NETAPP

Cloud Backup

Cloud Backup is a native set and forget ONTAP backup and restore solution delivering unmatched performance, reliability, security and tons of automation.

Features

• Backup & restore
• SnapMirror Cloud
• Multi-Cloud
• Azure
• AWS
• GCP
• Preserve Storage Efficiencies
• End-to-end security
• Ransomware protection

Benefits

• Achieve 3-2-1 data protection
• Set & forget
• Instant and granular data recovery
• Indexed catalog

£0.04 to £0.05 a gigabyte a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.roberts@netapp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

431070386283653

Contact

Chris Roberts
07920284901
chris.roberts@netapp.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: No
• System requirements:
  • Access to ONTAP systems to perform backup and restore
  • A small VM to deploy the service
  • The service is managed via BlueXP

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Initial technical response objective from time of customer contact, based on priority level and availability of local language support.; ; At Basic Level; • Priority 1: 2 hours; on a 24/7 basis; • Priority 2: 4hours; on a 24/7 basis; • Priority 3: 16 hours; on a 24/7 basis; • Priority 4: 36 hours; on a 24/7 basis ; ; At Expert Level; • Priority 1: 30 minutes; on a 24/7 Basis; • Priority 2: 2 hours; on a 24/7 Basis; • Priority 3 and 4: Next Business Day (NBD).; ; For more information please see.; https://mysupport.netapp.com/site/info/policies-and-offerings
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: The web chat has been produced in best practices with a target achieving level AA of WCAG 2.1 but has not been tested.
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: NetApp offers three levels of SupportEdge services: Basic, Advisor, and Expert. Each level provides different benefits and features tailored to various business needs.; SupportEdge Basic includes access to NetApp support tools, technical specialists, classic Active IQ capabilities, rapid parts delivery, and the option to upgrade to onsite parts replacement.; SupportEdge Advisor builds upon Basic with faster target response times, predictive and proactive support, parts delivery and replacement, and advanced Active IQ AIOps features like automated risk remediation and digitized health checks.; SupportEdge Expert offers all the features of Advisor, plus faster delivery, onsite installation, priority queueing with direct routing to level 2 support, and personalized services such as a Support Account Manager and managed upgrade services.; As a part of SupportEdge Expert, NetApp provides a Support Account Manager (SAM) and a Cloud Technical Account Manager (CloudTAM). The SAM deeply knows about the customer's NetApp data storage environment and business goals. At the same time, CloudTAM is a customer-aligned cloud technical specialist who provides technical support for hybrid multi-cloud strategies. This feature is available for Advisor customers at an additional cost.; ; See https://www.netapp.com/services/support/supportedge/
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There is online documentation available for Cloud Backup online - https://docs.netapp.com/us-en/cloud-manager-backup-restore/
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Prior to contract end users can choose what data to export via the queries and API capability within the service
• End-of-contract process: Two things can happen when your license expires:; If the account you are using has a marketplace account, the backup service continues to run, but you are shifted over to a PAYGO licensing model. You are charged for the capacity that your backups are using.; If the account you are does not have a marketplace account, the backup service continues to run, but you will continue to see the warnings and you will be unable to create any new backups with the solution.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: As the service is simply accessed through a browser, users can access the service from any device that have a supported browser.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: NetApp's cloud services are mainly accessed through our BlueXP portal. This is a WebGUI that is really easy to access and navigate through
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Please see https://www.netapp.com/pdf.html?item=/media/99472-netapp-blue-xp-react-vpat-2.pdf
• API: Yes
• What users can and can't do using the API: "REST API URLs identify the resources that you’ll be working with, including clusters, SVMs, and storage.; REST APIs use HTTP methods GET, POST, PATCH, DELETE, and OPTIONS to indicate their actions.; REST APIs return common HTTP status codes to indicate the results of each call. Additional error details can be included in the results body.; REST APIs request and response bodies are encoded using JSON.; REST APIs support hyperlinking among resources using the Content-Type ""application/hal+json"".; GET calls on collections usually return only name and UUID by default. If you want to retrieve additional properties, you need to specify them using the “fields” query parameter.; ONTAP supports query-based DELETE or PATCH for all collection endpoints."
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can customise, the time of backup, the origin of the backup and any restoration of data or deletion of backups based on the level of access provided through the Cloud Manager console. The roles assigned to users are thrpugh the central management platform.; Account Admin: Can perform any action in Cloud Manager.; Workspace Admin: Can create and manage resources in assigned workspaces.; Compliance Viewer: Can only view Cloud Data Sense compliance information and generate reports for workspaces that they have permission to access.; SnapCenter Admin: Can use the SnapCenter Service to create application consistent backups and restore data using those backups. This service is currently in Beta.

Scaling

• Independence of resources: As you deploy the service within your own environment (cloud or on-premises), other users consuming the service will not impact you.

Analytics

• Service usage metrics: Yes
• Metrics types: We will provide you with information around what you have backed up with the solution and also a indexed catalog you can search through for single file restores.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: For customers of NetApp Cloud Data Services, encryption is managed under the shared responsibility model, with storage-level encryption executed through the applicable cloud storage provider. Our public cloud services provider partners offer their own encryption solutions: Amazon Web Services, Microsoft Azure, and Google Cloud.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data cannot be exported, it must be restored through cloud backup
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: Automated backup service, users don't upload their data to it.

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: End-to-end encryption: AES-256 bit at rest and TLS/HTTPS in flight, including CMK support; Secured connectivity: Private network connectivity between source and destination, along with proxy support; Secured control plane: Multi-tenancy, RBAC, MFA, and SOC2-type2 certified
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: NetApp offers various levels of availability guarantees depending on the service.
• Approach to resilience: NetApp's service is designed for resilience by offering a comprehensive suite of data protection capabilities that safeguard important information from corruption, compromise, or loss. Our data infrastructure spans on-premises and multiple cloud environments, which can introduce complexity, but we address this with a common control plane to simplify implementation. This is managed via BlueXP, the unified control plane that delivers global visibility and operational simplicity of storage and data services across on-premises and cloud environments.; ; Our data centers are prepared for the cloud with solutions that deliver performance, lower latencies, and lower storage costs, without sacrificing flexibility. We ensure that customer data remains secure and accessible, regardless of the physical media it is stored on, and its format—file, block, or object, or a mixture of each. Our data management software and operating systems acquire, validate, store, protect, and process organizational data to ensure its accessibility, reliability, and timeliness.; ; For detailed information on how our data center setup is resilient, including specifics on redundancy, failover mechanisms, and backup strategies, this information is available upon request to ensure the security and confidentiality of our infrastructure.
• Outage reporting: There are a series of documented processes for common or known events. Users can report incidents via phone, chat, email or online. Production events that involve extended outages, security breaches or loss of customer data will qualify for a root cause analysis, including timeline of event, customer impact, direct and root cause of event, and improvements made or planned to prevent recurrence. Based on the product and contract please consult your Client Executive for further details or see https://netapp-security.trustshare.com/home; some service outages viewable on https://status.services.cloud.netapp.com/Save and return to service summary; Outages on status.services.cloud.netapp can be subscribed by email, text, Atom or RSS feed.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Authentication is federated with an external provider (Auth0 by default) using username / password. Auth0 authenticates username and password and passes JWT token into users browser cookie space. Federation to existing IAM is supported via ADFS in Microsoft AD , for more information see: https://services.cloud.netapp.com/misc/federation-support
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company, LLC
• ISO/IEC 27001 accreditation date: 15/08/2022
• What the ISO/IEC 27001 doesn’t cover: Limited to the information security management system (ISMS) supporting information security in the design, development, provisionng and support. For more information see https://www.netapp.com/esg/trust-center/compliance/iso-27001/; To view certificate login is required please see ; https://trust-center.netapp.com/api/ecm-service/ecm/download/communciationsAndTrust/ECMLP2884236
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC 2 Type II - https://www.netapp.com/esg/trust-center/compliance/soc-2/

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: "ISO/IEC 27001 and ISO/IEC 15408; ; For further information check the below links:; https://security.netapp.com/certs/; https://library-clnt.dmz.netapp.com/info/web/ECMP1138936.html?&access=a
• Information security policies and processes: NetApp uses industry-standard source code control methods (implemented using the (third-party) Perforce product). We use industry-standard bug-tracking methods implemented using a home-grown tool known as BURT. Release Management consists of a closely monitored interaction between these two tools and industry-standard development methods along with source code review and development change control cycles.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: There are a series of documented processes for common or known events. Users can report incidents via phone, chat, email or online. Production events that involve extended outages, security breaches or loss of customer data will qualify for a root cause analysis, including timeline of event, customer impact, direct and root cause of event, and improvements made or planned to prevent recurrence.; Please see https://netapp-security.trustshare.com/home
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: NetApp has a robust product security vulnerability and response handling policy. You can receive reports related to potential security vulnerabilities in NetApp products and services and learn about our standard practices in informing customers of verified vulnerabilities. NetApp follows secure development principles throughout our product development lifecycle. We expand and improve on our secure-development programs on a continuing basis. As a part of our standard procedures, we implement secure design principles, developer training, and extensive testing programs.; For more information please see: https://security.netapp.com/policy/
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: NetApp maintains an Incident Response Plan that outlines the process and timelines for communicating information security incidents externally, including notifying clients if their data may have been breached. The plan takes into account legal, regulatory, and contractual obligations and requirements. The specific procedures and timelines for incident communications may vary depending on the nature of the product or service and its configuration and usage. Clients are advised to refer to their contracts and product documentation for information relevant to their operations. NetApp's Incident Response Plan ensures that incident communications are managed effectively and as per industry best practices. See https://netapp-security.trustshare.com/policies/POL-014
• Incident management type: Supplier-defined controls
• Incident management approach: NetApp maintains an Incident Response Plan that outlines the process and timelines for communicating information security incidents externally, including notifying clients if their data may have been breached. The plan takes into account legal, regulatory, and contractual obligations and requirements. The specific procedures and timelines for incident communications may vary depending on the nature of the product or service and its configuration and usage. Clients are advised to refer to their contracts and product documentation for information relevant to their operations. NetApp's Incident Response Plan ensures that incident communications are managed effectively and as per industry best practices. See https://netapp-security.trustshare.com/policies/POL-014

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  NetApp's hardware and software solutions are designed to help customers achieve their sustainability goals, including reducing their carbon footprint and optimising data management to conserve energy and resources. To support the complete product lifecycle management, NetApp focuses on energy-efficient technologies such as deduplication, compression, and compaction that dramatically reduce product footprint, lowering overall energy costs. Similarly, using larger capacity media also reduces customers’ footprint and can significantly impact the energy required to run their data centre(s). ; ; Our packaging is made from 98% recycled/renewable materials and we use 80 Plus titanium power supplies for our hardware. Our e-waste and product take-back (free for all customers) programs (https://www.netapp.com/company/environmental-certifications/e-waste-management), adherence to environmental directives (https://www.netapp.com/company/environmental-certifications/), and the provision of sustainability tools like the NetApp Sustainability Dashboard (https://docs.netapp.com/us-en/active-iq/BlueXP_sustainability_dashboard_overview.html) and the Product Attribute to Impact Algorithm (PAIA) methodology to calculate product carbon footprint, all demonstrate our commitment to protecting our environment and fighting climate change. ; ; For more information about NetApp’s environmental, social, and governance (ESG) initiatives, refer to the following URL https://www.netapp.com/esg. Our 2023 ESG report can be downloaded at https://www.netapp.com/pdf.html?item=/media/79434-NetApp-esg-report.pdf. Our Social Impact efforts include offering employees up to five days paid time off each year to volunteer at approved non-profit organizations from a global database, many of which benefit the environment. Specifically in the UK this year, a team volunteered at a nature reserve to remove an invasive species and sow wildflowers. ; ; To summarize, our solutions adhere to circular economy principles that emphasize product durability, end-of-life management, recyclability, and environmental responsibility. For additional information on NetApp’s sustainability efforts, refer to the following URLs https://www.netapp.com/esg/sustainability/ and https://www.netapp.com/esg/sustainable-technology/.

  Covid-19 recovery

  2021 ESG NetApp’s response to the global pandemic began in January 2020, months before major steps were taken in much of the world launching Thrive Belonging. From matching COVID-related charitable donations to shifting rapidly to remote work, NetApp has taken a mix of steps to keep our teams and communities safe while also delivering products and services uninterrupted.; At the outset, we assembled a company-wide crisis management team to execute our Business Continuity Plan and prepare to mitigate the impact of COVID-19. We put in place measures requiring most of our global workforce to work from home.; Our leadership monitored and managed the situation to mitigate impact to sales, global supply chains, and support and services.; As pandemic risks recede, we’re shifting to a hybrid workplace, a mix of remote and onsite work that promises to deliver a productive balance of engagement and tailored flexibility for employees.; 2024 in a COVID-19 recovery world NetApp WX introduced Thrive Together, taking steps such as consultancy with an external organisation to take feedback on how we run an approach to being more present in the office by adjusting the office to meet a post COVID-19 world and taking feedback from internal stakeholders including employees and Employee Business Resource Groups.; While retaining hybrid working, all offices are suitable for social distancing and flexibility is available for those wishing to socially distance such as attending during off-peak times or attending meeting remotely.; In the UK a renovation has taken place to adapt our office to a post Covid-19 based of feedback after a return to the office. NetApp offices have washing and hygiene facilities suitable for all members of staff.; Office workspaces that individuals or groups can also work from flexible across the world booked via a service, including a weekly office day in London.

  Tackling economic inequality

  We believe that community engagement has the power to bring positive, measurable change to our communities. Through our social impact programs, NetApp empowers our people to care for our communities and harness the power of data/AI for good—investing in programs and partnerships that support economic equality and community vitality in the communities where we live and work around the world.; Our social impact initiatives fall into three categories: data/AI literacy, equity, and sustainability. While the demand for data/AI skills will only increase in the years ahead, students experience significant racial gaps when it comes to data literacy. Through our Data Explorers program, we help bridge those inequities and prepare students for the jobs of the future.; Our equity programs focus on expanding access to data/AI skills and careers for underrepresented groups, closing the racial and gender gaps in the data science field and creating career paths. Finally, we work to accelerate data/AI solutions to support environmental sustainability, recognizing the urgent need to address environmental risks—and the employment opportunities that will accompany these new solutions. In addition to these NetApp investments, we also support employee community engagement programs that empower employees to support the causes they are most passionate about—including organizations that tackle inequality and create career and economic opportunities for others. NetApp supports those efforts through paid volunteer time off, matching donations, grants tied to employee volunteering, and more.

  Equal opportunity

  NetApp’s work environment is based upon respect for the individual and their particular talents and qualities. We strive to recognize and optimize each employee’s unique differences and individual contributions to foster an environment where everyone has access to equal opportunity and can thrive in their role here at NetApp. NetApp is an equal opportunity employer and makes employment decisions on the basis of merit. We want to have the best available persons in every job. Our policy prohibits unlawful discrimination based on race, color, creed, sex, gender/transgender status, gender identity, gender expression, religion, marital status, age, citizenship status, national origin or ancestry, physical, physiological and mental health condition, medical condition including but not limited to AIDS/HIV, genetic characteristics, pregnancy, sexual orientation, veteran status, or any other consideration made unlawful by federal, state, or local laws. ; This policy includes the prohibition against discrimination against any individual who is perceived to have any of the protected characteristics or is associated with a person who has or is perceived as having any of those characteristics. All such discrimination is unlawful. NetApp adheres to legal requirements by offering reasonable adjustments for individuals with disabilities, enabling them to fulfil their job responsibilities, provided there is no undue hardship. An interactive effort is made to discover and mitigate obstacles, ensuring workplace success. Possible adjustments are identified in collaboration with the person to mitigate any limitations. When an accommodation is feasible and does not cause undue hardship, NetApp will implement it to support an accessible work environment. NetApp is committed to compliance with all applicable laws providing equal employment opportunities. This commitment applies to all persons involved in Company operations and prohibits unlawful discrimination by any NetApp employee.

  Wellbeing

  NetApp are committed to helping employees manage their health and wellbeing. One way we do this is by taking intentional breaks as a company to ensure we come back refreshed and healthy. We have a global Company shutdown at year end (between Christmas & New Year) and three global wellness days during the year to give employees space and time to focus on wellbeing. In addition to this we have a ‘No Meeting Friday’ once per month to allow for uninterrupted focused, productivity time to get work done or to take advantage of the many opportunities NetApp offers for continued career development and growth. We encourage employees not to hold internal meetings (Zoom/Teams, in-person or otherwise) on these days if possible and to use their best judgement for external-facing meetings on these days. NetApp also offers a variety of financial benefits to support financial wellbeing. Employees are eligible for income protection, life assurance and a contributory pension plan. ; ; In the UK, employees have the opportunity to avail of Eyecare tests, dental insurance, private medical insurance and a monthly contribution towards gym membership. Employees also have access to our Employee Assistance Program which supports all aspects of life – physical, financial, emotional and social – through our partnership with Workplace Options, employees can access a variety of resources and confidential support. A Health, Wellbeing & Community Impact team has been set up to creating a supportive environment where we come together to promote physical and mental wellness, foster connections and forge a sense of UK team spirit by connecting employees through health and wellbeing activities and certified ‘mental health first aid’ training.

Pricing

• Price: £0.04 to £0.05 a gigabyte a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: You can backup unlimited capacity for 1-month. Underlying infrastructure costs will apply but the CB license will be free.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.roberts@netapp.com. Tell them what format you need. It will help if you say what assistive technology you use.