Core

Backup as a Service - CoreGov

Core provides a secure backup and restore solution for customers using Microsoft 365 using AvePoint’s industry leading Cloud Backup technology. It will provide data protection on Exchange Online, SharePoint Online, One Drive and Teams applications, and includes unlimited cloud storage and unlimited retention of the backup data.

Features

• Automated backup of M365 key data on all Microsoft applications
• Simple turnkey deployment for AvePoint hosted option, true geographical distribution
• AES 256 encryption as standard
• Backup into your own environment and with your encryption keys
• Self-service option available
• Fully managed option available
• Granular restore options, user, file, email, version, permission or setting
• Out-of-place restoration options to restore files into a new environment
• Excellent mitigation against ransomware attacks

Benefits

• Fast to deploy with virtually no setup required
• Protects the business data in use throughout the organisation
• Delegate restores to power- or end-users, removing bottlenecks, increasing efficiency
• New features are added regularly as Office 365 evolves
• Best coverage for O365 Groups, Teams, Mail, Sites, Planner, etc
• Reduce time-to-restore with with fast search or point-in-time restore
• Unlimited backup subscriptions
• Hyper-scale protects Office 365 tenants of any size
• Bring-Your-Own(BYO) Authentication, Encryption Key, and Storage for added Security

£2.40 to £3.00 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at webenquiry@core.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

513080328281857

Contact

Paul Saer
+44 (0) 207 626 0516
webenquiry@core.co.uk

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Microsoft 365
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: Requirements are defined in the user guide

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Telephone requests are immediate, other methods will be within 2 hours or more dependant on the severity of the request. For more information https://avepoint.com/products/support.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide - Low, Medium, High and Very High levels, more information can be found at https://www.avepoint.com/products/support
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Self-help guides and videos are available to guide users through service set-up, administration, and use. Further onboarding services are defined and agreed in a Statement of Work.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Customers may request a copy of the data via our support team.
• End-of-contract process: The functionality will stop working and the customers obligations will end. Where applicable customer data can be exported.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Users access services via http://www.avepointonlineservices.com/login. Users have access to available functions through our GUI based on their permissions or role.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Users access services via http://www.avepointonlineservices.com/login. Users have access to available functions through our GUI based on their permissions or role
• API: No
• Customisation available: No

Scaling

• Independence of resources: The deployment architecture is designed based on specific demand forecast on a per customer basis.

Analytics

• Service usage metrics: Yes
• Metrics types: Using AvePoint Cloud Backup you can generate and download reports for the completed backup, restore, or export jobs to view the job summary, job settings, and the failed or skipped objects. In the reports for the restore jobs, the source and destination information can also be seen.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: AvePoint

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data Export feature is initiated from the user interface. Conditions apply on data volumes.
• Data export formats: Other
• Other data export formats: This uses the AvePoint proprietary format
• Data import formats: Other
• Other data import formats: Not applicable

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Availability is set within the SLA.
• Approach to resilience: AvePoint leverages Microsoft Azure for hosting it's cloud services. For components of Compliance Guardian that are deployed within the customers network, availability will be reliant upon redundancy and disaster recovery planning.
• Outage reporting: AvePoint will notify customer's of any outages or service interruptions.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: All authentication is carried out against Microsoft Azure or any support Azure authentication method.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyds Register
• ISO/IEC 27001 accreditation date: 15/04/2020
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 15/06/2020
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: The CSA Star certification covers Microsoft Azure, Microsoft 365, Microsoft Dynamics 365 and Microsoft Dynamics CRM Online. Services not delivered on these platforms are excluded from CSA Star certification.
• PCI certification: Yes
• Who accredited the PCI DSS certification: Coalfire Systems Inc
• PCI DSS accreditation date: 29/07/2021
• What the PCI DSS doesn’t cover: PCI DSS Certification is specifically for Microsoft 365 and Microsoft Azure hosted services, including OneDrive for Business and SharePoint Online. Services not delivered on these platforms are excluded from PCI DSS certification.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change Management is documented, requested, reviewed, approved, tested, and finally rolled out during off hours in order to have minimal effect on customers.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We subscribe to security bulletins and stay abreast of recent day vulnerabilities as well as maintaining an active patch cycle.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Please refer to Azure documentation https://docs.microsoft.com/en-us/azure/best-practices-network-security
• Incident management type: Supplier-defined controls
• Incident management approach: Long-standing experienced helpdesk breach management procedures.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  All Core solutions are hosted in the Microsoft Cloud platform, which is currently 79-93% more energy efficient than a traditional on premise datacentre. All Core staff are also issued with modern Energy Star rated laptop devices which typically consume 2/3 less electrical power than desktop computers.; ; Core runs no on premises IT infrastructure and all internal services are cloud-based, ensuring that all service compute is done using high efficiency hardware and powered by renewable energy. It reduces the demand for mined precious materials, manufacturing and road transportation impacts associated with acquiring and receiving private infrastructure, as well as overall energy consumption inefficiencies of running infrastructure that may not be being optimally utilised.; ; Core advocates and supports the adoption of Remote and Hybrid Working to reduce unnecessary travel and associated emissions, reduce our corporate office footprint and support flexible working practices for our teams. ; ; In early 2022, we completed an audit of all end user devices in use across the company and calculated the carbon footprint generated as they are used to deliver our business outcomes, and we are currently developing a program to not only offset this in a properly accredited scheme, but to provide offerings to support our customers and partners to be able to easily do the same. We use Greenly as our carbon management reporting platform to calculate and monitor our scope 1,2, and 3 emissions, and build custom action plans to work towards reduction. In the recent years, we have also contracted Oblong Trees to plant a tree for any existing employee and new starter.; ; Microsoft, with their commitment to reaching net zero emissions by 2030, will enable Core to become a net zero emissions organisation in the same timeframe.

  Covid-19 recovery

  Core changed our operational policies to protect our staff during the Covid 19 pandemic, and to help our customers to continue to build and develop services to support a hybrid workforce.; ; We provide solutions to help customers make the most of remote working, including the ability to support and manage services without having to travel to specific office locations. However, these solutions also seamlessly enable users to work in the office environment too.; ; This includes full collaboration and communication solutions and employee wellbeing platforms to ensure that staff are supported and included, regardless of their location.; ; Our solutions will help customers to continue to work with no impact on user productivity in the event of a future wave of Covid-19 causing health concerns or impacting travel or office attendance capability, such as lockdown or if a member of staff tests positive for Covid-19.

  Tackling economic inequality

  Core is a London Living Wage accredited employer, ensuring that our staff members are able to live and thrive in their life outside of work (Decent work and Economic Growth).; We are an inclusive employer, hiring people based on their talents and capabilities, regardless of any other factors (Gender Equality and Reduced Inequalities).; Core hires new entrants to the employee marketplace where possible, such as graduates, then trains and develops them to start their IT career journey with Core, building skills and experience (Decent work and Economic Growth).; Core’s hybrid working policy enables people who may have personal responsibilities such as care for children or other dependants who may not be suited to an environment where they have to attend an office on a daily basis (Gender Equality and Reduced Inequalities).; Core is continually hiring staff as our business grows and develops. We currently have open roles in both London and Gdansk, and every new contract, such as this one, secures existing employment and presents opportunities for us to continue to grow our team. (Decent work and Economic Growth); Core funds training and development of all staff and encourages involvement in programmes that enable us to continuously develop our technical acumen. (Decent work and Economic Growth); Every employee at Core has a vested stake in our business success, all qualifying post probationary employees participate in an Enterprise Management Incentive where they have an equity stake in the Core business (Decent work and Economic Growth).; Core’s employee benefits package includes Life Assurance and Private Healthcare coverage for the employee and the option of their immediate families at no cost to the staff member, other than the income tax liability (Good Health and Wellbeing).; Every member of permanent staff is enrolled in the company’s Pension Scheme (Decent work and Economic Growth).

  Equal opportunity

  We are an inclusive employer, hiring people based on their talents and capabilities, regardless of any other factors (Gender Equality and Reduced Inequalities).; Core hires new entrants to the employee marketplace where possible, such as graduates, then trains and develops them to start their IT career journey with Core, building skills and experience (Decent work and Economic Growth).; Core’s hybrid working policy enables people who may have personal responsibilities such as care for children or other dependants who may not be suited to an environment where they have to attend an office on a daily basis (Gender Equality and Reduced Inequalities).; Core funds training and development of all staff and encourages involvement in programmes that enable us to continuously develop our technical acumen. (Decent work and Economic Growth).; Every employee at Core has a vested stake in our business success, all qualifying post probationary employees participate in an Enterprise Management Incentive where they have an equity stake in the Core business (Decent work and Economic Growth).; Core’s employee benefits package includes Life Assurance and Private Healthcare coverage for the employee and the option of their immediate families at no cost to the staff member, other than the income tax liability (Good Health and Wellbeing).; Every member of permanent staff is enrolled in the company’s Pension Scheme (Decent work and Economic Growth).

  Wellbeing

  All Core permanent staff are entitled to 25 days annual leave per year, plus Public Holidays.; Core’s hybrid working policy enables people who may have personal responsibilities such as care for children or other dependants who may not be suited to an environment where they have to attend an office on a daily basis (Gender Equality and Reduced Inequalities).; Core’s employee benefits package includes Life Assurance and Private Healthcare coverage for the employee and the option of their immediate families at no cost to the staff member, other than the income tax liability (Good Health and Wellbeing).; Core conducts frequent Employee surveys, collecting feedback from our team on how the business can adapt or improve, internally or externally. We get good engagement from this process and all employee feedback is reviewed, discussed and implemented where appropriate. (Good health and Wellbeing)

Pricing

• Price: £2.40 to £3.00 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at webenquiry@core.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.