Intercity Technology Limited

Microsoft M365 Backup

Microsoft 365 Backup ensures comprehensive data protection and recovery for Exchange Online, SharePoint Online, OneDrive, and Teams data. It safeguards against accidental deletions, ransomware, and data loss. It provides automated backups, granular recovery options, and secure cloud storage. Ideal for businesses ensuring data resilience and compliance.

Features

• Backs up Exchange Online, SharePoint Online, OneDrive and Teams
• Immutable storage, providing disaster recovery against ransomware attack
• Software solution, with no need for additional equipment
• eDiscovery using Explorer tools available to the administrator and users
• Free trial, then monthly or annual contract term
• Data stored in our UK private cloud
• 24x7x365 support, with 30-minute response for a P1 incident
• Easy to scale the quantity of users
• Object storage optimising performance against cost
• Based on Veeam Backup for Office 365 and Cloud Connect

Benefits

• Backup data as often as every 5 minutes
• Storage in Microsoft's native format speeds up file recovery
• Easy to use, with Explorer-like backup management tools
• User access to perform own restorals, e.g. recover deleted email
• Free trial, with no commitment
• Safeguards against accidental deletion, ransomware and data loss
• UK data sovereignty with data backed up in UK DCs
• 24x7x365 support, with 30-minute response for P1 incidents
• Based on Gartner MQ leading Veeam backup and recovery software
• Compliance and retention with policies tailored to customer requirements

£143.46 a terabyte a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@intercity.technology. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

595739428182082

Contact

Elise Sheridon
0330 332 7933
tenders@intercity.technology

Service scope

• Service constraints: None
• System requirements: An existing M365 subscription

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: End of next working day, where working days are defined by the support level taken by the customer.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support level depends on support hours selected.; ; Support hours options:; - Mon-Fri 08:00-19:00; - Mon-Fri 19:00-08:00; - 7 days 08:00-19:00; - Fri-Mon 19:00-17:00; - 7 days, 24/7; ; Cost depends on the option selected, and the quantity of users (see pricing).; ; We provide a cloud engineer where required to resolve an incident.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We set up via remote access the service in the customer's environment.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Given that this is a backup service, the customer is advised to make a full final restoral of their data from their backup.
• End-of-contract process: * The customer's data is securely deleted from our systems; * The customer's login credentials to our systems are deleted; * The above are included in the price of the contract; * There are no contract end fees to pay

Using the service

• Web browser interface: Yes
• Using the web interface: Users can create, manage and delete back-up tasks.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Accessible via web browser
• Web interface accessibility testing: None
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: * Storage allocation per customer; * Traffic shaping within our private network
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • Disk
  • Network
  • Number of active instances
  • Other
• Other metrics: Availability
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Exchange mailboxes, folders, messages, tasks, contact and items
  • SharePoint sites, libraries and items
  • OneDrive for Business items and folders
  • Teams teams, channels, tabs, posts and files
• Backup controls: Users configure the content and frequency of each backup.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks: IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Incident priority | Update frequency | Resolution target; P1 | 30 minutes | 4 hours; P2 | 1 hour | 8 hours; P3 | 8 hours | 24 hours; P4 | 1 business day | 48 hours; ; Service credits (P1 incident exceeding resolution target):; Hours exceeding resolution target | Service credit (% of recurring charges); >0 and <=12 | 10%; >12 and <=24 | 25%; >24 and <=72 | 50%; >72 and <= 120 | 75%; >120 | 100%
• Approach to resilience: Designed to Tier 3 specification - 99.98% uptime, with N+1 resilient systems. Additional detail available on request.
• Outage reporting: Email alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Authentication is based on defined client criteria. They will connect via a dedicated secure and encrypted VPN configured specifically to provide access to the services they have subscribed to. They will authenticate using dual-factor authentication which requires a valid userID, plus a password and a time-synchronised token. The token can be hardware or software based, and will be synchronised to their account providing a Time-Based One-Time password (TOTP) security to the account. This ensure that only a valid, predefined user can access their service portfolio.
• Access restrictions in management interfaces and support channels: All management interfaces are isolated on dedicated equipment and accessible only from a secure operations centre. All support activity is also isolated to the operations centre.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOAQR Limited
• ISO/IEC 27001 accreditation date: 28/09/2016
• What the ISO/IEC 27001 doesn’t cover: There are no exclusions to ISO/IEC 27001.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001 and Cyber Essentials Plus; ; Within our Finance, Commercial and Quality shared services team, our Compliance Manager is head of the Quality function, reporting into our CFO. Within our Chief Operations Office, our Security, IT and Product Director reports into our Chief Operations Officer. Our CFO and COO report into our Group MD, who reports into our CEO.; ; Joiners are taken through an induction process, which includes introducing them to the infosec policies and processes relevant to their role.; ; Our Continuous Personal Development program applies to all staff, providing mandatory eLearning and trainer-led courses, including infosec.; ; We use a proactive anti-phishing application to monitor staff awareness of and adherence to a disciplined approach to email and browser usage.; ; .

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change management in accordance with ITIL standards. Customers request change using form template. Intercity Change Advisory Board reviews all changes. Decision to make change is subject to risk analysis.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We conduct vulnerability assessment on our network and systems every 6 months.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Service monitored 24x7 and monitored events escalated to second line for evaluation and remediation.
• Incident management type: Undisclosed
• Incident management approach: Users raise incidents via email or phone. Intercity report incidents via email

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Intercity’s data centres are complaint to ISO27001 – Information Security, ISO14001 – Environmental Management as well as being aligned to IL3 specifications. Intercity has not yet signed up to the voluntary EU code of conduct for energy-efficiency and so is unable to confirm compliance however, Intercity does have an environmental management policy in place which includes an energy efficiency initiative and are looking into signing up to the adherence of the EU code of conduct for energy-efficiency.

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  We are committed to reducing our environmental impact and continually improving our environmental performance as an integral and fundamental part of our business strategy and operating methods. ; ; Our policy is to: ; ; • Support and comply with or exceed the requirements of current environmental legislation and codes of practice. ; • Minimise our waste and reuse or recycle as much of it as possible. ; • Minimise energy and water usage in our buildings, vehicles, and processes to conserve supplies, and minimise our consumption of natural resources, especially where they are non-renewable. ; • Apply the principles of continuous improvement in respect of air, water, noise, and light pollution from our premises and reduce any impacts from our operations on the environment and local community. ; • As far as possible purchase products and services that do the least damage to the environment and encourage others to do the same. ; • Assess the environmental impact of any new processes or products we intend to introduce in advance. ; ; We’re certified to ISO140001:2015 and a member of two Corporate Social Responsibility (CSR) initiatives - Global Compact and Eco Vadis.; ; • The EcoVadis sustainability assessment methodology evaluates how well a company has integrated the principles of Sustainability/CSR into their business and management system. ; • The methodology is built on international sustainability standards, including the Global Reporting Initiative, the United Nations Global Compact, and the ISO 26000, covering 200 spend categories and 160+ countries. ; • The Sustainability Scorecard illustrates performance across 21 indicators in four themes: Environment, Labour and Human Rights, Ethics, and Sustainable Procurement. ; • Intercity Technology’s current EcoVadis score for 2022 – 2023 is 81% (up from 68% in previous years). ; • We have been awarded by EcoVadis a platinum medal in recognition of our sustainability achievement for our score which is in the top 1%.

Pricing

• Price: £143.46 a terabyte a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: * 1 domain only; * up to 5 user accounts and 100GB of storage; * weekly service reviews; * up to 30 days

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@intercity.technology. Tell them what format you need. It will help if you say what assistive technology you use.