Skip to main content

Help us improve the Digital Marketplace - send your feedback

DolpTec

CloudOzone - Google Cloud Landing Zone service

The solution deploys a foundational set of capabilities that is designed to align with Google Cloud best practices and multiple global compliance frameworks. With this Solution, you can better manage and govern your multi-account Google environment that have highly-regulated workloads and complex compliance requirements. It provides a comprehensive, low-code solution.

Features

  • secure-by-design architecture
  • Patching, security, backups, and monitoring of compute instances and databases
  • Google Cloud Reseller service procured and managed on your behalf
  • Secure User Management
  • Governance Framework
  • Operational Security
  • Asset Protection and Resilience
  • Data in Transit protection
  • Seperation between customers
  • Secure Development

Benefits

  • It support Principle 14 NCSC published cloud security guidance
  • Implement architecture essential to scalability
  • 2X Faster Cloud Adoption
  • Manage and ensure business continuity with potentially high demand
  • Optimal Infrastructure and Cost Management
  • Innovate faster, reduce costs and operate more securely with AWS
  • Monitoring & Alerting
  • Google Cloud Well Architected framework
  • 20% Reduction in IT staff management costs
  • Improved business productivity and Cost effective design

Pricing

£400 a user a day

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at azeems@dolptec.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

4 9 2 4 3 3 7 9 7 7 1 4 4 8 2

Contact

DolpTec Azeem Shaikh
Telephone: 02081356162
Email: azeems@dolptec.com

Service scope

Service constraints
DolpTec specializes in delivering services on hyperscaler cloud platforms such as Microsoft Azure, Google Cloud and Amazon AWS. While we offer end-to-end services from cloud advisory, design, development and managed services to our global customers, we have observed that few services provided by these cloud service provider have some limitations/constraints in terms of features and functionalities. In these situations, we closely work with service providers as a preferred partner and come up with a solution to mitigate this constraints.
System requirements
As Defined with Service Delivery Manager during consultation

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Priority incidents can be responded up to 15 Minutes. Overall response time matrix will be agreed as part of Service Level Agreement with Client.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
We can support with multiple options including 24x7 support and other. Support Model will be decided on agreement with client.
Web chat accessibility testing
None
Onsite support
Yes, at extra cost
Support levels
We provide tiered support to provide the best possible service in the most possible efficient manner.
1. Level 1 / L1 support: This is the initial support level responsible for basic customer issues that do not require any developer intervention. Typical activities include support required related to usage of the system, educating the user, resolving configuration issues.
The first job of a Level-1 specialist is to gather the user’s information and to determine the user’s issue by analyzing the symptoms and figuring out the underlying problem. Once identification of the underlying problem is established, the specialist can begin sorting through the possible solutions available.

2. Level 2 / L2 support: This is a more in-depth technical support requiring experienced and more knowledgeable personnel on a product or service. For this level of support of developer intervention is required but there is no change in functionality.

3. Level 3 / L3 support: This is the highest level of support in a three-level support model responsible for handling the most difficult or advanced problems. This support involves developer intervention with functionality level changes. Complete life cycle needs to be executed to implement such changes.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide a User Documentation pack for users of our Services.
All staff performing services has received extensive onsite training.
Apart from these, we also provide a handover training to customer users once the service is setup which will enable client users to get started quickly on the system.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Users may take advantage of online data tool provided by the service provider or make a request and data will be provided to them and in all cases, the customer is responsible for extracting all data prior to the contract end.
End-of-contract process
At the end of the contract, the access of the users to application will be removed. Customer proprietary documentation access to the users should be revoked. All the revoking steps must be documented and signed off by the customer. In Flight project, documentation and knowledge transfer is provided to the customer and the new vendor in a series of arranged sessions. All documentation regarding the customer environment is handed over to the customer. We also provide a transition to the vendor who is taking over the management of the system and the scope of services being provided under the current contract.

Using the service

Web browser interface
Yes
Using the web interface
Our web interface can be used by all clients to view, manage and respond to support tickets. Self-managed customers can also use our web interface to manage their database and uploaded files and to view their log entries.
Web interface accessibility standard
WCAG 2.1 A
Web interface accessibility testing
Basic Testing
API
No
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
  • Other
Using the command line interface
Resource and configuration management can be done through the command line interface. All functionalities for the resources under management are done through the provided web interface.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
All environments are sized and architected for the Clients environment using network and component separation provide by the Cloud providers. Each user is accessing the defined services for their specific organisation on Google Cloud .

Services which provide virtualized operational environments to customers (i.e. Compute Engine) ensure that customers are segregated via security management processes/controls at the network and hypervisor level.

Google Cloud capacity planning model supports the planning of future demands to acquire and implement additional resources based upon current resources and forecasted requirements.
Usage notifications
Yes
Usage reporting
  • API
  • Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Amazon Web Services, Google Cloud, Azure Cloud, OVHCloud

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Full solution backup via Amazon Snapshots
  • Compute Engine instances, Databases, Machine Image , Entire Systems
  • Bespoke backup service considering client's RTO and RPO needs.
  • Online, off-line and off-site backup services.
  • Automated or manual backup operations as needed by client.
  • Granular backups on or off server, server of database(s)
  • Encrypt data and keep it for extended period
  • Incremental backups
  • Routine backup testing service.
  • Remote Backup
Backup controls
Backup schedules are agreed in advance with the users. During the contract, changes to the schedule are enabled through change control
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We use public cloud service provider such as, AWS, Azure, Google Cloud etc. So availability that are guaranteed by these cloud providers is what customer would avail. The standard SLA's are negotiated during the contract negotiation stage and we have a proven record in meeting those SLA's. Provision of support for high severity incidents (Priority 1 and 2) through on-call resources, out of hours on a 24/7 basis including weekends and Bank Holidays.
Approach to resilience
Resilient and recover gracefully from failures, and they continue to function with minimal downtime and data loss before full recovery. We can provide the full details on request.
Outage reporting
Email alerts, API triggers, Phone alerts, and Dashboards.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
IP restrictions, two factor authentication of approved users and protective monitoring/logging, RBAC, Strong Password, VPN Access to the cloud OPS account
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • Google Cloud Professional level certification
  • Google Cloud Security Certified

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We work on all Security Policies and Processes of security which are well documented. Authorised users have thorough training on these policies, and we conduct regular security checks to ensure that these are being followed completely.
Information security policies and processes
We work on all Information Security Policies and Processes and GDPR levels of security which are well documented. Authorised users have thorough training on these policies, and we conduct regular security checks to ensure that these are being followed completely.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our Requirements Management is driven by specialized Analysis practice and is a two-step process – Scope and Requirements Management. Initially in the project the focus is on understanding the breadth of requirements and defining the boundaries of the system – this is documented under a scoping document.

We perform change management at three different levels –
• Level 1 of change management is to minimize the scope of change in future
• Level 2 of change management is by tracking small scale changes in requirements
• Level 3 of change management is assessment of the impact of requirement changes
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We keep our services under constant review. We monitor open-source intelligence and vulnerability disclosure lists OWASP API Security Top 10 in order to discover new vulnerabilities. We also proactively seek out vulnerabilities in components we use and disclose them responsibly. We treat security updates as high-priority work. We regularly carry out penetration testing, both on behalf of our clients and of our own, and use the results to harden and improve our services, and to model new potential threats and attacks.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Log monitoring, Data leak prevention controls, incident monitoring and risk monitoring are performed as protective monitoring processes.
Incident management type
Supplier-defined controls
Incident management approach
We have defined incident management process where users can report incidents. Details available upon requests.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Hyper-V
How shared infrastructure is kept separate
The subscriptions are created for specific customer on public cloud service provide such as AWS, Azure, Google Cloud etc. The public cloud service provider ensure that no two subscriptions/accounts are mixed with each other.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Major CSP datacentres deployed in EU regions adhere to the EU Code of Conduct.

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

We continue to vigorously pursue our carbon reduction policies, and would start publishing our Carbon Reduction plan on our website. Our move towards hybrid working in recent times and promotion of car sharing and public transport plans reduces staff vehicle emissions when we do commute to our offices.

Covid-19 recovery

We have been able to retain full employment and activity throughout the pandemic. We have supported employees with their working from home arrangements with extra equipment and additional work-related support, with a focus on preventing loneliness and looking out for those whose mental health might be suffering.

Tackling economic inequality

We continue to grow our business, acquiring further premises and hiring more staff. As an responsible and ethical business, towards its people, every employee is rewarded in the success and profits of the company.

Equal opportunity

At DolpTec we are committed to encouraging equality, diversity and inclusion among our workforce, and eliminating unlawful discrimination. The aim is for our workforce to be truly representative of all sections of society and our customers, and for each employee to feel respected and able to give their best. The organisation - in providing goods and/or services and/or facilities - is also committed against unlawful discrimination of customers or the public.

Wellbeing

The quality of the working environment and the wellbeing of staff is at the heart of our culture. We have a dedicated Mental Health and Wellbeing Facilitator who curates and shares ideas and tasks to help maintain and improve mental health and wellbeing at DolpTec. The facilitator is currently investigating Employee Assistance Programs which can be used to promote good mental health and wellbeing in a work environment and can offer additional support above the fantastic support network we already have in place.

Pricing

Price
£400 a user a day
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at azeems@dolptec.com. Tell them what format you need. It will help if you say what assistive technology you use.