BESPIN LABS LIMITED

Microsoft 365 Cloud Backup (Afi) by Bespin Labs

Unlimited, regular backups of your Microsoft 365 data with 100% fidelity, including Files, Shared Drives, Calendars, Contacts and Emails, in order to deliver flexible point-in-time restores or instant offline exports.

Features

• Automated full fidelity backups, resilient to Microsoft API errors
• Automated weekly, daily or high frequency (hourly) backups
• Drive, Shared Drive and document sharing permissions backup
• Full structure of email, labels, nested labels, folders and threads
• SLA policy-based backup, automated re-scheduling to avoid failures
• Automated archiving of deleted 365 users, saving licensing costs
• Selectable unlimited retention at one or multiple data centres
• Flexible Recovery to any account, in-place or new folder
• Instant online preview and export to MBOX, EML and PST
• End-user web portal allows recovery of lost items themselves

Benefits

• AI-based Automation
• Google Workspace users and Drives are automatically discovered and protected
• Deleted shared drives or users automatically archived for restoration later
• Keywords and phrase search in email backups across all contents
• Granular item-level or whole user instant account restore
• Browse and restore any prior versions of Microsoft 365 data
• Intelligent Ransomware Protection
• Early ransomware attack detection with instant admin email notifications
• Immutable backup storage - can't be affected by cyber attacks
• Audit log includes IP-address, session, Admin actions and system events

£36 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at julian.desert@bespinlabs.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

488157179295891

Contact

Julian Desert
+447549002637
julian.desert@bespinlabs.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: Microsoft 365

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 hours
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat is available from main website. ; Files and screenshots can be uploaded the shared to aim support of issues.
• Web chat accessibility testing: None
• Onsite support: No
• Support levels: Online 24 hr x 7 days
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Installation instructions are at -https://help.patronum.io/en/article/patronum-backup-for-google-workspace-installation-guide-1e1r64k/ for Patronum, select Microsoft 365 backup (Afi). Bespin Labs will assist you via Patronum Chat, Video Call and Screen Sharing as required.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Afi is a backup solution, data can be downloaded manually to PST, EML, ZIP or native formats.
• End-of-contract process: At the end of the contract if service is not renewed data is permanently deleted in accordance with the SOC2 requirements (NIST 800-88 standard)

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The Afi API is organized around REST. API has predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.; ; Requests to the Afi API are authenticated with the Application API keys. Application is a key concept for building integrations with Afi and provides API access to the resources and configuration in tenants where the Application is installed. All the modification operations leave audit records with an Application name as an actor.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Afi harnesses the native auto-scaling functionality of Google Cloud Platform (GCP). Overall service levels are based on user requests to the service which are used to scale the resources available to the platform.

Analytics

• Service usage metrics: Yes
• Metrics types: Information on backup usage and metrics is available via the main application dashboard
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Afi Technologies Inc

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: In Afi service user can download backed up data locally in widely adopted portable formats - ; PST (Outlook Data file) for Mail, Contacts and Calendars; ; ZIP for Drive and Sites. ; ; Also Mail can be downloaded in EML format which is convenient for checking individual emails.
• Data export formats: Other
• Other data export formats:
  • EML
  • ZIP
  • PST
• Data import formats: Other
• Other data import formats: Upload is performed automatically as part of backup process

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Afi provides a 99.9% update time SLA, and uses reasonable efforts to make the Services available 24 hours a day, 7 days a week, except for planned downtime, or any unavailability caused by circumstances beyond their reasonable control.
• Approach to resilience: Afi infrastructure, including Afi-managed cloud storage and Afi application, is hosted in Google Cloud, which holds the following compliance certifications: SOC1, SOC2, SOC3, ISO 9001, ISO 27001, MPAA, FISMA, FERPA, CJIS, CSA, DIACAP, FedRAMP, ITAR, FIPS 140- 2, G-Cloud.; ; Afi cloud infrastructure services and data storage are deployed in Google Cloud Platform that prevents physical access to the data and implements access control using Google Single Sign-On.
• Outage reporting: Service outages are reported by email alerts and API.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management and support information is controlled using federated SSO incorporating 2-factor authentication.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 05/10/2023
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: None
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC2 Type 2 Certified

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: CSA CCM version 3.0
• Information security policies and processes: Afi has audit and assurance policies, procedures, and standards that are established, documented, approved, communicated, applied, evaluated, and maintained. These standards are reviewed and updated annually. ; ; For further details see -; https://cloudsecurityalliance.org/star/registry/afi-technologies/services/afi-saas-backup/download/-7Jesw

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Aif follow a defined quality change control, approval and testing process; with established baselines, testing, and release standards.; ; Policies and procedures are maintained for managing the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced). Review and update the policies and procedures at least annually.; ; Further details - https://cloudsecurityalliance.org/star/registry/afi-technologies/services/afi-saas-backup/download/-7Jesw
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Policies and procedures are maintained to identify, report and prioritize the remediation of vulnerabilities, in order to protect systems against vulnerability exploitation. Review and update the policies and procedures at least annually.; ; Define, implement and evaluate processes, procedures and technical; measures to enable both scheduled and emergency responses to vulnerability identifications, based on the identified risk.; ; Processes, procedures and technical measures to update detection tools, threat signatures, and indicators of compromise on a weekly, or more frequent basis.; ; Further details - https://cloudsecurityalliance.org/star/registry/afi-technologies/services/afi-saas-backup/download/-7Jesw
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Define, implement and evaluate processes, procedures and technical; measures to update detection tools, threat signatures, and indicators of compromise on a weekly, or more frequent basis.; ; https://cloudsecurityalliance.org/star/registry/afi-technologies/services/afi-saas-backup/download/-7Jesw
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for Security Incident Management, E-Discovery, and Cloud Forensics. Review and update the policies and procedures at least annually.; ; Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the timely management of security incidents. Review and update the policies and procedures at least annually.; ; https://cloudsecurityalliance.org/star/registry/afi-technologies/services/afi-saas-backup/download/-7Jesw

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  Wages and benefits paid for a standard working week shall meet, at a minimum, national legal standards or industry benchmark standards, whichever is higher. Wages should always be enough to meet basic needs. ; ; Working hours shall comply with national laws and benchmark industry standards, whichever affords greater protection. It is recommended that working hours do not exceed 48 hours per week (8 hours per day). ; ; https://afi.ai/r/afi-csr-statement.pdf

  Equal opportunity

  There shall be no discrimination at the work place based on ethnic background, religion, age, disability, gender,; marital status, sexual orientation, union membership or political affiliation.; ; Measures shall be established to protect workers from sexually intrusive, threatening, insulting or exploitative behavior, and from discrimination or termination of employment on unjustifiable grounds, e.g. marriage, pregnancy, parenthood or HIV status. ; ; https://afi.ai/r/afi-csr-statement.pdf

Pricing

• Price: £36 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Free Backup Trial for 14 days. Unlimited number of backup users, unlimited backup storage. Includes all possible backup types e.g. email, calendar, contacts, sites, individual and shared drives. Any trial backup data will be permanently deleted at the end of the trial.
• Link to free trial: https://www.patronum.io/contact-us

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at julian.desert@bespinlabs.com. Tell them what format you need. It will help if you say what assistive technology you use.