Fifosys Limited

Secure Managed Cloud Amazon Web Services AWS

Fifosys work with Awazon Web Services (AWS) to provide a secure, highly scalable cloud services platform, offering a abroad range of services such as compute power, database storage, content delivery and other functionality to help businesses scale and grow without the need to invest in on-premise infrastructure.

Features

• Real Time reporting
• Scaleable on demand
• Remote Access Dektops
• Client isolation
• Dedicated bandwidth
• Spread across 4 countries in Europe with 12 availability zones

Benefits

• Can scale to meet the needs of the organisation
• Can be easily accessed on the move
• Removes the need for large investment in on-premise infrastructure
• Fully managed and maintained environment

£0.01 a megabyte a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at m.patel@fifosys.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

544527056327438

Contact

Mitesh Patel
02076442610
m.patel@fifosys.com

Service scope

• Service constraints: Service constraints include a planned maintenance window that will be agreed with the client to allow for proactive maintenance.
• System requirements:
  • Typically Windows or Linux (various) virtual machines
  • Standard connectivity via site-to-site IPSec VPN or the internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The Fifosys service desk is available 247 365 days of the year. This service provides a fully manned operation with engineers sitting in front of screen, taking calls, responding to emails and monitoring systems. Fifosys respond to incidents much faster than our SLA. We maintain a response and resolution time of 20 minutes for 86% of incidents to our desk. Our SLA is 1 hour for a priority 2 & 3 and 20 minutes for a priority 1. But we average 8 minutes response times to email support requests. These response times do not vary at weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Fifosys provide 1st, 2nd and 3rd line support 24/7/365. Our Network Operations Centre (NOC) proactively monitor, maintain and remediate clients systems. This is all standard service as part of our pricing model. We provide a team which includes an IT Manager who manages the Service team (NOC & Support), an Account Manager who is responsible for day to day management of the account from a sales perspective, and Technical architects who are responsible for discussing and identifying the right technical solutions for our clients.; ; We encourage clients to make use of tools we provide giving full visibility of what we do, including access to a service portal to view Service Desk activity. Our incident reports and status reports give clients the information needed if anything does not meet expectations we will be open in our resolution. This forms the basis of agreed KPIs to help gain trust and sustain long professional relationships. ; ; This data is a central focus of Service Reviews and is invaluable in identifying training needs, potential problems or areas where systems aren’t delivering what the organisation needs. This detail has been noted in external quality audits and by vendors specialising in managed service applications and CRM systems.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a tailored training program for the cloud service dependant on the requirements. This can include on-site training, workshops or on-line training. This can even be combined if required. We have a large repository of user documentation that we share on how to use the various elements of the service.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can either be extracted manually by the users over a VPN link or Fifosys can be instructed to provide all of this data on removable media. The user must supply or agree to the costs of Fifosys supplying the media. This data is then removed from our systems and backup.; ; All documentation and configuration items held by Fifosys in relation to the service will be exported from our IT glue online documentation platform and provided to the client in PDF format
• End-of-contract process: Extracting the users live data is included in the price of the contract as are all termination fees. Any media required to export data is not included and this must be purchased by the user or the user must agree to the costs of Fifosys purchasing this on their behalf. The export of historic backups is not included as this can be a time-consuming process and the cost is dependant on how many generations of data need to be exported.

Using the service

• Web browser interface: Yes
• Using the web interface: Access is through a simple and intuitive web-based user interface. You can also use the AWS Console mobile app to quickly view resources on the go.; ; Features that can be performed include:; Administer your AWS account - The Console facilitates cloud management for all aspects of your AWS account, including monitoring your monthly spending by service, managing security credentials, or even setting up new IAM Users.; Finding Services in the AWS Console - You can utilise the search functionality, select services from the Recently visited services section, or expand the All services section to browse through the list of all the services offered by AWS.; Resource Groups - With Resource Groups, you can view collections of resources that share common tags. Streamline your use of the console by creating a resource group for each application, service, or collection of related resources that you work with regularly.; Tag Editor - Use the Tag Editor to easily manage tags for all resource types that support tags in any region.; Requirements; An existing AWS account.; If you sign-in with an AWS Identity and Access Management account, you need to use the account alias that was included in the email address from your administrator.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Users can access the AWS management console via a web browser or mobile device. ; ; Supported web browsers are:; Google Chrome Latest 3 Versions All services; Mozilla Firefox Latest 3 Versions All services; Microsoft Internet Explorer 11 All services; Microsoft Edge 12 All services; Apple Safari 9, 8, 7 All services; ; Further details of the web interface can be found here:; https://aws.amazon.com/console/faqs/
• Web interface accessibility testing: No specific web interface technology testing has been undertaken with assistive technology users, however good practice development methods have been used to optimise the end user experience.
• API: Yes
• What users can and can't do using the API: Amazon API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. Amazon API Gateway has no minimum fees or startup costs. You pay only for the API calls you receive and the amount of data transferred out.; ; There are hundreds of tasks that can be performed with the Amazon EC2 AP such as creating VPC peering connections, updating virtual private gateways, performing snapshots, importing virtual machines, creating subnets, modifying security groups, and creating and updating network or server instances I. Further details of these can be found here:; https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Welcome.html
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Puppet
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. The AWS Command Line Interface User Guide (https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html) walks you through installing and configuring the tool. After that, you can begin making calls to your AWS services from the command line. ; ; A full list of services that can be managed from the CLI can be found here:; https://docs.aws.amazon.com/cli/latest/reference/#available-services

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: When using AWS services your environment is logically segregated to prevent users and customers from accessing resources not assigned to them.; ; AWS services which provide virtualized operational environments to customers ensure that customers are segregated via security management processes/controls at the network infrastructure and hypervisor level.; ; Amazon continuously monitors its the usage of its platform and additional resources can be brought online quickly to cope with prolonged increases in demand.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics:
  • Performance
  • Database connections
  • Custom application metrics
  • Storage Metrics
  • Standard AWS Alert metrics
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Amazon

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Virtual and physical servers
  • Network Attached Storage ( NAS)
  • Storage Area Network (SAN)
  • Database Applications
  • Software Applications
• Backup controls: Users have a high degree of granular options to configure the backup schedule. The backup schedule will be agreed with the client before being implemented.; ; There are options to configure backups via command line or web interface.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We are bound by the Amazon AWS service level agreement. The current services covered by the AWS SLA are:; Included Products and Services; Amazon Elastic Compute Cloud (Amazon EC2); Amazon Elastic Block Store (Amazon EBS); Amazon Elastic Container Service (Amazon ECS); Amazon Fargate for Amazon ECS (Amazon Fargate); AWS will use commercially reasonable efforts to make the Included Products and Services each available with a Monthly Uptime Percentage (defined below) of at least 99.99%, in each case during any monthly billing cycle (the “Service Commitment”). In the event any of the Included Products and Services do not meet the Service Commitment, you will be eligible to receive a Service Credit as below:; Monthly Uptime Percentage Less than 99.99% but equal to or greater than 99.0% = Service Credit Percentage 10%; Monthly Uptime Percentage Less than 99.0% = Service Credit Percentage 30%; ; Further details of the SLA can be found here:; https://aws.amazon.com/compute/sla/; AWS storage via S3 has different SLAs and services credits and these can be found here:; https://aws.amazon.com/s3/sla/
• Approach to resilience: Available on request
• Outage reporting: Any service outages would be reported via email alerts. Any outages would be classed as a priority 1 - High impact incident and follow our high impact incident process. Users would be continuously updated on progress of the issue until resolved.; ; A service health dashboard is available at https://status.aws.amazon.com/. A personalised health dashboard is also available

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Only authorised individuals from our organisation can manage the system and strong authentication is in place. ; ; IAM policies and principles are used to control access to the AWS environment and conditional elements are used to specify the special circumstances under which the policy grants or denies permission. Therefore different permissions can be granted to support and management roles.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication
• Devices users manage the service through:
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 14/12/2019
• What the ISO/IEC 27001 doesn’t cover: The amazon environment as a whole is covered by their own certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Information data security is an essential part of the Fifosys business. The directors recognise the need for its clients and end users information data to remain secure and confidential at all times. Clients and Fifosys internal departments collaborate to ensure that data stays secure. Information data security systems are reviewed at regular intervals and outcomes are made available to other relevant organisations. Current policies exist for the following which are audited each year as part of our ISO 27001 accreditation: Information Security Organisation Classifying Information and Data Controlling Access to Information and Systems Processing Information and Document Purchasing and Maintaining Commercial Software Securing Hardware, Peripherals and Other Equipment Fifosys Personnel Detecting and Responding to Incidents Business Continuity

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We follow the ITIL framework for change and configuration management. All changes are logged in our ERP system - Connectwise and changes must include a reason, the technical steps, the risk assessment, the service impact, a rollback plan, a test plan and a schedule of communications. All changes, once submitted are reviewed by the change management board. All configuration are also tracked in Connectwise with installation date, service/warranty expiry, any 3rd party details and any associated configuration. Automatic updates of configuration items is also performed from our RMM tool, (N-Able) to Connectwise.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We are continually assessing threats to our service. We use automated cyber security tools such as cyberscore from XQ cyber ( A Check service provider) to continuously poll our environment for new threats and suggest remediation plans. We patch our and our clients servers every week using our automated patch management service. We also deploy next generation firewall products with anti malware protection, constantly upgraded from Cisco and we employ automated Ransomware protection across all our servers. We get our sources of threats from our multiple partners including, Microsoft, Cisco, VMware, XQ Cyber and N-able
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use our proactive monitoring tool (Nable), to identify threats. This monitors all aspects of the environment from servers to networking to anti-virus. Data is also proactively monitored for RansomWare attacks through our backup solution. When a threat or compromise is detected a ticket is automatically logged in our ERP system (Connectwise) and handled as a priority 1 ticket. We respond to these incidents within 15 minutes
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management process is based on the ITIL framework for service management. Incidents are categorised into service issues where IT has failed and support issues where IT hasn't failed i.e. a new user request. We have pre-defined processes for common events such as new users, subject access requests, permission changes, mobile device setup, upgrade and client specific common tasks. Users can report incidents via phone, email or online portal. Incident reports are provided to pre determined stakeholders in PDF format for high impact incidents and users can check directly in the online portal for normal or low impact incidents.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: Xen; EC2 Hypervisor
• How shared infrastructure is kept separate: Different instances running on the same physical infrastructure are isolated from each other via the Xen hypervisor. In addition, the AWS firewall resides within the hypervisor layer, between the physical network interface and the instance's virtual interface. All packets must pass through this layer, thus an instance’s neighbours have no more access to that instance than; any other host on the Internet and can be treated as if they are on separate physical hosts. The physical RAM is separated using similar mechanisms.; Customer instances have no access to raw disk devices.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a part of our Environmental policy we are committed to continual improvement throughout our business operations to lessen our impact on the local and global environment by conserving energy, water and other natural resources. Our Environmental Initiatives include: • Reducing energy and fuel consumption. • Incorporating sustainability considerations into our supply chain. • Saving energy by using energy efficient lighting and equipment • Encouraging flexible working and reducing the need for face to face meetings through the use of technology such as Teams. • We adopt a “cloud first” approach to technology

  Covid-19 recovery

  Fifosys have taken a number of steps to aid Covid 19 recovery for both employees and customers such as: For employees - Hybrid working model with dedicated work from home time each week. Improved workplace conditions such as sanitising stations and social distancing. For organisations - Applying discounts to allow businesses to recover financially. Changing the underlying architecture to allow users to work from home more effectively. Introducing new communications solutions to allow better collaboration and communication. We have created significant employment opportunities by bringing some of our offshore services back to the UK.

  Equal opportunity

  We are committed to providing equality of opportunity in our employment practices and procedures, and to avoiding unlawful discrimination being suffered by our employees, job applicants, clients or customers. We will not discriminate directly or indirectly in recruitment or employment because of age, disability, sex, gender reassignment, pregnancy, maternity, race (which includes colour, nationality and ethnic or national origins), sexual orientation, religion or belief, or because someone is married or in a civil partnership. These are known as "protected characteristics”. We will not discriminate unlawfully against customers, contractors, suppliers or visitors using or attempting to use the goods, facilities and services that we provide. This aim of this policy is to assist us in putting this commitment into practice to ensure all our employees are treated fairly, respectfully and without prejudice, so that you are able to maximise your full potential, and do not commit and/or are not subjected to unacceptable and unlawful acts of discrimination. Our policy is implemented in accordance with the Equality Act 2010 and all other appropriate statutory requirements and has been compiled after consideration of all available guidance and relevant Codes of Practice. We will strive to ensure that our work environment remains positive, free from harassment and bullying, and that everyone is treated with dignity and respect at all times in maintaining and sustaining equal opportunities in employment.

  Wellbeing

  We promote a healthy work environment through our employee corporate wellbeing policy, initiatives include: • Adopting a hybrid work environment for all employees • Free fresh fruit deliveries • Regular Mindfulness and wellbeing sessions • Health insurance • A culture of support and celebration of achievements

Pricing

• Price: £0.01 a megabyte a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The free trial option allows users to gain free hands-on experience with the cloud platform and services.; ; For 12 months the following services are free. 750 hours of virtual compute, 30GB storage, 50GB content delivery.; ; Compute is limited to micro servers
• Link to free trial: https://aws.amazon.com/free/?awsf.Free%20Tier%20Types=categories%2312monthsfree

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at m.patel@fifosys.com. Tell them what format you need. It will help if you say what assistive technology you use.