Insight

Insight - SADA Google Cloud Platform Services

Google Cloud Platform (GCP) is a suite of cloud computing services offered by Google, providing organisations with access to scalable and reliable infrastructure, data storage, machine learning, and application development tools. It enables businesses to build, deploy, and manage applications and services efficiently and securely in the cloud.

Features

• (PaaS): Managed platform, application development, deployment.
• Virtual machines for running applications flexibly
• Container Service: Managed Kubernetes for container orchestration.
• Relational Database: Managed SQL database services, scalable.
• Data Warehousing: Large-scale data analysis, reporting and AI/ML capabilities
• Networking: Scalable, global network infrastructure services.
• Logging and Analysis: Capture, store, analyze log data efficiently.
• Infrastructure and Platform Security: Secure infrastructure, applications, data management.
• Intrusion detection - Planet scale evaluation, monitoring and protection threats
• Object Storage: Scalable storage for data archiving, online access.

Benefits

• (PaaS): Rapid development, deployment, no infrastructure management.
• Flexible scaling, cost-effective, broad OS and software support.
• Container Service: Easy Kubernetes management, portability, automatic scaling.
• Relational Database: High availability, strong consistency, automated backups.
• Data Warehousing: Fast analytics, scalability, integration with machine learning tools.
• Networking: Global reach, private connectivity, highly secure, low latency.
• Logging and Analysis: Real-time monitoring, troubleshooting, operational efficiency.
• Infrastructure and Platform Security: Comprehensive compliance, data protection, secure access.
• Intrusion detection - Planet scale evaluation, monitoring and protection threats
• Object Storage: Unlimited scalability, worldwide access, low-cost archiving.

£0.01 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pstenderteam@insight.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

454175492549060

Contact

Public Sector Tender Team
0344 846 3333
pstenderteam@insight.com

Service scope

• Service constraints: These GCP services generally face constraints related to region-specific availability, varying performance levels depending on configuration, and potential downtime due to maintenance. Support for specific hardware, particularly for older or less common types, might be limited, impacting integration and performance. Additionally, data transfer speeds and costs can vary, and scalability might introduce complexities in management and costs. Security and compliance needs may also dictate particular configurations that could limit service flexibility.; ; To mitigate against these infrastructure constraints, various architectural mitigations can and should always be put in place to meet appropriate requirements for availability, resilience and performance.
• System requirements:
  • GCP users must only have a supported operating system
  • And current version of a web browser to access GCP

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our standard SLAs/SLOs are as follows:; Priority 1 - 15 minute response; Priority 2 - 2 business hours; Priority 3 - 4 business hours; Priority 4 - 8 business hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None
• Onsite support: Onsite support
• Support levels: Support can be provided using customer systems such as Google Meet, Slack or Microsoft Teams as required by the project.; ; Additional information is provided as part of the 'Google Cloud Services - Enterprise support services' submission"; ; SADA's user support services for Google Cloud are outlined in the 'Google Cloud Services - Enterprise support services' submission
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: GCP provides online training (Qwiklabs/Codelabs), Documentation and in console tutorials.; SADA provide in depth onboarding assistance to any new customers, and can also advise on and build best practice foundation / landing zone environments as part of the SADA managed services offering. For more details please see the appropriate submissions.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Google Cloud provides data migration tooling for each service for customers to extract their data at the end of a term
• End-of-contract process: At the end of a contract, any discounts expire and customers pay list price on a monthly rolling basis for each service should they choose not to extend. The majority of services are utility billed by storage volume / hour / utilisation based, although committed use discounts and SKUs are also available which will be billed until the end of the appropriate term.

Using the service

• Web browser interface: Yes
• Using the web interface: Roles determine the actions users can perform. Such that only network users may be permitted to access the GCP Network account, and only security may be permitted to access the Audit Logging account etc.; Typical users would have individual Roles allocated based on job function, and would generally access GCP workload accounts and may be further restricted on what services they can deploy or access within those accounts. ; All access would be determined as part of a Role Based Access Control (RBAC) process.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Please refer to Google Cloud's accessibility documentation available at https://cloud.google.com/docs/accessibility
• API: Yes
• What users can and can't do using the API: Each Service in Google Cloud has its own API. Users can interact with API's through command lines or SDK's provided by Google Cloud. Each API has its own functionality, quota and limitations which is set by Google. Please refer to documentation available at https://cloud.google.com/apis?hl=en
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
• Other API automation tools:
  • Pulumi
  • GCP CDK (Python, typescript, javascript, C# etc)
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: The latest GCP CLI and software SDK is available at:; https://cloud.google.com/sdk/gcloud; Once done the Buyer would then configure the CLI : https://cloud.google.com/sdk/docs/initializing; SADA can provide support on best practice initial configuration and usage including role based access control and security recommendations.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Google Cloud Platform (GCP) ensures users are not affected by others' demand through resource isolation, scalable infrastructure, and load balancing technologies. Each user's environment is isolated to prevent interference. GCP dynamically allocates resources to handle increased load, ensuring consistent performance. Additionally, advanced load balancing distributes traffic across global data centers to manage sudden spikes and maintain service availability. These measures, combined with proactive monitoring and capacity planning, uphold performance standards regardless of fluctuating demands.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics:
  • Latency: Measures the response time of services
  • IOPS: Tracks performance of storage devices
  • Error Rates: Captures the rate of failed requests or operations
  • Read/Write Throughput: Measures data processed by storage or network
  • GPU Utilisation: Monitors the usage and efficiency of GPU resources
  • Billing: Tracks cloud spending and usage for cost management
  • Custom Metrics: Allows creation of user-defined metrics specific to applications
  • Quota: Monitors usage against set quotas to avoid service interruptions
  • Load Balancing: Provides metrics on request handling and distribution efficiency
  • Downtime and Uptime: Records service availability and incident durations
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: SADA

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Encryption: Data is automatically encrypted using AES-256 algorithms.; Key Management: Google manages encryption keys, with options for user management.; Physical Security: Multiple layers of security include biometrics and surveillance.; Access Controls: Strict policies restrict data access to authorised personnel.; Redundancy: Data is stored redundantly across multiple locations for reliability.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • PaaS: Automate backups, use managed version control
  • Compute and Application Hosting: Regular snapshots, image backups of VMs
  • Container Service: Export configurations, snapshot persistent volumes
  • Relational Database: Enable automated, scheduled database backups
  • Data Warehousing: Export data periodically, snapshot storage
  • Networking: Backup network configurations, rules
  • Logging and Analysis: Store logs externally, use durable storage
  • Infrastructure and Platform Security: Backup security policies, configurations
  • Block Storage: Use volume snapshots, replicate across zones
  • Object Storage: Enable versioning, replicate data across regions
• Backup controls: Users control backups in GCP by setting specific policies and schedules via the management console or scripting tools like the Google Cloud SDK. They can configure different backup frequencies, retention periods, and specific data sets for each service. For instance, automated daily backups for databases and weekly snapshots for virtual machine instances are possible. Additionally, users can utilise services like Cloud Scheduler to automate backup tasks at customised intervals, ensuring flexibility and adherence to unique business needs and compliance requirements.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Dedicated bonded WAN connection
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Encryption: Data is encrypted at rest and in transit within Google's network.; ; Network Segmentation and Firewalls: Google's network is tightly segmented with strong firewall protections to control data flows and prevent unauthorised access.; ; Access Controls: Strict access controls ensure only authorised personnel access data, using the principle of least privilege.; ; Monitoring and Logging: Continuous monitoring and sophisticated anomaly detection are used to detect security threats.; ; Physical Security: Google data centers employ multiple security measures including biometrics and perimeter fencing.; ; Redundancy and Resilience: Data is replicated across multiple geographic locations for resilience and data availability.

Availability and resilience

• Guaranteed availability: Google Cloud Platform (GCP) offers service level agreements (SLAs) for its various services, which typically guarantee a certain level of uptime and service availability. If these commitments are not met, customers are often eligible for credits against their service usage. The SLAs detail the performance you can expect from each service and outline the remedies if Google fails to meet these performance levels.; ; For detailed and specific information on the SLAs for various Google Cloud services, you can view them directly on Google's official documentation. Here's a link to access all Google Cloud Platform SLAs: Google Cloud SLAs.; ; https://cloud.google.com/terms/sla/
• Approach to resilience: Global Infrastructure: GCP operates a vast network of data centers globally, distributed across multiple geographic regions and zones. This geographic distribution allows for redundancy and failover, minimising the impact of local failures.; ; Redundancy: Services and data are redundantly stored across multiple physical locations within each region to protect against data loss and service interruptions.; ; Fault Tolerant Design: GCP's services are built to be fault tolerant, often with no single point of failure. This design includes automatic and transparent failover to minimise downtime.; ; Live Migration of VMs: Compute Engine offers live migration of Virtual Machines, which helps in maintaining service continuity during maintenance and upgrades without disrupting the running instances.; ; Data Replication: Critical data is automatically replicated, both within the same region and across multiple regions, to ensure data durability and availability.; ; Disaster Recovery: GCP provides robust disaster recovery solutions that allow for quick recovery of applications and data with minimal downtime, tailored to varying business needs.
• Outage reporting: Google Cloud Status Dashboard: This online dashboard is updated in real-time and provides the current status of various GCP services. It includes detailed reports on incidents, their impact, ongoing updates, and the resolution status.; ; Email Notifications: Users can subscribe to receive email alerts for incidents affecting the services they use. These notifications provide updates as the situation progresses from detection to resolution.; ; RSS Feeds: The Google Cloud Status Dashboard offers RSS feeds that users can subscribe to for automatic updates in their RSS reader applications.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: N/A
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: MSECB
• ISO/IEC 27001 accreditation date: 06/24/2022
• What the ISO/IEC 27001 doesn’t cover: Backoffice functions, including finance and sales.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC 2 Type 2 Audit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The purpose of the Information Security Policy and Objectives document is to provide an executive level directive to the organisation to establish, maintain and continually improve the Information Security Management System. A fully functioning and effective Information Security Program enables SADA to innovate and build its business while simultaneously protecting critical assets. SADA’s Information Security Program reinforces the Trust and Good Will created with stakeholders including employees, contractors, partners, prospective and current customers, and the general public. The Information Security Program builds a framework for SADA to remain compliant with the various Privacy and Security Regulations affecting its operations as well as requirements included in Customer and Partner contracts.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: "Identification and Recording: Thorough identification and documentation of proposed changes.; Planning and Review: Comprehensive planning for the change and review by appropriate parties.; Impact Assessment: Meticulous evaluation of potential consequences on information security and any dependencies.; Authorisation: Formal approval of changes by designated personnel.; Testing: Rigorous testing of changes in a controlled environment before implementation.; Implementation: Careful and controlled implementation of the authorised change.; Documentation and Communication: Accurate logging and records of the change process, alongside clear communication with affected stakeholders.; Emergency Changes: Defined procedures for immediate changes necessitated by security incidents or urgent needs.; Review and Evaluation
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Identifying vulnerabilities: In systems, software, applications, networks, and processes that could be exploited by threats.; Evaluating risk: Analyze the potential impact and likelihood of those vulnerabilities being exploited.; Mitigating vulnerabilities: Take actions to reduce the risk posed by vulnerabilities through remediation activities like patching, reconfigurations, or compensating controls.; Monitoring: Continuously observe systems for new or resurfacing vulnerabilities.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Vulnerability Management : scanning for technical vulnerabilities, up-to-date with vendor patches and assessing exploitability risks.; Threat Intelligence: Tracking emerging threats and attack patterns; Security Monitoring: Implementing SIEM to detect anomalous activity, intrusion attempts, or signs of exfiltration; Awareness and Reporting: Train employees to recognise suspicious behaviour, social engineering attempts, potential security compromises. ; Penetration Testing : Conduct periodic simulated attacks to identify vulnerabilities; Incident Response: Develop and test escalation procedures, and communication protocols.; Incident Response : Define steps for containing breaches, collecting evidence, eradicating the threat, and recovering systems.; Forensics and Analysis : conduct root cause analysis to identify vulnerabilities
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: This incident response plan describes the actions that SADA employees are to follow after a security incident. A security incident is any unauthorised computer, application, data access and/or use of such systems in violation of SADA’s acceptable use policy. A security incident may originate from, be directed towards, or transit SADA controlled computer or network resources. Examples of reportable security incidents include suspected virus or worm infections, local account compromise, application or computer performance degradation, presence of unexpected programs or files and/or unexpected application response. ; ; security issues must be reported by either calling SADA IT Ops at 818.208.1603

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: Google uses a custom built virtualisation technology based on, but heavily customised, KVM
• How shared infrastructure is kept separate: Different organisations sharing the same infrastructure on Google Cloud Platform (GCP) are kept apart through robust isolation mechanisms. These include virtualisation technology, software-defined networking, and strict access controls. Each organisation's resources are logically separated, ensuring that they cannot access each other's data or interfere with each other's operations. Additionally, GCP employs encryption, authentication, and authorisation protocols to enforce security boundaries and protect the privacy and integrity of each organisation's data and workloads.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Please refer to the Google Cloud sustainability overview and statements via the following link: https://cloud.google.com/sustainability/region-carbon

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  SADA uses Saas technologies in the cloud to reduce the need for hardware and energy dependent servers. This cuts down on energy use throughout the company and reduces our carbon footprint.; As an Insight company, we are committed to reducing its impact on the environment. We strive to lessen our environmental impact over time and to initiate projects and activities that will reduce our impacts on the environment.; Insight supports the UN’s 17 Sustainable Development Goals (SDGs). Since its inception in 2015, governments and international and local organisations have taken innovative steps to support the SDG charter, which recognises “that ending poverty and other deprivations must go hand-in-hand with strategies that improve health and education, reduce inequality and spur economic growth — all while tackling climate change and working to preserve our oceans and forests.” We strive to implement our own good practices with how we establish greater harmony within our workplace, along with our collaboration with our partners and clients.

  Covid-19 recovery

  SADA transitioned to a remote workforce during the pandemic and have continued this practice as an effective means to hire global talent. SADA is a SaaS company and has increased our productivity or customer outcomes by offering flexible scheduling and work/life balance to meet employee and customer needs. The software and collaboration tools used by all SADAians which increases communication and working productively in all regions.

  Tackling economic inequality

  SADA invests in education and skills development by offering training to support employees on personal & professional development. We further offer learning opportunities on DEI throughout the year including Understanding Unconscious Bias, Building Resilience, Inclusive Leadership, and #IamRemarkable (a Google initiative). SADA also provides LinkedIn Learning to all employees so they can deepen their knowledge and explore any other personal or professional topics of interest.; ; Diversity and inclusion play a key role in SADA’s company culture-we strive for a workplace where SADAians can bring their whole self to work and employees feel represented and heard. DEI is not a one time thing or a check off on a checklist-- it is a systematic effort that we are committed to enacting at every stage of the company from talent acquisition to onboarding processes to career pathing to internal communications, benefits, and more. There are countless efforts we have put forth to continue to foster this culture, including partnerships with job boards or conferences focused on supporting historically underrepresented groups, bringing in speakers for seminars and training around bias and inclusion, and empowering our own Employee Resource Groups such as SADA Sexuality and Gender Alliance, Women of SADA, and SPONK (SADA Parents of Neurodiverse Kids).

  Equal opportunity

  SADA is an equal opportunity employer and accept our responsibility to make employment decisions without regard to an individual's age (40 and over); ancestry; national origin; citizenship; race; color; marital or parental status; political affiliation; pregnancy and perceived pregnancy (including breastfeeding or medical conditions related to breastfeeding); religion (including religious dress practices and religious grooming practices); sex; sexual orientation; gender (including perceived sex / gender, gender identity and gender expression; LGBTQ+); an individual's reproductive health decisions which includes, but isn't limited to, a decision to use or access a particular drug, device, product, or medical service for reproductive health; military or veterans' status; registered domestic partner status; genetic information or characteristics (with respect to the applicant, team member, or a family member); physical or mental disability (including intellectual disabilities); medical condition unrelated to the person's ability to perform the job, or the perception that a person is associated with a person who has or is perceived to have any of these characteristics; or any other basis protected by law, ordinance, or regulation. ; ; SADA is committed to developing a rich culture, a diverse workforce and a healthy work environment in which every employee is treated fairly, is respected and has the opportunity to contribute to the success of the company, while having the opportunity to achieve their full potential as individuals.

  Wellbeing

  At SADA, we truly value our people and recognise that the wellbeing of an individual speaks to the lasting health and success of the company as a whole. As such, we take special care to maintain a culture that speaks directly to employees’ needs-- promoting connectedness and community, stressing the importance of physical and mental health, and creating a safe, inclusive workplace. We began sending out monthly surveys to gauge the pulse of our employees- some of whom had never worked remotely before. We tracked and reviewed the results, using data directly from employees to innovate our virtual team events, write blogs on solutions to common issues, and provide requests like standing desks for new home offices. To counteract these issues, SADA has implemented multiple initiatives to keep the community engaged, connected, and most importantly-- healthy.; SADAian Employee Assistance Program (EAP) - The SADAian Employee Assistance Program provides support & guidance for matters that range from personal issues you might be facing to providing information on everyday topics that affect your life. Support topics range from general mental health counselling, education, dependent care & caregiving, legal & financial, work life balance, and lifestyle & fitness management. SADAians have unlimited access to phone counselling and a free initial 30 minute phone consultation for legal and financial matters.

Pricing

• Price: £0.01 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: New organisations signing up to Google Cloud can be offered trial credits for the platform as a whole, and additional trial terms are available for certain products.
• Link to free trial: https://cloud.google.com/free/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pstenderteam@insight.com. Tell them what format you need. It will help if you say what assistive technology you use.