BSC LONDON LTD

Cloud Database Migration

Design and implement cloud solutions for database migrations

Features

• Real-time monitoring
• Remote access
• Cloud support
• Online reporting

Benefits

• Single version of truth in one platform
• Low management costs
• High up-time ratio with cloud service
• Low licencing costs

£749 to £1,029 a unit a day

• Education pricing available

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at burak@bsclondon.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

546193132746889

Contact

Burak Tufanoglu
07521088136
burak@bsclondon.net

Service scope

• Service constraints: Clients must have an active cloud account
• System requirements:
  • Cloud tenancy
  • Required licences

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: In 4hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Level 1 - Urgency; Level 2 - Moderate; Level 3 - Routine
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite/Online training and documentation
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: By request
• End-of-contract process: Delivery and handover training/documentation

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: All requests go through approval process
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines
  • Databases
• Backup controls: Backups can be set up on a required schedule
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Depending of the urgency available 5 days a week between 09:00-17:00
• Approach to resilience: Its available on request
• Outage reporting: Via web interface within a dashboard

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: By credentials with MFA
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Security is based on Microsoft Azure standards
• Information security policies and processes: As per Microsoft Security policies

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All change requests are accepted through a CAB approval process
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: As per Microsoft Azure standards
• Protective monitoring type: Undisclosed
• Protective monitoring approach: As per Microsoft Azure standards ; All potential risks and incidents are reported within 2 days
• Incident management type: Undisclosed
• Incident management approach: Incidents are reported by email/sms/call; Monitoring report are provided in email

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Microsoft Datacentres

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Approaching everyone equally as long as fits the requirement no matter what ethnicity, religion or race they are following the national regulations

Pricing

• Price: £749 to £1,029 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at burak@bsclondon.net. Tell them what format you need. It will help if you say what assistive technology you use.