Nimbus Digital Technology Innovations Ltd

Cloud Hosting & Support Services

Nimbus can provide Cloud Hosting & Support Services to meet your needs. Using our Nimbus Cloud Automation Pipelines (NCAP) for Azure, we can quickly provision your Enterprise-scale Landing Zone architecture ready to support the migration of your existing workloads or provide new cloud ready workloads using policy-driven Infrastructure as Code.

Features

• 1 Identity: Azure Active Directory Services, Active Directory Domain Services
• Networks: V-Nets, Sub-Nets, Security Groups, Routing, Peering and WAN
• Infrastructure: Virtual Machines (VMs), Storage, Web Applications, Containers
• Backup: Azure Backup, Azure Automation and Runbooks
• Archiving: Strategy and Implementation using Azure native technologies
• Recovery: Azure Site Recovery
• Maintenance: Automated patching and upgrading using Azure Automation
• Monitoring: Operational and Security monitoring using Azure Monitor
• Financial: Billing API integration with Power BI dashboards
• Service Management: managing your Tenants, Subscriptions, Accounts and Departments

Benefits

• Reduce CAPEX costs, no up font investment required
• Manage OPEX costs, only paying for what you need
• Increase organisational efficiency with automated deployments and 24x7x365 support
• Improved support with low costs, 24x7x365 UK-based support available
• Improved business intelligence with managed service billing
• Improved security applied through industry standards
• Improved scalability and flexibility without changing your applications
• Improved resilience and reliability, ensuring your service remains online
• Cost-effective backup and disaster recovery features out-of-the-box
• Ensure interoperability using open standards and Internet protocols

£23.70 to £3,755.06 a virtual machine a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at adam.blair@nimbusdti.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

433062116058257

Contact

Adam Blair
07851321066
adam.blair@nimbusdti.co.uk

Service scope

• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Service Hours: 08:00- 18:00 Monday to Friday, excluding UK Public Holidays.; ; Service Availability: Standard 95.7%, Enhanced 99.7%, Premium 99.9%; ; SLA: Standard Response Target: P1–2 hrs, P2–4 hrs, P3–8 hrs, P4–1 b’day; ; SLA: Standard Resolution Target: P1–12 hrs, P2–24 hrs, P3–5 b’days, P4–10 b’days; ; SLA: Enhanced Response Target: P1–1 hrs, P2–2 hrs, P3–4 hrs, P4–1 b’day; ; SLA: Enhanced Resolution Target: P1–8 hrs, P2–16 hrs, P3–5 b’days, P4–10 b’days; ; SLA: Premium Response Target: P2 –1 hrs, P2–2 hrs, P3–4 hrs, P4–1 b’day; ; SLA: Premium Resolution Target: P1–4 hrs, P2–8 hrs, P3–5 b’days, P4–10 b’days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: N/A
• Onsite support: Onsite support
• Support levels: Service Hours: 08:00- 18:00 Monday to Friday, excluding UK Public Holidays.; ; Service Availability: Standard 95.7%, Enhanced 99.7%, Premium 99.9%; ; SLA: Standard Response Target: P1–2 hrs, P2–4 hrs, P3–8 hrs, P4–1 b’day; ; SLA: Standard Resolution Target: P1–12 hrs, P2–24 hrs, P3–5 b’days, P4–10 b’days; ; SLA: Enhanced Response Target: P1–1 hrs, P2–2 hrs, P3–4 hrs, P4–1 b’day; ; SLA: Enhanced Resolution Target: P1–8 hrs, P2–16 hrs, P3–5 b’days, P4–10 b’days; ; SLA: Premium Response Target: P2 –1 hrs, P2–2 hrs, P3–4 hrs, P4–1 b’day; ; SLA: Premium Resolution Target: P1–4 hrs, P2–8 hrs, P3–5 b’days, P4–10 b’days
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We tailor our on-boarding services in line with our customer requirements. This can be either provided using our standard predefined services or by providing custom services. Further information is available on request.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: We agree exit terms and processes at the time of contracting. The exact format turnaround and processes related to data extraction is determined at this point. Further information is available on request.
• End-of-contract process: End of contract scenarios are agreed in advance and either tailored to customer requirements or we can provide a standard, predefined solution, based on ITIL v3 processes and guidelines. Additional costs are determined on a case by case basis, dependent on size and complexities of activities. Further information is available on request.

Using the service

• Web browser interface: Yes
• Using the web interface: User can login via the self-service portal to raise incidents and track progress. User with the right privileges can escalate and prioritise incidents.
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: None
• API: Yes
• What users can and can't do using the API: The API is used to enable integration with our customers ITIL Toolset.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
• Other API automation tools: Microsoft AzureDevOps
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
• Using the command line interface: The command-line interface is used to enable integration with our customers ITIL Toolset.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: We leverage Microsoft online services, which in turn utilise various cloud-scale techniques and technologies, to ensure multi-tenant services are not affected by peak usage. Further information is available on request.
• Usage notifications: Yes
• Usage reporting: API

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft, AWS, Google

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• Backup controls: Users have full control over the frequency and restoration of back ups and automation related to them.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Basic Support: 99.5%.; ; Standard Support 99.7%.; ; Premium Support 99.9%.
• Approach to resilience: Microsoft Azure provides a number of features to ensure resilience. Further information is available on request.
• Outage reporting: Outages can be communicated by multiple methods including Dashboards, accessible via APIs, email alerts and via phone.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Our services implement role based access control, determined by the customer on a case by case basis.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We work to industry and specifically Microsoft standards for all security related standards. Our solutions leverage Microsoft Cloud Services which in term comply to ISO/IEC 27001 and CSA CCM v3.0
• Information security policies and processes: We have an Information Security Policy which is available on request. We have rigorous induction and training methods which ensure policies are followed. Reporting Structure is also available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We align our configuration and change management processes, including component life cycle tracking and security impact assessments, according to the ITIL v3 Framework Guidelines.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Potential threats are monitored through multiple sources, including external repositories and vendor feeds proactively according to internally defined processes. Assessment of patches, hot fixes updates and associated deployment guidelines are dictated by severity, client requirements and/ or vendor recommendations.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We use various tools, technologies and techniques in order to identify potential compromises and respond on a case by case basis, based on the nature, complexity and severity. We offer various levels of response times, depending on Service Level Agreements. Further information is available upon request.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident reporting frequency and format is agreed with the customer on a case by case basis. Users can report incidents via multiple channels including telephone, dashboards and email. We have predefined processes for common events and leverage the guidelines defined by the ITIL v3 Framework.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Microsoft
• How shared infrastructure is kept separate: Microsoft Azure uses various technologies to isolate consumers the main boundary is defined by the organisation subscription(s).

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: We have no physical data centres, all hosting is done on Microsoft Azure platform. All Microsoft data centres used adhere to the EU code of Conduct for Energy Efficiency.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We take pride in our effective stewardship of the environment and our contributions towards achieving the UK Government's 2050 mandate to become net zero. ; ; We measure our environmental impact by completing and publishing our annual Carbon Reduction Plan, which measures the business's emissions in line with The Greenhouse Gas Protocol guidance. Our latest published plan can be viewed on our website.; ; By publishing this plan, we are pleased that, as a business, we are beating the 2050 target and are now considering introducing a new target of 2035.; ; Within Nimbus, we champion environmental sustainability and have an internal "Green Champions Team" coordinating our sustainability strategy. They work with our management team, staff, and suppliers to reduce carbon emissions across our business operations by identifying areas of sustainability in which the business can improve. Examples of measures we have already implemented to reduce our environmental impact are:; •Changing working practices from an office-based working culture to a hybrid model.; •Car sharing when travelling to either our office or our customers' sites.; •Policies preferencing public transport over using our vehicles, and where this cannot be avoided, signing up for fuel apps that plan the most eco-friendly route and signing up to garage carbon offsetting schemes when re-fuelling. ; •The introduction of the Cycle to Work scheme.; •The Electric Car Lease scheme is introduced to encourage staff to move to electric vehicles.; •Introducing a Tree Planting scheme to enable staff to offset their carbon emissions.; •Switching to a renewable energy supplier for our offices.; We are constantly working to develop our sustainability reporting and performance measurements as we cement further our commitment to being a force for good in the world of work.

  Covid-19 recovery

  We continue to be committed to supporting people and communities to recover from the impacts of Covid-19. ; ; We have engaged with local charities to understand the issues people have in local communities recovering from the pandemic. Company donations of supplies, including stationery have been made to help people in need return to employment, as well as regular donations to the local food bank to support those affected by the pandemic.; ; We are constantly looking at implementing improvements in our work conditions. Post-pandemic, we have adapted our working model, moving to a hybrid model that allows staff more flexibility in how and where they work while still delivering the best service to our customers. We also offer flexitime working hours to staff where possible.; ; Due to the effect COVID-19 had on mental health and wellbeing, we have invested in our workforce's wellbeing and mental health. We have upgraded our Health Care Benefit for staff, which now allows instant access to wellbeing resources, materials, and counsellors, and we are looking to implement a staff benefits platform that champions wellbeing in the near future.; ; To increase return-to-work opportunities for those left unemployed by the pandemic, we have improved our recruitment processes, advertising job opportunities through accessible platforms and collaborating with local recruitment partners. We offer work experience and apprenticeship roles, and our HR team is developing a strategy to offer traineeships and placement opportunities to enhance our return-to-work opportunities further. ; ; Our management team meets regularly to review our strategy in relation to our COVID-19 recovery, providing a steady flow of innovative initiatives.

  Tackling economic inequality

  As an equal opportunity employer, we are committed to promoting equal career opportunities for all employees regardless of social identity.; ; Our ethos directly addresses the digital skills gap in the United Kingdom and the rest of the world. We are confident our policies and measured approach counteract inequality within our workforce and bridge the pay and skill gap within the industry, which is reflected in our operations.; ; We continue to tackle inequalities via our Equality, Diversity & Inclusion Policy and various company policies and initiatives. Examples of recently implemented initiatives are listed below:; •Locally targeted recruitment campaigns tailored to each customer ensure we provide employment opportunities to local communities.; •Improving our accessible and inclusive recruitment practices, proactively encouraging engagement with candidates from underrepresented groups.; •Offering work experience placements, apprenticeships, postgraduate employment, and full and part-time contracts, fully supporting people's development at all career and life stages.; •Creating an inclusive working culture, promoting career progression from within by developing individual career paths for staff. ; •We use the defence employer recognition scheme to support and inspire other organisations to recruit veterans into civilian roles within the ICT sector and have several veterans working for us across multiple public sector contracts.

  Equal opportunity

  We ensure that our current workforce and any future employees or associates are part of a fully inclusive and diverse enterprise that bridges the gender, race, and disability pay gap with equal pay based on merit, SFIA level or the individual's role.; ; As well as holding a tier 2 VISA sponsorship license for overseas workers, our recruitment processes have been tailored to support our ambition to have a diverse and inclusive workforce, including:; •Gender-neutral wording, considering all pronouns for role profiles and recruitment campaigns.; •Anonymised CV sifting for candidate interview selection.; •Structured, consistent, and accommodating interview processes allow individuals to demonstrate their best skills and experience for the roles.; •Skills assessments to measure competencies applied during the recruitment process.; •Recruitment campaigns are tailored and targeted to improve diversity.; •Offering work experience placements, apprenticeships, postgraduate employment, and full and part-time contracts, fully supporting people's development at all career and life stages.; ; Our Employment policies have been tailored to support diversity and inclusivity, including:; •Robust equality policies – including proportionately representing the diverse communities we operate in, equal pay with regular audits to ensure compliance & fairness and anonymised whistleblowing.; •Significantly above market average for paternity and maternity leave with a focus on retention.; •Supporting and promoting flexible, hybrid and remote working.; •Providing health care packages – including counselling and mental health support.; ; We provide annual diversity and inclusion training to ensure all staff members can actively support inclusivity and diversity and are aware of current trends and issues.

  Wellbeing

  We are proactively investing in the wellbeing of our workforce and beyond into our wider communities by applying a holistic and human approach to our endeavours.; ; We regularly benchmark our salary and benefits packages to ensure that our workforce is remunerated relatively and that our financial packages are aligned with industry standards. We couple this with an extensive benefits package, which includes access to a Company Pension Scheme, Private Healthcare, Death in Service Insurance, an Electric Car scheme, a Holiday Purchase Scheme, and a Flexi-time Scheme (customer dependent). ; ; In the past year, we have partnered with our Private Healthcare provider to upgrade our wellbeing offering, allowing employees instant access to confidential mental health advisors and counsellors.; ; Our managers undergo physical and mental health first aid training, allowing them to provide first-line support to our workforce. They are backed up by our trained HR Team, who are on-hand for any further support. ; ; Our wellbeing strategy is constantly being reviewed and updated. In the following year, we will implement a staff benefits platform including fitness, nutrition, and further health initiatives to enhance our Wellbeing offering. ; ; Public sector buyers are expected to request clarifications on Social Value and/or the information you provide as part of the G-Cloud buying process.; ; Buyers could use your response as part of their desktop Most Economically Advantageous Tender-based evaluation criteria.

Pricing

• Price: £23.70 to £3,755.06 a virtual machine a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at adam.blair@nimbusdti.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.