EUROPEAN DYNAMICS UK LTD

EUROPEAN DYNAMICS Hosting Services - EDHS

EDHS are modern hosting services offered from EUROPEAN DYNAMICS'
(ED) Tier-3 datacentres in the EEA. ED has ISO9001, ISO27001, and ISO20000-1 certifications and comply with UK GDPR requirements resulting in reliable and secure hosting services at affordable prices for all UK public sector customers. Add-on service options exist.

Features

• Secure hosting from EEA datacentres
• Modern HPE enterprise server architecture
• Disaster recovery
• Backup
• Encrypted storage
• Highly specialised operation support personnel
• Service monitoring

Benefits

• Value for money
• ISO27001 certified services
• Professional support
• Redundant infrastructure
• UK GDPR compliant services
• ISO20000-1 certified services

£149 a virtual machine a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ibd-uk@eurodyn.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

579751815061278

Contact

Panagiotis Rentzepopoulos
020 34118309
ibd-uk@eurodyn.com

Service scope

• Service constraints: No inherent service constraints.
• System requirements: No specific requirements from the buyer.

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Telephone/Email support workdays/workhours: included in price.; Extended hours/days options: cost detailed in pricing document.; Technical account manager/cloud support engineer included in the standard offering.; We maintain a 3-tier user support service (helpdesk, operational, functional) that escalates internally depending on the issue at hand. Our services are supported by vendor support programmes.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We are able to provide suitable training for standard procedures to customers taking on the service and if required bespoke training can be arranged on request ensuring customers’ proficient use of the service.; Training may include onsite training, online training, and user documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The de-provisioning of the service follows agreed processes, which ensure full access to client data before contract end. ; Special requests such as large volume data storage in offline media and physical transport are also possible after prior arrangement.
• End-of-contract process: At the end of the contract, the decommissioning of the service follows standard processes that include the permanent erasure of all Client data. Cancellation requests can be sent via email or phone by an authorised contact. Service cancellations are handled in line with the Client requirements.; ; Additional costs will be applied where we will need to carry out special instructions related to data transfer, data retention, and any other special services that may be ordered by the Client. Any such services will be carried out after an explicit approval of the relevant costs from the Client, which will be based on a firm quotation from the Service Provider.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Virtual server configuration reserves server and storage resources that are provided independently from the load of other virtual servers.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Virtual machines
  • (Selected) databases
• Backup controls: Users may define the backup scope and schedule. Additional charges may apply. The exact backup specification will be agreed as part of the service definition phase at the beginning of the project.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: All communication of sensitive data is via HTTPS over the public internet - The Service also encrypts sensitive information in order to provide additional protection.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Firewalls + Intrusion Prevention systems protect the perimeter of the service platform - The Service also encrypts sensitive information in order to provide additional protection additional access control/protection.

Availability and resilience

• Guaranteed availability: Core Hours availability better than 99.9%. Detailed information can be found in the Terms and Conditions document.
• Approach to resilience: Our data centres comply with Tier-3 requirements, i.e., they include redundant resources that allow operation even in case of partial hardware failure. We also maintain a separate Disaster Recovery site where operation is able to switch with minimal service disruption (depending on system configuration, we are able to offer a RPO of < 5 sec and an RTO of 30 minutes or less).
• Outage reporting: The usual process of service outage report is through email alerts. In case additional options are required, we may offer specific solutions upon request.

Identity and authentication

• User authentication:
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: There is no management interface available for clients. Support channels are available through alternative means, which all require the intervention of a suitably trained resource. Where the service includes the provision of an incident reporting mechanism, then a username/password combination is used to authenticate. Access to the incident reporting mechanism is not public and it is possible through secure channels.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: TÜV HELLAS S.A. (TÜV NORD GROUP)
• ISO/IEC 27001 accreditation date: 15/07/2022
• What the ISO/IEC 27001 doesn’t cover: The complete EDHS service is within the scope of our current ISO/IEC 27001:2013 certification. There is no EDHS item not covered by our ISO/IEC 27001 certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 22301:2019 (Business Continuity Management)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our Information Security Management System (ISMS) follows ISO27001 recommendations and includes specific processes, roles, procedures, reporting mechanisms and resources necessary to ensure resilience in threats both external and internal.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The Service Provider maintains an asset management infrastructure that tracks all offered services and their components throughout their lifetime. Any change in the configuration of the service are assessed against the ISO27001 documentation to ensure that potential security issues are identified and taken into account before committing said changes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The vulnerability management process is part of the ISO27001 documentation of EDHS. The Service Provider is part of the security issues disclosure method of all software and hardware vendors/communities so as to receive early notification of potential threats. Patches are evaluated and tested as soon as they become available to ensure no conflicts exist in the overall EDHS environment. A patch regression and roll-back procedure is also tested before applying patches to the production environment. Patches are applied soon afterwards, preferably during off hours, especially if service disruption is necessary.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Protective monitoring is part of the monitoring process implemented as described in the ISO27001 documentation of the service. The Service Provider has in place monitoring mechanisms that retrieve information from various sources, such as operating system logs, database logs, network events, etc. A central monitoring mechanism ensures consolidation of events, prioritisation and generation of alert events when security incidents are suspected. The response mechanism is presented in the incident management part of the service description.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The ISO27001 documentation of the ISMS in place includes standard responses to common events that are tested regularly. All involved staff is trained to report incidents as soon as possible through the emergency communication mechanisms in place, which include both electronic and conventional means as appropriate. Incident reporting creation is part of the incident response mechanism so that a trace of all events, activities, decisions, etc. is maintained.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: We base our EDHS offering on HPE blade servers managed by VMWare. Each service is allocated its own VMs resources on a dedicated VLAN and the VMs of each client are fully isolated. The management of this configuration is running on a VMware cluster consisting of multiple physical servers and the security and isolation is maintained throughout the cluster.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: ED’s primary data centre operations are co-located in TI SPARKLE GREECE SA Tier III data centre facilities, which fully comply with the EU’s Code for Energy Efficient Datacentres. The newest TI SPARKLE DATA centre (MMII) in which ED’s infrastructure is co-located is the first Green Data Centre in Greece, maintains a Green Building Certification by LEED (Gold), and is powered solely from renewable sources.; Additionally, the datacentre maintains an ISO14001 Certification for Environmental Management, makes use of Efficient UPS with Li-ion batteries and uses LED lighting. Furthermore, ED’s ICT infrastructure is deployed within an APC Eco-Aisle cold-aisle containment system which manages airflow efficiently and prevents the mixing of hot and cold air, thereby enhancing cooling effectiveness and reducing energy consumption.; The data-centre provider deploys high efficiency Evaporative Free Cooling (EFC) units to cool the data-centre load, and in “free cooling" mode (when outdoor conditions permit) the units utilize ambient air for cooling without the need for mechanical refrigeration, further reducing energy consumption.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  EUROPEAN DYNAMICS (ED) is a group of companies operating primarily from Luxembourg, Belgium, and Greece. We have a branch in London collocated at the premises of our accountant, with no employees. ; We maintain a net-zero footprint in the UK since 2022 when we started keeping records. We issue annual Carbon Reduction Plans that document our contribution in fighting climate change. We advocate environmental protection in our interactions with our employees, contractors, and partners.; For the UK company, our Carbon Reduction Plan is already at zero as it does not have any operations in the UK: all activities are outsourced to other companies of the ED group and the contractual/financial management activities are also carried out abroad. We do not have any transportation activity in the UK. We do not produce any waste and we have no employees.; For other companies in the ED group offering services in the UK, the services are provided remotely (in Software as a Service mode) in all but one contract. With respect to all these contracts, our carbon footprint is zero, as far as the UK is concerned. We have one contract for IT services, which are offered through a UK data centre who is reporting its emissions. ; Based on the above, there are no emission reduction targets as we are already at Net Zero.

  Covid-19 recovery

  To address the negative effects of the COVID-19 pandemic we take the following measures:; • Most of our consultants work remotely. We provide pre-configured laptops enabling secure access through VPN to our resources. This has also a positive impact to the environment, since transport to company premises is no more necessary.; • Bottles containing antiseptic liquid are available on all the floors.; • Posters remind our personnel about standard measures preventing spread of the virus, such as covering the nose and mouth when sneezing, frequent hand wash with soap, etc.; • Scholastic cleaning of WCs and surfaces on which the virus can survive.; • Frequent ventilation of all the rooms by regularly opening windows.

  Equal opportunity

  EUROPEAN DYNAMICS is an equal opportunity employer and applies an Equal Opportunities Policy (EOP) for this purpose. This policy covers all aspects of employment, from advertising of vacancies, selection, recruitment and training to working conditions and reasons for termination of employment.; We take measures to increase the representation of disabled people in our workforce. We support disabled people in developing new skills relevant to our activities, including through training schemes that result in recognised qualifications. ; We regularly monitor the working environment and take appropriate action if necessary to ensure that our EOP operates effectively. Our actions eliminate immediately unlawful direct and indirect discrimination and promote equality of opportunity.; We influence staff, suppliers, customers, and communities to support disabled people. We also take measures to identify and tackle inequality in employment, skills and pay in our workforce. We support career development to help people, including those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to our activities.; Our long-term aim is to proportionally represent all socially disadvantaged groups in the composition of our workforce. We set targets with a fixed timetable for hiring people belonging to groups that are underrepresented in the workforce. Where necessary, specific steps in conformance with relevant legislation are taken to help disadvantaged and/or underrepresented groups to compete for jobs on a genuine equal opportunity basis. Our EOP and the measures for its implementation are based on advice from relevant bodies and in consultation with representatives of our employees.

  Wellbeing

  We promote a healthy work-life balance to prevent our staff burnout and improve retention. We use actions to promote the well-being of our people, such as subscription in team sports academies and training and education by professional fitness trainers.; We also promote collaboration with the community and participate in, sponsor or organise events that support the health and wellbeing in our workforce and the community at large.; We also have an annual program of bonding events aiming to enhance bonding among teams across the company. Events include evening gatherings, parties, and excursions to promote the spirit of corporate affinity.

Pricing

• Price: £149 a virtual machine a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ibd-uk@eurodyn.com. Tell them what format you need. It will help if you say what assistive technology you use.