and rollback planning. d) release phase agreed by stakeholders. e) tracking log to measure success. f) audit.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: MIS Emergency Systems will provide a service to manage vulnerabilities and potential threats which reports to the Customer and also the hosting provider. The service extends beyond patching into vulnerability management which is a key requirement for GDPR, PCI-DSS and ISO27001. This will result in reports of missing patches and details on un-patchable vulnerabilities which cannot be patched and may require workarounds until a patch is available from a vendor. Our patching service follows a standard approach of delivering OS patches into Development and Test environments to allow application vendors to run automated tests before patches are deployed to production.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We offer a robust incident management approach based around ITIL and GDPR standard processes for incident events. These include: a) identification, b) logging, c) investigation and diagnostics, d) assignment and escalation, e) resolution, f) closure and g) satisfaction survey. Our AI based monitoring will automate a significant amount of the ITIL incident management process. As part of the Hosting Service our automated solution will detect proactive issues on services, application and infrastructure. Automated ticket routing will be used to either route tickets directly to the Customer or Service Desk provider
• Incident management type: Supplier-defined controls
• Incident management approach: We offer a robust incident management approach based around ITIL and GDPR standard processes for incident events. These include: a) identification, b) logging, c) investigation and diagnostics, d) assignment and escalation, e) resolution, f) closure and g) satisfaction survey. Our AI based monitoring will automate a significant amount of the ITIL incident management process. As part of the Hosting Service our automated solution will detect proactive issues on services, application and infrastructure. Automated ticket routing will be used to either route tickets directly to the Customer or Service Desk provider

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: KVM hypervisor
• How shared infrastructure is kept separate: Our design strategies and multi-tenant model ensures organisations are kept apart. We achieve this by deploying resources into their own Subscriptions, Active Directories, resource groups and virtual private clouds. Technologies include: VLAN Isolation, Compute Isolation, Logical Isolation Between Compute and Storage, Isolation Using Storage Access control, IP Level Storage Isolation, Encryption in Transit and at Rest, Disk Encryption and Database Isolation, Isolation through Network Topology.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: AWS and Azure conform to the EU Code of Conduct for Energy Efficient datacentres

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  We are committed to promoting equal opportunities in employment. Any of our employees or job applicants will receive equal treatment regardless of age, disability, gender reassignment, marital or civil partner status, pregnancy or maternity, race, colour, nationality, ethnic or national origin, religion or belief, sex or sexual orientation (Protected Characteristics).; Our long-term aim is that the composition of our workforce should reflect that of the community and that all workers should be offered equal opportunities to achieve their full potential. We are committed to a programme of action to make this policy effective and to bring it to the attention of all workers. The principle of non-discrimination and equality of opportunity applies equally to the treatment of visitors, clients, customers and suppliers by members of our workforce and also, in some circumstances, ex-employees.

Pricing

• Price: £3 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@mis-es.com. Tell them what format you need. It will help if you say what assistive technology you use.