ITHQ LTD

AWS - Platform as a Service (PaaS)

ITHQ offer a range of managed services to assist with the management, operations, billing and change management of AWS environments. AWS services are easy to consume and offer great value but like all infrastructure, operational discipline is required to ensure that the deployed services continue to operate effectively and securely.

Features

• Amazon Web Services (AWS) procured and managed on your behalf
• Billing management
• Unified cloud monitoring & alerting
• Change management review service
• Change execution service
• Backup and data protection
• Advanced networking nolutions

Benefits

• Consolidation and monitoring of AWS monthly invoicing
• Continuous review of AWS security measures
• Realtime monitoring of AWS services with automated alerting and response
• ITHQ participation in change requests to ensure best practice
• ITHQ implementation of infrastructure change requests
• Automated backups of AWS workloads
• Support for advanced AWS networking configurations

£0.00 to £30.00 an instance an hour

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

494644405314274

Contact

Dale Nursten
02039977979
bidteam@ithq.pro

Service scope

• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Dependent on SLA purchased, we have three; 8x5xNDB, 8x5x4 and 24x7x4
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Three levels of support are offered: 8x5x4, 8x5xNBD and 24x7x4. Support costs are based on size and complexity of the deployment.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a fully managed on boarding process.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: There are a number of built-in and 3rd party data export functions/solutions available.
• End-of-contract process: On service termination ITHQ will terminate any AWS accounts, access controls and resources. There is then a 90 day post closure period for cooling off, after which all data is permanently deleted. Off-boarding of instances and data is the customer’s responsibility and should be completed prior to termination. ITHQ can provide migration services at additional cost.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can manage all aspects of the AWS service using the AWS management portal.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Accessibility of the AWS management portal is maintained by Amazon Web Services.
• Web interface accessibility testing: Accessibility of the AWS management portal is maintained by Amazon Web Services.
• API: Yes
• What users can and can't do using the API: All aspects of the AWS service can be managed using the AWS API.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: All aspects of the AWS service can be managed using the CLI.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Managed and guaranteed by Amazon Web Services.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Amazon Web Services (AWS)

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: As we operate a cloud first policy we ensure that all our service providers conform to our protection standards by encrypting all data at rest by default.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual machines
  • Databases
  • Files
• Backup controls: Managed through SLA policies, which are agreed during the on boarding process.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9%
• Approach to resilience: AWS delivers the highest network availability of any cloud provider. Each region is fully isolated and comprised of multiple AZs, which are fully isolated partitions of their infrastructure. To better isolate any issues and achieve high availability, you can partition applications across multiple AZs in the same region. In addition, AWS control planes and the AWS management console are distributed across regions, and include regional API endpoints, which are designed to operate securely for at least 24 hours if isolated from the global control plane functions without requiring customers to access the region or its API endpoints via external networks during any isolation.
• Outage reporting: Public status portal/dashboard and email alerts.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Only authorised users or groups are able to access the management and support portals.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International Ltd
• ISO/IEC 27001 accreditation date: 15/03/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We are ISO27001 accredited and able to supply our Information Security Policies subject to a non-disclosure agreement being put in place with the receiving party.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Will be provided by ITHQ upon request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Policies will be provided by ITHQ upon request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Policies will be provided by ITHQ upon request.
• Incident management type: Supplier-defined controls
• Incident management approach: Policies will be provided by ITHQ upon request.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Amazon Web Services
• How shared infrastructure is kept separate: The AWS environment is a virtualised, multi-tenant environment. AWS; has implemented security management processes, PCI controls, and; other security controls designed to isolate each customer from other; customers. AWS systems are designed to prevent customers from; accessing physical hosts or instances not assigned to them by filtering; through the virtualisation software. This architecture has been validated; by an independent PCI Qualified Security Assessor (QSA) and was; found to be in compliance with all requirements of PCI DSS version 3.1; published in April 2015.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: See https://aws.amazon.com/about-aws/global-infrastructure/

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  ITHQ runs a corporate social responsibility programme called; Life In IT in South East England. ; ; Life In IT allows us to recondition tech devices donated from; businesses headed for disposal and pass them on to local non-; profit organisations that put them to great use. Schools in; particular are now benefitting from free technology that creates; fresh learning opportunities through increased access to education; platforms for more students.

  Equal opportunity

  ITHQ runs a corporate social responsibility programme called; Life In IT in South East England. ; ; Life In IT allows us to recondition tech devices donated from; businesses headed for disposal and pass them on to local non-; profit organisations that put them to great use. Schools in; particular are now benefitting from free technology that creates; fresh learning opportunities through increased access to education; platforms for more students.

Pricing

• Price: £0.00 to £30.00 an instance an hour
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.