AI TECHNOLOGIES LIMITED

management of cloud services

management of cloud infrastructures based on vendors or proprietary hardware and software including specialised cybersecurity vendors (Darktrace, SPlunk, logrythm etc.) and generalists (AWS, Azure, IBM, Gcloud etc.)

Features

• remote and in premise configurations
• bespoke customisation
• training provided

Benefits

• vendor agnostic
• competitive pricing
• initial training included

£100 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrea@aitechnologies.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

485413251252998

Contact

Andrea Isoni
+447580756898
andrea@aitechnologies.co

Service scope

• Service constraints: Flexible, case dependant
• System requirements: Flexible

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Flexible, case dependant on SLA agreement
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: No
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Depending on the requirements the chat will be designed following WCAG 2.1 AA or EN 301 549.
• Web chat accessibility testing: We implement bespoke solutions therefore depending on contract we will do the necessary tests as required.
• Onsite support: Yes, at extra cost
• Support levels: Since we are a bespoke development agency,we can provide different levels of services depending on the actual tender. Generally we have always provided an account manager for any project/contract with one or more engineer to develop the software.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Flexible, case dependant
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Flexible, case dependant
• End-of-contract process: Hand over period with: final session for training and documentation review. Future work summary ideas.

Using the service

• Web browser interface: Yes
• Using the web interface: Flexible, case dependant
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Flexible, case dependant
• API: Yes
• What users can and can't do using the API: Flexible, case dependant
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
• Command line interface: Yes
• Command line interface compatibility: Linux or Unix
• Using the command line interface: Flexible, case dependant

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Flexible, case dependant under SLA agreement
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics: Cyber security monitoring
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Flexible, case dependant

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Flexible, case dependant
• Backup controls: Flexible, case dependant
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Flexible, case dependant under SLA
• Approach to resilience: Flexible, case dependant under SLA
• Outage reporting: Flexible, case dependant under SLA

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Flexible, case dependant under SLA
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We adhere to ISO 27001
• Information security policies and processes: We have our own which adheres to ISO 27001

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Since we are bespoke software consultancy, we can be flexible, case dependant.; Based on project requirements and contract we can track the libraries and software for defined period of time with specific SLA (service level agreements) to fix potential issues. This includes security breaches or other security related issues.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Since we are bespoke software consultancy, we can be flexible, case dependant. Depending on the contracts we will run penetration tests , update libraries or underline software to the latest patches according to the SLA contract (usually within 12-48hrs), and regularly monitorsecurity websites including CSO Online, SIGNAL magazine, Sophos news.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Since we are bespoke software consultancy, we can be flexible, case dependant. ; In software development, we proactively identify potential compromises through rigorous testing, stakeholder feedback, and risk assessment. When a compromise is discovered, we swiftly assess its impact on functionality, security, and user experience. Our agile response involves prioritizing resolutions based on severity and deploying patches or updates promptly. We maintain a rapid incident response protocol, ensuring timely mitigation and resolution of any unforeseen issues.
• Incident management type: Supplier-defined controls
• Incident management approach: Since we are bespoke software consultancy, we can be flexible, case dependant. We have pre-defined processes for common events, ensuring swift resolution and minimal disruption. Users report incidents through our dedicated support channels or integrated ticketing system. We provide detailed incident reports outlining the issue, its impact, and the steps taken for resolution. These reports are communicated promptly to stakeholders, fostering transparency and trust in our response capabilities.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: We use providers and third parties who adhere

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We have our own carbon reduction plan and adhere to net zero plan by 2050

  Covid-19 recovery

  Plan for mental health training (including Psychological First Aid by FutureLearn, Suicide Awareness Training – full version by Zero suicide alliance), volunteering and social distances

  Tackling economic inequality

  we do support yearly some local communities via donations: for example we donated to the Equality Trust. We also ahve old laptop donation program

  Equal opportunity

  AI Technologies also gives opportunities for a fresh graduate from a UK University to follow a real working code in AI in action (an area with both skill shortage and high growth). We believe this is a massive opportunity for a young student to learn what an AI application can deliver and put his hands ‘dirty’ on code. He will obtain the initial experience to qualify for data science or software development junior roles and we always prefer students coming from less privileged backgrounds. We did recruit regardless of gender and backgrounds.

  Wellbeing

  We have programs for meditations and breath classes available for all the staff

Pricing

• Price: £100 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrea@aitechnologies.co. Tell them what format you need. It will help if you say what assistive technology you use.