GCI Network Solutions Ltd

Managed Service for SD WAN by Nasstar

The Nasstar SD-WAN CPE supports ethernet WAN port connectivity, so all physical WAN connections must be terminated and presented with an Ethernet presentation, such as RJ45 or Fibre SFP, as part of the underlying WAN connectivity service. The SD-WAN CPE also supports mobile wireless technology (3G/4G) as a medium.

Features

• Managed Service
• 24/7 monitoring
• Flexible and dedicated bandwidth
• Safe and Secure access
• Fast, secure data transfer to public cloud
• Protects business continuity
• Slicker operations and improved customer experience

Benefits

• Reduces complexity
• Improves lead time to adopting cloud services
• Reduces risk
• Reduces operational costs
• Improves performance of cloud services
• Increases productivity
• Improves resiliency

£21.27 a device

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@nasstar.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

468519278288161

Contact

Roy Rodford
03450030000
tenders@nasstar.com

Service scope

• Service constraints: Customers need connectivity into Nasstar core.
• System requirements: Internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 15 minute response time
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Nasstar provides reasonable endeavours to achieve maximum service availability as standard for Managed Services. This is underpinned by a 24 hour service desk with a 5 hour fix time for all service affecting faults. In the unlikely event that we are not to meet our service commitments then service credits are available.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: As this service is a fully managed end-to-end cloud access solution, there are no training requirements to address. That being said, Nasstar can provide expertise in optimising the Cloud deployment as an additional service.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
• End-of-contract data extraction: The Service provides Data Transit only, therefore no Data is stored that would require extraction at the end of contract.
• End-of-contract process: Off-boarding is carried out by our Service Management team and transition, termination and service closure can be determined upon request.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: It is a cloud hosted voice solution that is hosted in multiple datacentres with resilient access.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.99%
• Approach to resilience: The Nasstar Business Continuity plan details the process that Nasstar follows in the case of an outage, from detection to resolution. Nasstar aligns its process with AWS’s three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximising the effectiveness of the recovery and reconstitution efforts and minimising system outage time due to errors and omissions.; ; AWS, for example, maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.; ; Nasstar is responsible for implementing contingency planning, training and testing for the solution. Nasstar has implemented a robust continuity plan, including the utilisation of frequent server instance back-ups, data redundancy replication, and the flexibility to place instances and store data across multiple Availability Zones.
• Outage reporting: Email alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: The measures implemented in order to manage and restrict access can be divided into six sub-categories: 1) Physical Access Control; 2) Logical Access Control; 3) Access Administration; 4) Authentication and Authorisation; 5) Data Access Control; 6) Data Transfer.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: United Registrar of Systems
• ISO/IEC 27001 accreditation date: 14/06/2021
• What the ISO/IEC 27001 doesn’t cover: The Registered Scope is as follows: Information security management system for the delivery of communications and associated technologies, products and services provided by the Group.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: NCC Group
• PCI DSS accreditation date: 14/05/2021
• What the PCI DSS doesn’t cover: Our certification covers requirements 9 &12 for our Reading and Global Switch data centres and our HMRC Autopayments service. PCI DSS compliance is designed, built and assessed on a service by service basis. Nasstar is experienced in providing consultancy to help customers to design and deliver PCI DSS compliant solutions on cloud platforms.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO27018
  • PSN
  • ISO20000
  • ISO27017
  • CISPE Code of Conduct Certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Nasstar's approach to Security forms part of our overall Integrated Business Systems Management scheme. The Company Secretary is responsible at Board level for Information Security and ensuring that our ISO/IEC 27001 accreditation is maintained and enforced.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Conforms to ISO20000-1, ISO27001 and SSAE-18.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Conforms to SSAE18 and ISO27001.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Conforms to ISO27001.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Conforms to SSAE18, ISO20000-1 & ISO27001

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Each organisation is set up using an independent virtual circuit

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Comply via BCS recommendations.

Social Value

• Fighting climate change:

  Fighting climate change

  "Nasstar is committed to creating innovative Technology with a positive impact. From March 2020 – 2021 we delivered 323,582 virtual consultations, significantly reducing travel emissions and admin that comes alongside this. We encourage the adoption of Microsoft Teams, making remote-first working the norm. We actively promote Cloud-based software – serverless software that ensures less heat and noise pollution.; ; Nasstar encourages re-use and recycle programmes, we ensure all equipment is fixed, re-used or ethically recycled, ensuring longer-lasting technology amongst our people.; ; Nasstar also promotes Greener Offices, including paperless working, LED lighting, energy-efficient computer savings, no single-use plastics.; ; In reducing our Environmental impact, Nasstar is committed to becoming Net Zero in accordance with UK Government guidelines.; ; Working from home is actively encouraged across our employee base.; ; We maintain a formal Environmental Policy and operate an Environmental Management System (EMS) aligned to the ISO14001 - and compliant with SECR (Streamlined Energy Carbon Reporting) and ESOS (Energy Savings Optimisation Scheme). Based on our EMS policy we routinely fulfil the key aims within the social value agenda (MAC 4.2- Influence environmental protection and improvement). As part of our Social Value Commitment, this product offering will also be integrated into the company's Continuous Improvement Plan and will be scrutinised to identify, monitor, measure and achieve the MAC 4.2 measures. We are targeting a further reduction in emissions of greenhouse gases arising from the performance of the company, measured in metric tonnes carbon dioxide equivalents (MTCDE), by at least 2.5% during the life of this contract. In addition, our EMS governs our approach to the way we continue to mandate staff, suppliers, customers and communities in this regard - and we monitor performance on supporting environmental protection and continuous improvement."
• Covid-19 recovery:

  Covid-19 recovery

  "As a remote working solutions communications provider, Nasstar has assisted customers in enabling thousands of employees to operate safely, securely and reliably from their home premises during COVID-19 lockdowns. Furthermore, we have continued to advise and enable thousands of end-users to adopt a hybrid model of work, taking advantage of both COVID-secure office workspaces and the benefits of remote operations.; ; We have evolved our hybrid working policy to improve conditions and productivity for our own employees. Our policy continues to guide the minimising of transmission by managing attendance in physical office spaces. Our office spaces provide assurance that Nasstar has put in place specific measures to mitigate the transmission of COVID-19 in accordance with government guidelines and continue to implement social distancing arrangements, improved sanitising/cleaning of workspaces and have included strict testing regimes to ensure the risk of spreading infection was well mitigated.; ; Within our workforce we are committed to protecting the most vulnerable from COVID-19, with support to both those who are personally shielding and those whose family members/close contacts require shielding. Enhanced sick pay and flexibility for care arrangements enable our team to deal with some of the practical challenges COVID-19 present and continue to pose to us all, without undue fear of financial penalty or other restrictive situations. Employees have access to mental health first aiders and an Employee Assistance Programme, to further reduce reliance on public services"
• Tackling economic inequality:

  Tackling economic inequality

  "To positively influence economic equality, we firstly ensure we deliver quality services to a growing customer base. This puts us in a strong position to grow our employee base, extending opportunities and enhancing economic equality through job creation and additional training opportunities. ; ; We take an active interest in our customer’s end customer and local community, seeking to help add value where we can. We are able to share value beyond the contract’s prescribed services by offering our technical/commercial insights through lectures, talks, webinars, roundtables etc to the community. In particular, members of Nasstar are able and experienced in running community education sessions on topics ranging from career guidance to technology-specific workshops including IT adoption/education.; ; We are keen to support early career development and access within the IT/Telecoms space and utilise apprenticeships, work placements, internships and graduate opportunities in order to encourage future growth within the industry.; ; We can partner locally to do this by:; • Linking with local schools and colleges to enable interested young people to attend our sites and undertake work experience either in our offices or by shadowing technical field staff. ; ; • Offering graduate/internship opportunities to local university students to experience technical projects, enabling them to put theory into practice and to gain vital work experience to gain permanent positions post-graduation.; ; • Providing apprenticeship opportunities, both administrative and technical and at varying entry skill/experience levels.; ; • Undertaking to increase these placements when large contracts are won, aligned to the public sector social value guidelines, in order to share and improve our social contribution to local communities.; ; In contrast to an industry where profit maximisation is traditionally motive (the private obligation), Nasstar believes that driving and fulfilling social value (the public obligation) is an integral part of any modern contractual relationship."
• Equal opportunity:

  Equal opportunity

  "Nasstar actively promotes a culture of fair and equal treatment. Our ethos values people’s differences and how they help everyone achieve more at work as well as in their personal lives. Our desire is to operate a business every person in society can feel proud to be an important part of. We are committed to providing a working environment that is responsive to different cultures and groups, where everyone has an equal chance to succeed and in which all employees are treated with respect and dignity.; ; In 2021, Nasstar sponsored the ‘Agile Angel’ category at the DevelopHER awards. The DevelopHER awards are designed to raise the profile of women in technology, creating role models to inspire the next generation to become developers, technicians, project managers, testers and digital experts. Organised by SyncDevelopHER, the awards aim to promote gender equality in the technology industry through celebrating success.; ; In 2022 we are committed to implementing a variety of pledges and covenants that demonstrate our objective of widening opportunity and representation in our business. These include the Disability Confident Scheme, Mental Health at Work Commitment, Armed Forces Covenant and the Equality and Human Rights Commission’s Working Forward community.; ; In 2022 we are seeking to expand representation across our business by adding recruitment advertising in equal opportunities-specific resources such as Women in Technology.; ; Our aim is to employ and retain individuals who embrace our inclusive culture, positive work ethic and have enthusiasm to join Nasstar on our journey of growth. Our goal is to create a workforce of the future within our sector, full of a genuine cross-section of society and all protected characteristics."
• Wellbeing:

  Wellbeing

  "Nasstar’s Wellbeing policies are aligned to the UK Government’s Good Work Plan (satisfaction, fair pay, participation and progression, well-being, safety and security, voice and autonomy). We believe these work together to provide a healthy and engaging work environment. A selection of relevant commitments/policy positions are provided below:; ; • Our Health and Safety, Stress Management and Mental Health strategies include giving access to an Employee Assistance Programme, and in having trained Mental Health First Aiders who run a virtual community where employees are able to discuss any concerns with a trained individual. We proactively promote this, to demonstrate there is no stigma in our business around this subject.; ; • We believe in providing a working environment where our people can do their best work and feel positive about the contribution they make to our success. We implement multiple initiatives that help provide a motivating workplace including regular performance reviews, setting/achieving personal objectives and being recognised by managers for delivering good work. ; ; • Our Personal Development and Training Policy and Procedure outlines our commitment to providing job and career development for all employees, including opportunity to have a Personal Development Plan (PDP) and access to external courses/training.; ; • We provide our team with opportunity to give back to their communities, recognising the importance of personal interests in and recognising wider ethical causes in supporting the wellbeing of our team and local communities. This includes an annual charity elected by employees for donations and sponsorship events and donations of volunteer days for employees to be able to contribute working hours to worthy community / charitable causes.; ; • We provide awareness training for our managers on a variety of topics that help to develop a motivating and safe environment where all employees can thrive and succeed."

Pricing

• Price: £21.27 a device
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@nasstar.com. Tell them what format you need. It will help if you say what assistive technology you use.