Installation Technology Limited

NaaS - 4G, 5G & Private Networks - Service Definition

Design, delivery and ongoing management of 4G, 5G and Private Networks as a Service providing an essential part of a Cloud or hybrid Cloud Solution.

Features

• Highly Secure
• High Availability
• Low latency
• Gigabit Passive Optical Networking (GPON)
• Ubiquitous Coverage
• All major manufacturers supported
• Highly scalable
• Quality of Service (QoS)
• High Bandwidth

Benefits

• Cost Effective
• Peace of mind reliability
• Good value for money
• Installed with the minimum of disruption to your business
• Enhanced Productivity
• Better Collaboration
• Competitive advantage
• Increased efficiency

£425 to £995 an instance a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephen.barney@installationtechnology.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

477234953399855

Contact

Stephen Barney
+44 (0) 118 969 9777
stephen.barney@installationtechnology.com

Service scope

• Service constraints: Cat 6a cabling runs cannot exceed 100 metres; Coverage can be effected by the fabric of the building
• System requirements:
  • Power availability
  • Space availability

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Typically within 2 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Priority Levels Target Resolution Time ; ; Priority 1 Within 4 hours of Incident Start Time ; ; Priority 2 Within 8 hours of Incident Start Time ; ; Priority 3 Within 48 hours of Incident Start Time ; ; Priority 4 Within 168 hours of Incident Start Time; ; Standard service levels including access to a Service Manager for escalations 24x7x365. ; ; No other support levels available.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training is provided, further support can be managed via the service desk.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Typically via Excel or CSV
• End-of-contract process: We will create a off-boarding plan 1 month before the end of the contract outlining all of the information a customer needs to offboard successfully. They will also have regular contact with their service manager, there is no additional charge for this service.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: By reviewing performance data during regular service reviews.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Network
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • User names and passwords
  • System configuration
• Backup controls: They speak with the service desk who can arranged what is required.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • Bonded fibre optic connections
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9%; Key Performance Indicators Service Credit; KPI 1 Service availability 99.9% 10% of the Monthly Service Fee; KPI 2 Engineer on site within 4 hours 10% of the Monthly Service Fee
• Approach to resilience: Our service data centres run active / active, if one is unavailable users are dynamically routed to the other.
• Outage reporting: Email alerts

Identity and authentication

• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We use least privilege principles with regular reviews and audits of access permissions to ensure only authorised personnel have access, while logging and monitoring track usage for security and compliance.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance UK Ltd
• ISO/IEC 27001 accreditation date: 25/10/2023
• What the ISO/IEC 27001 doesn’t cover: Nothing specific
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow ISO 27001 and provide regular training throughout the organisation along with regular audits to ensure compliance. Reporting structure Service Manager Chief Information Officer

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We implement standardised configurations, tracking service components through inventory, and applying changes through a controlled request process. Components are monitored throughout their lifecycle with logs and audits for compliance, while changes are tested, approved, and documented for traceability.; ; Changes are assessed for potential security impact by conducting risk assessments and security reviews prior to implementation, ensuring compatibility with security policies and standards, and evaluating potential vulnerabilities or threats.; Testing and Rollback: we implement changes in a controlled manner, with testing in a staging environment and a rollback plan in case issues arise during deployment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We regularly scan our cloud services for vulnerabilities and prioritise them based on risk and potential impact. Potential threats to services are assessed by evaluating severity, exploitability, and potential impact on operations, and integrating threat intelligence to stay updated on emerging risks.; Patching deployment times vary based on risk and threat and vary from within an hour to several days. ; Threat data comes from Threat Intelligence Feeds and security vendors.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We continuously observe our cloud infrastructure and services for suspicious activity. This includes tracking user access, API calls, and resource usage. Anomaly detection and behavioral analytics help identify potential threats. Alerts and notifications are triggered for any unusual patterns, enabling prompt investigation and response. ; When a potential compromise is detected in a cloud environment, we immediately isolate the affected resources to contain the threat and prevent further spread. Investigate the incident to determine the scope and impact, then proceed with remediation and recovery efforts while notifying relevant stakeholders. ; Response times vary from within an hour to several days.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management processes involve rapid detection, investigation, and resolution of issues, including containment and recovery efforts. Pre-defined processes exist for common events such as service outages and security breaches, allowing for swift and consistent response through established playbooks and incident response teams and discussed during service meetings.; Users report incidents by calling or emailing the service desk. ; Incident reports form part of the monthly reporting pack which is emailed to the customer stakeholders.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  We have a published carbon reduction plan that is available on our website. We have ambitious plans to be carbon neutral by 2035, 15 years ahead of the government’s target.

  Equal opportunity

  We have a published Equality and Inclusion policy that is available on our website. Installation Technology partners with The Diversity Trust on a range of projects and are committed to providing a working environment that upholds dignity, equality, and respect for all employees, providing equal opportunities to all of our people.

Pricing

• Price: £425 to £995 an instance a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephen.barney@installationtechnology.com. Tell them what format you need. It will help if you say what assistive technology you use.