Symatrix Ltd

Oracle Cloud Infrastructure (OCI) Implementation

Symatrix implements OCI, enabling the connection of IaaS applications to on-premises applications, third-party applications, data, and processes. Designed for applications requiring high-performance, are business critical removing the need for internal equipment. Hosted in a dedicated area it is only 100% accessible by organisations and those chosen to have access.

Features

• Budgeting and cost analysis
• OCI resource management
• Operating system patches
• Network security and management
• Storage back up management
• Database back up management
• Server provisioning
• Application roadmap management

Benefits

• Managing Oracle credits and spend, reshaping resources
• Maintaining and managing user access to OCI resources
• Maintaining current system patches on servers within OCI
• Maintaining security lists (firewall) and managing resources
• Regular snapshots of data according customer requirements
• Regular backups of databases according to customer requirements
• Creation, configuration and migration of Virtual Machines
• Impact analysis matching Oracle and customer strategy

£0 to £0 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at charles.courquin@symatrix.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

465676572516359

Contact

Charles Courquin
07801977693
charles.courquin@symatrix.com

Service scope

• Service constraints: Connectivity with other clouds like AWS, GCP etc. is limited and is currently supported only for Microsoft Azure on selected region.
• System requirements: No specific requirements

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Depending on SLAs
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: During the implementation and go live, as required
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Symatrix has a full on-boarding process to match the customer's requirements, i.e Infrastructure overview, workforce architecture document, OCI sizing and hardware/software provisioning etc
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Full exit plan document aligning to customers' requirements
• End-of-contract process: According to customer requirements

Using the service

• Web browser interface: Yes
• Using the web interface: Users can access OCI Web Console or Cloud Shell to design, provision, monitor and maintain the cloud services.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Aligning to Oracle testing best practice
• API: Yes
• What users can and can't do using the API: Users can use API to provision, monitor and maintain the cloud services.; Tools like Ansible, Terraform etc. are supported.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
  • Other
• Using the command line interface: Command line interface works with both Windows and Linux.; Users can use Cloud Shell Command Line Interface (CLI) to provision, monitor and maintain the cloud services.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: According to customer requirements and specification i.e load balancing and link aggregation etc
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics: According to customer requirements
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Oracle

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Other
• Other data at rest protection approach: According to Oracle/customers' regulations
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Including files, virtual machines and databases
  • Backing up system configuration
• Backup controls: The users can create custom configurations and schedules to their own requirements.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: According to Oracle's protection policy

Availability and resilience

• Guaranteed availability: 99.995%
• Approach to resilience: Multiple sites with site to site replication
• Outage reporting: There is a public and private dashboard, an API and also email alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Through OCI security lists and rules
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR
• ISO/IEC 27001 accreditation date: 14/11/2013
• What the ISO/IEC 27001 doesn’t cover: Areas outside of Symatrix’ direct control, such as our Clients’ or trading partners’ systems are not encompassed by our ISMS.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials, BACs accreditation
• Information security policies and processes: Security policies and processes are defined within our ISMS procedures, which are reviewed on a monthly basis by the Symatrix Executive committee who have overall responsibility. All employees have to undertake annual mandatory training to ensure they conform to our ISMS procedues and policies.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Any updates and changes to the underlying Oracle infrastructure are agreed through a formal change management process with the client (including the full test approach).
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Threats to the Oracle cloud infrastructure is managed by Oracle itself, who deploy security patches that we would apply. Symatrix also undertakes regular penetration tests and has software installed to detect on-going threats (such as Crowdstrike).
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have three main security Applications deployed to all our machines, webroot, Bitdefender and Crowdstrike. The Crowdstrike offering is actively monitored 24/7 and will alert senior management and the IT Teams if there is an incident which we will act upon as quickly as possible, which is oftentimes immediately. When this results in a potential compromise we move to isolate the machine from our customers and our own network before sanitising it. We also use Connectwise for patching as well as ensuring that software is updated.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have predefined major incident procedure in place, which is annually reviewed. As per the procedure, all incidents have to be logged on the 'Major Incident Register' which is available to all users on SharePoint and follow the procedure until closure. Upon closure we will send the incident report to the customer, which includes root cause analysis and corrective and preventative actions. ; ; Redacted versions of incident reports can be shared with clients and third parties, as necessary.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Oracle
• How shared infrastructure is kept separate: Individual user tenancies.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Our service uses the Oracle datacentres: Oracle state 'Our colocation providers in the UK state alignment with the EU Code of Conduct for Energy Efficient datacentres on their website'.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  Symatrix has recently created an Environmental Social Governance action plan to ensure that we can meet UK and International standards and support our customers as they strive to meet their ESG targets. Our plan is sponsored by a board member and the ESG governance team meets monthly to ensure progress against our objectives are being made. Our current targets are as follows ; ; We will adopt the SBTI targets for SMEs to support client objectives ; ; We will have a target that we will use all major supply chain partners to have 100% commit to Carbon Net Zero (Oracle, Microsoft and Salesforce) ; ; We will complete CDP supplier survey when asked by our clients ; ; A CSG Governance process will be monitored at Monthly Symatrix Exco board ; ; We will commit to using renewable energy at our key office locations of Manchester ; ; We will use environmentally safe and sustainable energy sources to meet our needs and currently operate on a green energy tariff for our Manchester office ; ; We have included environmental issues in as part of all employee mandatory training programmes and encourage the implementation by all company staff of sound environmental practices.

  Covid-19 recovery

  Symatrix operate a sustainable commuting policy. Additionally, we have a service in place via a third party in our Employee Assistance Programme for our people to use if they are struggling in any way with COVID recovery. This is a scheme where all employees have access to a counselling scheme and is available to employees 24 x7. Our customer approach to date has been in ensuring we have maintained operational support and provided flexibility to our clients as they transitioned to remote ways of working during the pandemic and likewise, we continue to provide flexibility in operations as they move to hybrid ways of working in recent months.

  Tackling economic inequality

  Symatrix places great value on training and development. We have been pro-active for a number of years in use of the UK apprenticeship scheme and graduate recruitment. We have a structured development plan to support our colleagues as they gain new skills and help deliver services to our clients. As an Oracle Certified Partner we are able to give all employees access to specialised training, learning and development as well as any crucial soft skills needed in order to be the best in their area of expertise. We run skills training sessions once every 6 months for employees across our customers to provide new capabilities and opportunities for new roles within the organisation. We have published white papers and released blogs into the business community on payroll advice as Government rules around tax changes and continue to do so.

  Equal opportunity

  Symatrix firmly believe in treating people fairly and equally and abide by the discrimination law so that our people are not treated unfairly due to aspects such as sex, ability, age and this is detailed in our employee handbook and recruitment policy. We are committed to providing and promoting equal opportunities. We aim to treat employees and applicants equally regardless of age, disability, gender reassignment, marital or civil partnership status, pregnancy or maternity, race, colour, nationality, ethnic or national origin, religion or belief, sex or sexual orientation (“Protected Characteristics”). We aim to provide equal opportunities and avoid discrimination in all aspects of employment and to ensure that the talent and skills of all individuals are maximised. Our approach applies to recruitment, terms and conditions of employment (including pay), appraisals, promotion, disciplinary and grievance procedures and training. Part-time and fixed-term staff are treated the same as comparable full-time or permanent staff and enjoy no less favourable terms and conditions (pro rata where appropriate), unless different treatment is justified. Everyone has a role to play in ensuring that equal opportunities are provided in accordance with this policy. All managers set an appropriate standard and must proactively promote equal opportunities. We are committed to ensuring that managers understand the importance of equal opportunities and that they have an awareness of best practice in this regard. We will provide appropriate training on equal opportunities relevant to the role of each manager. With regard to disability if employees are disabled or become disabled, we encourage them to tell us about their condition so that appropriate support can be offered. As part of our ESG governance, we are updating our Child labour statement, Human rights policy and prohibition to all forms of modern slavery statement which are being added to our Employee Handbook and recruitment policy.

Pricing

• Price: £0 to £0 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at charles.courquin@symatrix.com. Tell them what format you need. It will help if you say what assistive technology you use.