MRI Software Limited

MRI Hosted Service

We deliver a range of services from fully managed Desktop as a Service to Backup as a Service/ Disaster Recovery as a Service. Our cloud services are delivered from our Tier 3 ISO 27001 accredited data-centres. We deliver flexible, bespoke solutions tailored to individual customer requirements

Features

• Remote access to service any time, any day
• Remote access to service any time, any day
• Fully managed platform
• Automatic software updates
• High Availability
• Disaster recovery
• Real time monitoring
• Out of Hours support cover
• Data protection to include perimeter security to systems
• Data protection to include perimeter security to systems

Benefits

• Opex pricing model - No expensive infrastructure refresh costs
• Mobile working
• Subscription model - capital expenditure free
• Reduced Infrastructure costs and maintenance
• Document control of corporate data
• Scalability & Flexibility to increase of decrease resource requirements
• Access to latest Microsoft products
• Common desktop experience across multiple types of devices
• Ease of access to corporate date and sharing of information
• Environmentally friendly

£150 a virtual machine a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

511360215132750

Contact

Claire Brown
020 3861 7100
tenders@mrisoftware.com

Service scope

• Service constraints: We do not have any service constraints
• System requirements: We will provide all licensing and operational requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Specific to contractual arrangements with clients, usually to suit client requirements.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: SLAs will be agreed as part of the contracting process based upon the specific solution being delivered and client requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: This stage is the service readiness in which we will work with both the client and 3rd parties to focus on the readiness and preparation of supporting services from a Service Delivery perspective and will include the setup and agreement of the following: Service Desk – User Access, Contact and Incident Management Process Processes – Agreement of the ITIL processes that support the services to be provided including: • Incident / Problem Management • Asset Management • Change Management • Configuration Management • Release Management • Escalation Process • Engagement Model Service Management – Agreement of the Service Management model that will be used to deliver the services including: • Service and Handoff Model • Service Reporting • Engagement Model • Escalation Process • Exception Management • Create Service Model Document
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: As each solution is specific for the individual clients the extraction method will vary according to the type of data required. All contract end conditions are agreed upon during the initial discovery phase of the project.
• End-of-contract process: The end of contract process is variable according to which services the customer procures. Any additional costs that may be incurred will be agreed as part of the initial contract.

Using the service

• Web browser interface: Yes
• Using the web interface: Our service provides a simple, secure and intuitive web interface that allows users to interact with the service using all of the mainstream web browsers. Administration screens are provided to allow the user(s) to configure the service to how they want it to work for them. This includes the setup of users, roles and application specific data. In addition, user access can be controlled based upon the permissions assigned to them by a system administrator.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: None
• Web interface accessibility testing: None
• API: Yes
• What users can and can't do using the API: Web based JSON APIs exists to enable users to integrate our service backend with there own services. The APIs enable create, update and retrieval of data within our systems. All APIs are fully secure and are role based to control what consumers can and can not do.
• API automation tools: Other
• Other API automation tools: Azure DevOps
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Our Cloud is managed by our expert team, supported by our solution architects, consultants and support team. Comprehensive scrutiny is in place using tools to cover not only the standard metrics – CPU, disk space, memory for example – but also detailed statistics on how individual components are performing. This complete picture allows us to predict and spot trends across the entire platform and proactively prevent issues rather than having to react after the event, plan changes effectively, and reduce the impact on our customers.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Full environment DR can be configured
  • Individual Virtual machines
  • Database / file level back ups
• Backup controls: Backups will typically be on an agreed schedule, however users may request individual instances via the service desk.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: MRI’s Cloud platform is designed to be scalable and resilient with no single points of failure. All the components within the platform are designed in a high-availability configuration to minimise the risk of impact to our clients in the event of a technical issue. The backend architecture consists of multiple resilient VMWare hosts using the latest virtualisation technology. In the event of an issue the system is able to automatically migrate virtual machines between hosts to maintain performance and availability. To ensure connectivity, our racks are provisioned with diversely routed active / passive internet circuits offering 1Gb connectivity and automatic HSRP (Hot Swap Routing Protocol) failover. This is backed up by both NGD & IOMart’s 100% core network uptime guarantee. SLAs and service credits are tailored to the client and the services they procure. Further details are available on request.
• Approach to resilience: MRI's Cloud platform is designed to be scalable and resilient with no single points of failure. All the components within the platform are designed in a high-availability configuration to minimise the risk of impact to our clients in the event of a technical issue. The backend architecture consists of multiple resilient VMWare hosts using the latest virtualisation technology. In the event of an issue the system is able to automatically migrate virtual machines between hosts to maintain performance and availability. To ensure connectivity, our racks are provisioned with diversely routed active / passive internet circuits offering 1Gb connectivity and automatic HSRP (Hot Swap Routing Protocol) failover. This is backed up by both NGD & IOMart’s 100% core network uptime guarantee.
• Outage reporting: MRI's service reports any outages to relevant clients using proactive communication from our service desk, by email or phone depending on the severity of the issue.

Identity and authentication

• User authentication:
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is only granted to those that require access and the level of access will be based upon the permissions of the user. Users will only be granted the permissions that they need.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 31/07/2017
• What the ISO/IEC 27001 doesn’t cover: As detailed within the SOA
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have all relevant policies and procedures in place in accordance with our security cerification.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our change process is ITIL aligned, providing a framework of defined processes to ensure changes are effectively captured and managed through to completion. This includes standard, normal and emergency changes.; o Ensures changes are recorded, evaluated, prioritised, planned, authorised, implemented, tested and documented ; o Maintains the balance between need for change and risk of change; o Ensures the impact of changes is minimised and overall business risk reduced; o Ensures changes to assets and CIs are recorded; ; The process is applied to: ; o All ICT infrastructure; o All infrastructure configuration files; o All server room facilities; o All system software
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All servers are protected by enterprise-grade malware protection software which automatically updates daily, providing threat alerts to our team in the event of any vulnerabilities being discovered. ; We have established relationships with major suppliers and is automatically notified if any critical patches are released by Microsoft, VMWare, Citrix or others. Each patch is assessed and released according to severity; critical patches can be released with 24 hours should it be required and appropriate safeguards are in place.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: System performance is monitored by our dedicated Managed Service Desk and teams. We use tools to provide a fully transparent monitoring platform solution. Our monitoring solutions are based on predictive principles and make reasonable attempts to identify potential issues and faults in advance of solutions failing. Out-of-the-box functionality allows us to monitor critical infrastructure with a vast range of performance metrics.; Any incidents follow our security processes and are risk assessed and responded to accordingly.
• Incident management type: Supplier-defined controls
• Incident management approach: Ssupport services are provided by our Service Desk, which is the first point of contact for any faults or IT requests. ; ; Direct access to our Service Desk team via telephone, email or self-service web portal. Email & web portal access is available 24/7; ; Our incident management process identifies, records, prioritises and manages incidents with the primary objective of remediating issues and restoring normal service to clients as quickly as possible and to minimise the impact of the incident on business operations.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Each client is separated using distinct networks and vLANs, virtual machines and LUNs.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: We work with Iomart to provide datacentre services for our clients. The iomart EnMS combines best practices in project management, energy monitoring, and energy awareness along with an energy policy that governs our approach towards energy use and performance. EnMS records and reports on energy usage and Power Usage Effectiveness (PUE) for the data centre estate in the UK as well as how iomart is reducing energy consumption and improving energy efficiency as a Group. Monitored by the Environment Agency (EA) and the Scottish Environment Protection Agency (SEPA), iomart use EnMS with Schneider Electric to analyse energy efficiency across their multiple UK data centres.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  MRI is committed to managing environmental risks that are material to our business and to reducing our carbon footprint by enhancing the energy efficiency of our operations and reducing the amount of waste that our company produces. We do this by utilising some of our own solutions with sensors in our own offices to assess our space utilization, energy usage and setting a reduction plan. As well as improving our own position, we also look at ways to help our clients work towards using services that have less impact on our planet’s scarce resources. A good example is HomeSwapper, our national mutual exchange solution. HomeSwapper enables tenants to swap homes either locally or anywhere across the United Kingdom with another social housing tenant, often to reduce their commute to work or schools which has a direct impact on carbon emisisons in the region.

  Covid-19 recovery

  We have fully embraced hybrid working and have recently formalised our flexible working model and different types of flexibility offered to all employees. We believe flexible working benefits our employees and the business. Our solutions available on this framework are all available remotely allowing our clients employees, users and contractors as applicable to work from any location in accordance with your approved working practices to allow flexibility

  Tackling economic inequality

  Our employees are all contracted and salaried fairly, in line with the Living Wage standards. All of our employees are paid at least the minimum rates as stated under the current Living Wage. We do not employ anyone on zero hours contracts and have a strong commitment to regularly review salaries in line with our appraisal process. We have a number of apprentices in the business who we are supporting to complete degree level qualifications, who all receive above the apprentice minimum wage. We also offer a comprehensive benefits package for all our staff, which includes health and wellbeing support and access to private health care.

  Equal opportunity

  We work hard to ensure our employees have a voice. Our business has various committees in place, such as a Diversity, Equity and Inclusion Committee and Employee Resource Groups, such as Women & Allies and LGBTQIA+, which help us understand how employees feel about working at MRI and help us drive forward inclusive events. We have also very recently launched our first ERG – employee resource group for Women and Allies. As a business with over 250 employees in the UK we are required to produce a Gender Pay Gap report. We very much welcome this initiative and our reports are available publically on our website. This report shows the impact we have on reducing our Gender Pay Gap and also highlights the many initiatives we have underway to further reduce our gap. This includes the development of our Flexible Working and Inclusive Policies initiatives, educating our People, People Managers and Business Leaders and working with external partners to attract a diverse staffbase.

  Wellbeing

  Work hard, play hard. From the day we opened our doors, we set out to build flexible, game-changing solutions that would make people's lives better. We do this by providing our clients with solutions that enable them to provide better places to live, work, and do business. The only way to carry out that mission is to hire the best employees and keep them. We are dedicated to creating a working environment which supports and develops our staff. Some of the benefits that we offer are: Gym reimbursements, Medical assistance, including mental health tools, Flexible working opportunities, including hybrid working Employee engagement is key to MRI's success and we hold quarterly spirit weeks to both connect and enthuse our teams globally. These weeks are themed and where staff are encouraged to learn about different topics or take part in activities that they might not typically have time for. These include fitness sessions, cooking sessions, engagement with families for those working from home or targeting one big event where we can globally feel like we are one team with the same goal. We also carry out bi-annual employee engagement surveys to ensure employees can express their views.

Pricing

• Price: £150 a virtual machine a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.