SERVITA PROFESSIONAL SERVICES (UK) LIMITED

Advanced Data Platform and Managed Services

Servita’s industry leading architects have a proven track record of identifying and creating optimum solutions to what are often very complex business problems. Our Advanced Data Platform and Managed Services provide high performance, infinitely scalable and secure cloud-hosted data services.

Features

• Vertical and horizontal auto-scaling to keep response times low.
• Advanced trace identification, monitoring, and alerting.
• Interoperability through API/interface standards such as FHIR.
• Connectivity Options: N3, HSCN, Janet, and many others.
• Automated deployment, scaling, testing, and monitoring.
• Systems integration to eliminate need for data store and management.
• DevOps to system orchestrate fast delivery of applications and services.
• CI/CD (Continuous Integration/Continuous Delivery or Deployment).
• Data Exchange, in formats such as XML, and more.
• Cloud and Solutions Architecture, giving access to cloud computing.

Benefits

• Reliably access the system due to high availability/ CI.
• Achieve cost efficiencies, through automatic scaling around system demand.
• Exchange information across different devices, due to platform agility.
• Access data from multiple sources, speedily integrated and aggerated.
• Transfer offline data to online using dataset onboarding.
• Investigate anomalies and confirm relationships, through data interrogation.
• Utilise our exceptionally managed service standards.
• Support business or operational needs through fast integration.
• Quickly and easily access information anywhere, utilising internet connectivity.
• Safeguard data through our trace identification, monitoring, and alerting.

£7,000 to £77,000 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rich.story@servita.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

520775808773872

Contact

Rich Story
+447918722104
rich.story@servita.com

Service scope

• Service constraints: Patch support for a typical Kubernetes release often comes with approximately 1 year of patch support as standard. Any upgrades to this package, which include longer timeframes of patch support, may incur a one-off upgrade fee. A further constraint surrounds the fact that Servita cloud environments are typically fully private and secure. This means that the client may need to set up a site-to-site VPN, in order to access private cloud resources.
• System requirements:
  • Middleware licensing (if any) to be covered by the client.
  • Minimum two EC2 per Kubernetes cluster to achieve high availability.
  • Access to the system requires an internet connection.
  • Either AWS or Azure cloud hosting accounts.
  • GitLab for VCS, IaC state storage and CI/CD pipelines.
  • ArgoCD and optionally ArgoCD rollouts for K8s CD deployments.

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: We respond to all tickets within the same day of their issue. In the event that tickets relate to high severity faults, we will respond, and diagnose the issue, using our technical consultants. Response times in this case, through our previous experience, have shown to take up to 2 hours. These response times do not alter with respect to weekends, as they are typical across the whole of the week, not just weekdays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Servita provide three support levels, basic level support, developer level support, and business level support. 1. Basic level support - This level of support offers 24/7 customer service, from our internal customer engagement team, as well as support forums. These features will offer cross-applicational support to clients when needed. Further to this, the basic level of support provides 4 Core “Trusted Advisor” checks and a personal health dashboard. Associated costs: No TAM (Total Addressable Market) - Free. 2. Developer level support - Our developer level of support offers all of the support within the basic level of support, as well as one extra benefit. This additional benefit entails access to Technical and Architectural Cloud Support Associates. Here, clients can contact Associates via email, utilising one primary contact within their company. Associated Costs: No TAM (Total Addressable Market) - 5% x monthly AWS usage. 3. Business Level Support - Servita’s business level of support offers all of the support included within the developer support package, with the following additional extras: 24/7 access to PaaS Support, via email and telephone, and Case management support. Associated Costs: TAM, above £480 or cost percentage (pm). We provide Cloud Support Engineer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Servita will conduct an initial discovery session to understand requirements, constraints, and ways of working. We will tailor our services to strike cohesion with clients and ensure desired outcomes are achieved in a way that generates high levels of customer satisfaction. The output of the initial discovery will be a Servita Methodology Matrix which plots all key deliverables, their accountable owners, their purpose and at which stage they will be delivered to which areas of the client team(s). User documentation including any system protocols and procedures would be produced in Confluence and/or Swagger and Users would be given access to Servita shared repositories as required.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Online libraries.
• End-of-contract data extraction: At contract end, users can extract and export their data in JSON, CSV and SQL formats. Service and Security Management Logs can also be retained and stored according to customer requirements. Typically, Servita would co-define with the client, an exit strategy that captures the details and protocols that will be followed at contract end. Data extraction forms part of the strategy, ensuring we fully meet client expectations. To protect data integrity and security, Users are requested to provide requirements for how the data is extracted and stored in a way that complies with industry best practice and Government security policy. Servita will support the entire data extraction process including any reconciliation checks should they be required between source and target databases.
• End-of-contract process: Preparation, hardening and full implementation / live service of the platform is included. Training of the base components, release and configuration management protocols and handover of the DevOps practices are included in the price. Training, TNA, Guides and strategic roadmapping for bespoke elements are subject to impact assessment and would be provisioned via Servita Consultants. Should there be a need to transition the platform and/or migrate data, Servita will work with the client to co-define an exit and migration plan that ensures all requirements are captured and agreed thus enabling a smooth and well executed transition that meets with client expectations and needs. All data, license/user accounts and technical artefacts will be delivered to the client.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can access trace monitoring, alerting and logging components to get full visibility of activity and health across the platform. This is achieved through a selection of OpenTelemetry made available to the customer and the usage of either Azure or AWS’s native monitoring solutions.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: It is not known what accessibility standards these components adhere to.
• Web interface accessibility testing: Servita have not conducted any web interface testing with assistive technology users, but we believe the software providers carried this out.
• API: Yes
• What users can and can't do using the API: Depending on requirements, API’s can made available for Users to make changes such as setting internal and external connection points / environments, setting rate limits and configuring exclusion rules. We would encourage users to gain increased interconnectivity between their systems using the platform and as such we can provide automated validation tools that check formats and expected versus actual responses. There are CLI tools for interacting with AWS, Azure and Kubernetes, but we would not give access to this to Users in order to retain platform integrity.
• API automation tools:
  • Ansible
  • Terraform
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Servita work to guarantee users aren’t affected by the demand other users place upon our service in two ways. The first of these, is by ensuring that deployments are made in isolation from one another. This means that customers will be separated to ensure the performance of our service when there is collaborative demand from various areas. Secondly, we guarantee that users aren’t affected by the other user demand on the service by ensuring that clients have dedicated cloud-hosted solution provisioning. This allows us to deploy cloud resources flexibly, in order to scale up when usage spikes.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Servita have a range of tools and techniques to protect data at rest, such as the below.; ; Semantic Keys are used to encrypt sensitive data into ciphertext while stored in a database and decrypt it to plaintext when accessed by an authorized user, and vice versa.; ; Data pseudonymisation and obfuscation is achieved via our iData tooling enabling Servita Data Engineers to configure data protection according to explicit business and exclusion rules.; ; Servita also have a range of Tokenisation and Encryption tools and methods at our disposal including AWS KMS, CloudWatch and CloudTrail for active and proactive monitoring of data protection.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines
  • Kubernetes Clusters
  • IaC States
  • Cloud Resources (EC2, RDS etc.)
  • Databases
  • File Storage
• Backup controls: Servita offer clients control over which backups are performed by agreeing upon this in advance of the outset of services. However, standard resources are backed up automatically. Clients can also request changes to their back up requirements. This will be requested via email, in order to meet compliance and requirements.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Users can be refunded by a number of means including credit note repayments or discounted monthly fees subject to the terms of the agreement with the client.
• Approach to resilience: Available on Request.
• Outage reporting: Servita place our clients at the heart of everything we do. That is why we are committed to reporting any outages reactively and appropriately. In order to ensure that all clients are fully informed on any details surrounding service provision, we will report all outages promptly in the following forms: SMS, Email alerts, Webhooks, Public dashboards if required. This option will incur an additional cost. Outages are reported to the client immediately with service recovery updates provided at least once every 30 minutes. Service recovery updates may be provided by our Cloud Support Engineers via phone, SMS or email.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Servita restrict access in management interfaces and support channels, by using IAM to provide access control to cloud services. We also utilise RBAC (Role Based Access Control) permissions, which are assigned to all individual IAM management accounts in order to further enhance cluster level access restrictions. Finally, we implement K8 as a control across our service, with respect to this. All of these factors ensure that management interfaces and support channels have the required restricted access necessary for safe, excellent performance.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certified Quality Systems (CQS) accredited the certification
• ISO/IEC 27001 accreditation date: July 2020
• What the ISO/IEC 27001 doesn’t cover: Any bespoke and/or visualisation layers to the platform would not be covered under this certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Security Plus
• Information security policies and processes: Servita’s goal is to provide secure, scalable and future proof solutions to UK Gov. As such Servita have implemented an Information Security Management Systems (ISMS) at the forefront of their QMS, containing policies and procedures for considered and controlled management of sensitive data, systems, services and processes. Our ISMS uses the 27001 and Cyber Essential Plus standards as a baseline. Our ISMS covers every aspect of the services we provide including: Access Control, Anti-virus, Malware and Threat Detection, Backup and Recovery, Data Loss Prevention, Data Protection, Password Management, andPersonal Conduct. Servita’s Information Systems Manager is responsible for all staff inductions, information security training programmes and for ensuring all services are carried out in accordance with our ISMS. All breaches of information security, actual or suspected, will be reported to the Information Systems Manager, who is responsible for maintaining the security policy and providing advice and guidance on its implementation. All business managers are directly responsible for implementing the policy within their own areas and for adherence by their staff. It is the responsibility of each member of staff to adhere to this policy.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Servita track changes using internal change management governance, which forms part of our QMS. Our Change Control Policy is available upon request, as is demonstrations of how the policy is implemented through the platform. DevOps tooling supports a part of our change and configuration management process. This ensures a secure, yet auditable record of any changes made to the service, technology stack, or code base. Finally, all significant changes are reviewed by the Change Advisory Board, which delivers support to the Change Management Team, whose purpose is to review any requested changes and assess change/update prioritisation.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Servita will adhere to the service pack update and patching processes as defined in their ISO27001 information security policy. Patch/release deployment is pre-configured and built into our PaaS code, in order to enable release implementation at the node/pod/cluster level. This enables Servita to achieve 0 down time. Patches can therefore be deployed immediately after approval is obtained from the Change Advisory, and Information Security advisory boards. This ensures that we can reactively deploy patches where needed. Furthermore, Servita subscribe to Norton 360 and Microsoft Security Insider threat/vulnerability intel boards to remain abreast of emerging threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Servita PaaS holds built-in security monitoring and alerting tools, which ensure that we can protectively monitor our service. Additionally, DataDog handle all trace ID’s, logging and alerting across all nodes and pods. To enhance this further, we also utilise CloudWatch, which protects data at rest, using encryption. All security incidents are responded to immediately. In the event that a potential compromise has been detected, our policy is to notify the client. This step is taken in parallel to the performance of an in-depth risk analysis. Both the results of this analysis, and client direction will determine our action plan.
• Incident management type: Supplier-defined controls
• Incident management approach: Servita record and manage Incidents as per our security incident policy and response procedure, and thus operate pre-defined processes for common events. Incidents can be reported by users via email, SMS or telephone. Our Live support services team will then perform root cause analysis on any incidents that occur, with corrective and preventative action plans documented and implemented to prevent or reduce the probability of the incident reoccurring in the future. Following this, Incident Reports are then shared with clients within 24 hours of the incident occurring, using communication channels such as email, SMS and telephone.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: AWS EC2 and Azure VMs
• How shared infrastructure is kept separate: Servita’s service operates in a segregated from, whereby client infrastructure, including the infrastructure of the network is physically segregated from other organisations. This means that different organisations do not share the same infrastructure, and thus, do not need to be kept apart.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: In compliance to the EU Code of Conduct for Energy Efficient Datacentres, we utilise Microsoft and Amazon cloud computing, which reduces the IT load of the operation. This ensures that we reduce energy consumption in a cost-effective manner. Microsoft are committed to reducing the environmental impact caused by the energy use of their products. As such, they comply with the EU Ecodesign Directive for Energy-related Products (2009/125/EC) and its implementing regulations ("Ecodesign Directive") when applicable. Our devices comply with the European Commission's Regulation for Standby and Off Mode Power Consumption for Electronic Household and Office Equipment. In doing so, they have integrated into their strategy, methods which will reduce the energy consumed by their equipment. Similarly, businesses in Europe can reduce energy consumption by up to 80% when running applications and services through AWS cloud as opposed to operating dedicated data centres. Amazon are also committed to purchasing 100% of its energy from renewable sources resulting in a potential 96% reduction in carbon emissions for an average workload being handled in our AWS cloud platforms.

Social Value

• Fighting climate change:

  Fighting climate change

  Servita are committed to helping fight climate change and reduce waste, and work in tandem with ISO:14001 to ensure that we act sustainably to reduce our carbon footprint. As such, we have already seen huge reductions in our carbon footprint for 2022 due to our efforts to aid the government in their 25 Year Environment Plan. Recently many of our operations have adapted a more remote approach, with less people spending time in the office. This has meant that our carbon footprint has reduced significantly, as many of our staff work offsite, and do not have to travel into the office, reducing carbon emissions company wide. Additionally, with many staff members choosing to work off-site, we have been able to reduce energy consumption onsite, further reducing our business-wide carbon footprint. In office, Servita operate a shared workspace policy in our London Office, for those who desire to, or are required to, work on-site. This office not only adheres to energy saving policies but is also shared. Consequently, there are no dedicated gas or electricity utilities, reducing our energy output. Further to this, our shared workspace is managed by TOG, who mandate that all waste is segmented for recycling. This ensures that we operate excellent waste management, by recycling and reusing materials where possible. In order to monitor compliance with our Environmental Policy and Procedure, we provide training to staff around sustainable practice at induction, and within yearly refresher training. We also monitor KPIs regularly. For example, we will aim to increase the amount of waste taken to landfill year-on-year. In order to measure this, we will monitor the weekly amount of waste which has been recycled, and utilise the DMAIC (Design, Measure, Analyse, Control) method.
• Covid-19 recovery:

  Covid-19 recovery

  Servita are committed to supporting people and community recovery from the impacts of COVID-19, and as such aim to aid the wider community through our everyday operations, in the aftermath of the pandemic. In order to contribute to community recovery following COVID 19, Servita offer flexible and remote working. We place no pressure on staff to attend our on-site offices, and give them the option to work from home as they please. This means that in cases of mandatory isolation, or family members taking ill, they are able to work from home. Within the office we operate social distances guidelines, and all of our communal spaces have sanitising gel. Servita also display helpful resources around the office, on posters and bulletin boards, which include information about COVID 19, and how staff can safeguard themselves within the workplace. This means that, as we move towards COVID 19 recovery, staff can take any protective measures they desire to feel safe within the workplace. In aiding and supporting the local community in COVID 19 recovery, Servita also sponsor many local youth development events. For example, we currently sponsor a local Under 16s Football organisation. In doing so, we hope to support local organisations, such as this, to recover from the impact of COVID 19. In order to monitor and ensure compliance with COVID 19 recovery initiatives, we offer induction training which covers our COVID 19 efforts. For example, all staff receive training which covers our social distancing guidelines and how to contribute towards our goals with COVID-19 recovery. Servita also review our COVID policy and procedures once per year and regularly hold feedback sessions with staff around what is/isn’t working well for them. This informs any proposed changes to policy and procedure for future.
• Tackling economic inequality:

  Tackling economic inequality

  Tackling economic inequality is something Servita are passionate about. As such, we are committed to promoting this within all of our operations, to contribute to the betterment of wider society, and the economy. In order to internally tackle economic inequality, we offer paid leave to employees, so that they may attend sponsorships or undertake voluntary days with local community charities and organisations. Depending on contract value, Serita also allocates a percentage of net profit to charities such as Centrepoint Youth Charity, which is the leading charity for homeless people. This charity, among other things, aids young people to gain skills from training courses, in order to prepare them for future employment. Thus, in donating to them, Servita hopes to aid towards addressing economic inequality. In another effort to tackle economic inequality, we monitor fair trade closely. This is operated through Servita’s Commercial Director, Rachel Flower, who reviews and amends supply chains, to ensure that fair trade is maintained throughout. Through this, we hope to contribute to social value, by aiding in the challenging of economic inequality worldwide. Servita operate training programmes through our training partners, to help develop and foster the skills of our valued staff. Our core training programmes include: Association of Project Management – APM-P and APM-PQ, Managing Successful Programmes (MSP), AWS Cloud – Business Professional, AWS Cloud – Technical Professional, AWS Cloud – A Well-architected Solution, AWS Cloud – Data Analytics, CITI Certified – Supplier and Contract Management.

Pricing

• Price: £7,000 to £77,000 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can offer free access to monitoring and trace activity dashboards and can potentially create mock API endpoints to demonstrate functionality and/or message response types. This is subject to requirements and feasibility.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rich.story@servita.com. Tell them what format you need. It will help if you say what assistive technology you use.