Meridian IT

Meridian IT Enterprise Managed Cloud Services

Meridian IT's Enterprise Hosting Cloud service provides an easy and cost-effective way to manage your cloud services, utilising either a hybrid cloud, private cloud or a multi-cloud environments. Virtual hosting, IaaS, Application integration, managed hosting and hosting migration are all services we can tailor to client's specific requirements.

Features

• Virtual IaaS or Private IaaS (Public Azure/IBM)
• Remote Monitoring and Remote Management of customer infrastructure systems.
• Application Modernisation, development and integration using many languages
• Managed security service with SIEM services from Meridian's SOC
• Fully managed Data Protection Services for any OS or platform
• Backup services using Commvault, FalconStor, Veeam and IBM.
• Recovery service for business-critical systems, applications, and data
• High Availability, continuous replication of business-critical systems.
• Provision of Public Cloud facilities such as Azure, AWS
• Provision of IBM's Power VS

Benefits

• IaaS can be fixed cost, on-demand or pay-as-you-go basis.
• SLA driven and tailored to fit the customer's business need.
• Avoid technology debt and achieve continuous Digital Transformation.
• Highly flexible approach to hybrid services or multi-cloud services.
• New business critical application integration.
• Best use of Public, Private and on-premise cloud services
• Complete Cyber protection of IBM i, AIX, Linux and Windows.
• Flexible approach to hybrid or fully managed Data Protection Services
• Confidence in Export, Import, transfer process of our Migration Factory
• Reduce costs, increase ROI, reliability and security

£243 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at servicedesk@meridianit.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

598966118451122

Contact

Service Desk Team
0800 085 899
servicedesk@meridianit.co.uk

Service scope

• Service constraints: Meridian IT will work with the client against any constraints they may have. We provide a 24/7/365 service to work best with our clients needs and budget.
• System requirements:
  • Applications and services on IBM Power I & AIX, HPE
  • Applications and services supported on Intel x86 systems
  • Applications and services supported on RedHat, Linux
  • Meridian IT can adapt to the clients requirements.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Severity 1: Critical impact to Business / System resulting in business critical applications being unavailable; 1 Hour response, 24x7. Severity 2: Severe impact to Business / System resulting in use of business critical applications being restricted / slow; 4 Hour response, 24x7. Severity 3: Some Business impact / inconvenience but business processes able to continue; 1 working day response. Severity 4: Minimal or no Business impact, Perhaps requests for information or explanation; 3 working day response.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: Severity 1 Critical impact to Business / system down resulting in Business critical applications being unavailable, 1 hour response – 24*7; ; Severity 2 Severe impact to Business / system resulting in use of Business critical applications being restricted/slow, 4 working hours response; ; Severity 3 Some Business impact/inconvenience but Business processes able to continue, 1 working day response;; Severity 4 Minimal or no Business impact. Perhaps requests for information or explanation, 3 working days response. Prices vary dependant on service option required, i.e. fixed price managed service or call off - reactive support where hourly or day rates are agreed.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Meridian IT will provide the client with a cloud readiness assessment followed by a workshop to fully understand their requirements. This will be carried out by experienced consultants using ‘discovery tools’ for the entire connected infrastructure of a business including all hardware and software components. The raw data is transformed into a management view via an augmentation process so that a clear hierarchy and structure of ownership is presented along with an analytical view of usage and costs. The discovery phase of the service will provide an assessment of which components of the IT infrastructure can be delivered through private or public cloud consumption. It also assesses the business impact of moving to a cloud services so that a holistic view can be taken as to the appropriate level of transformation required to achieve the optimum business results. The customer would be allocated a Service Delivery Manager and Project Manager, who would agree a plan with the customer that would highlight relevant service levels and agreements, along with the various alerts and responses that would be addressed by the Meridian Support Cloud.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: This forms part of the Exit plan. Client Data will be returned within a reasonable period, normally 60 days in an agreed format and method, there are a number of options available for this, upon receiving written instructions from the Client prior to termination or expiration of current agreed contract.
• End-of-contract process: At the End of a contract an Exit Plan is agreed including; Accommodate Exit Planning Meetings/Con calls, liaise with the customer teams. Provide all reasonable access to data, applications and network devices. Liaise with alternative service providers to assist with the transition.; Provide connectivity information. Agree a Data Plan so that access is provided to all relevant data, data is destroyed or archived as required by the customer.; Access is provided so that data Backups can be made either by the customer or other service provider. Hand over all customer system configuration details, security access rights. Hand over all documentation relating to the customer service. Project Management may be chargeable for this dependant on the agreement.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: IBM & Intel Infrastructure Platform (hardware and software), virtualisation with cloud backup and network redundancy.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Node4, Equinix, Pulsant, Dell, Lenovo, HPE, IBM, Cyber, Microsoft, Commvault

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Meridian IT hosts a variety of options for managing data securely, from internal asset management traceability (audited under ISO 27001 and Cyber Essential Plus certifications); data monitoring tools; to our carefully selected tier 3 data centres who each hold ISO 27001, PCI and many other recognised audited accreditations. ; We are able to manage your data security solution against your required landscape covering key areas of weakness. Encryption at rest and in transit is AES256.; Other options available: SIEM technology, intrusion detection, vulnerability management services, PEN testing delivered at three levels: essential, enhanced and elite to accommodate any business requirement.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • All data
  • Evault Cloud Backup
  • Veeam Backup
  • Commvault
• Backup controls: Bespoke backup schedule and data retention available. We will work with the client accordingly to the service being provided.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Network controls – All servers are protected by Firewalls with strict access rules and sensitive information transmitted via VPN connections.
• Data protection within supplier network: Other
• Other protection within supplier network: Network controls – All servers are protected by Firewalls with strict access rules and sensitive information transmitted via VPN connections. Devices and services are logically grouped based and are assigned to Virtual LAN’s which provides network segmentation. Policies and procedures are in places internally to transfer data and are also in line with InfoSec classification.

Availability and resilience

• Guaranteed availability: Typically handled by Service Credits:-eg: Contractor warrants that it will resolve all properly notified Incidents classified as Critical or High within the Target Resolution Time specified in Section 2.3. If Contractor does not resolve these Incidents within the Target Resolution Time, then the Maintenance Fee shall be automatically reduced by the percentage set out below and Contractor shall disburse the respective amounts to Customer:; • by 5% if Contractor fails to resolve more than 10% of notified Incidents within the Target Resolution Time;; • by 20% if Contractor fails to resolve more than 20% of notified Incidents within the Target Resolution Time;; • by 30% if Contractor fails to resolve more than 30% of notified Incidents within the Target Resolution Time;; • by 50% if Contractor fails to resolve more than 40% of notified Incidents within the Target Resolution Time;; • by 60% if Contractor fails to resolve more than 50% of notified Incidents within the Target Resolution Time. Bespoke to each customer.
• Approach to resilience: Multiple data centre locations for high availability and data replication ensures availability within agreed SLAs. Tier 3 Data Centre. Cloud data is replicated between sites. All other specific information can be obtained upon request.
• Outage reporting: SMS, email (automation).

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Our services are managed in line with our clients requirements, we can adapt and tailor to clients access and security management keeping our clients primarily in control. Our Solutions Architecture, Project Management and Technical Services will work closely with our clients to establish the best, safest and most effective approach for a smooth transition of service.
• Access restrictions in management interfaces and support channels: Username and password requirements, employees only.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The British Assessment Bureau on an annual basis.
• ISO/IEC 27001 accreditation date: First accredited on 16th April 2016
• What the ISO/IEC 27001 doesn’t cover: We have no exemptions. All requirements under ISO 27001 are effectively covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 9001 and Cyber Essential's Plus
• Information security policies and processes: Meridian IT hold the ISO27001, ISO 9001 and Cyber Essential's Plus Certificates. We are fully aligned to the ISO 27001 Standard with no exemptions. We have a dedicated Compliance Manager to oversee our compliance assurance and work with our Leadership Team to implement and embed our required ISM practices. Our Leadership team and all employees hold clear and defined responsibilities (RACI) across our security management. Compulsory security training is held annual across all staff, along with a defined competence matrix against role types.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Meridian has a Change Management Policy in line with ITIL which is adhered to.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: A Vulnerability Management Policy is in place and audited both internally and externally (under ISO 27001). ; A Business Continuity is in place covering all our business operations. ; Meridian IT work with various and specifically selected third party vendors and partners to deliver an effective and secure service for our clients in accordance to heir contractual requirements.; Patch and threat management is carried out at least monthly, or as required, as per our clients requests.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Meridian IT have a defined monitoring tools, policy and processes in place. Our protective monitoring is regularly monitored as well as audited both internally and externally under ISO 27001.
• Incident management type: Supplier-defined controls
• Incident management approach: Meridian IT have a defined Incident Management Policy with supporting process in place. Our incident management is audited both internally and externally under ISO 27001.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: IBM Power VM
• How shared infrastructure is kept separate: We separate environments with different VLAN’s and ACL’s (Access Control List’s) defined to restrict access to just the customer.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: We use specially selected Data Centre facilities throughout the UK that have achieved a Tier 3 status with tracked and closely monitored energy efficiency, holding the ISO 15001.; ISO 50001, the most current version being ISO 50001:2011, specifies requirements for establishing, implementing, maintaining and improving an energy management system, whose purpose is to enable an organization to follow a systematic approach in achieving continual improvement of energy performance, including efficiency, use and consumption. It has been designed to be used independently, but it can be aligned or integrated with other management systems.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Meridian IT are proud to be a carbon neutral organisation for our offices and general operations across the UK. To achieve our net zero footprint is by having various workplace initiatives in place and supporting our employees be environmental and sustainable conscious. We are aligned with the Carbon Footprint company to plant trees within Kenya and support the local communities. ; Workplace initiatives include minimum paper printing and use; lights on sensor alerts; recycling printer cartridges; maximised and fit-for-purpose office utilisation to avoid unnecessary space voids reducing footprint and utility usage.; We support our employees by encouraging recycling activities; avoid unnecessary travelling by encouraging remote working and virtual meetings. We actively promote wellbeing, ethical thinking and environmental consciousness through our CSR programmes.

  Covid-19 recovery

  During 2020 and 2021 we formed a matrix COVID Management Team to regularly review our operational and client needs, align with our Business Continuity system, follow the latest UK Governments advice and keep our employees and clients continually informed. We have a risk assessment and policy in place covering all operations, which was regularly reviewed as the pandemic progressed. No clients, operations, workforce, or contractual obligations were affected throughout the COVID-19 pandemic, we successfully maintained the high level of service as expected with a 100% retention rate. Today all business is resumed back to 'normal operations', with the greatest difference being, to continue supporting our employees by encouraging a new way of hybrid working, virtual meetings, and reminders to the ongoing considerations of COVID awareness through management control.

  Equal opportunity

  Meridian IT have an Equal Opportunity Policy and an Inclusion and Diversity Policy in place. Our key suppliers are audited formally each year which incorporates ethical practices and their equal opportunity policies. ; We have a corporate D&I community group, sponsored by our Group CEO, to push and encourage D&I initiatives across our global offices. The purpose is to build a more diverse, open and inclusive company; identify and encourage behaviours that nurture diversity and inclusion; be change agents for equality and inclusion for our workplace and our communities; and, foster a climate and culture in which each employee is accepted and has the opportunity to grow and develop in their career.

  Wellbeing

  Meridian IT have a Wellbeing Policy in place to support our employees whilst at work, including a guide for line managers to best work with their team members identifying signs of potential stress. We support our employees mental health through an independent and confidential external EAP service. Meridian IT have a Corporate Social Responsibility Policy and actively supports selected charities through hands-on employee led activities annually.

Pricing

• Price: £243 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: There is a POC option available which is for a single LPAR for a period of up to 4 weeks. Additional POC options are available such as a second LPAR for DR, costs may apply.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at servicedesk@meridianit.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.