JKloud Hosting

Service scope

Service constraints: Services are primarily only constrained by the limitations of the technologies and client budgets, although we do our best to implement solutions to overcome the limitations where possible through comprehensive engagement
System requirements: Licences for operating systems

Licences for cloud services such as Microsoft 365

Licences for cloud services such as Microsoft Azure

Licences for management solutions such as Microsoft Endpoint Manager

Licences for specific platforms

User support

Email or online ticketing support: Email or online ticketing
Support response times: Depending on the priority and urgency of the ticket we respond to tickets between 30 min and 2 hours. Priority 1 tickets our first response time is within 30 min, Priority 2 within 1 hour and Priority 3 within 2 hours. Our service desk is closed over weekends so any issues raised over a weekend are handled in the following week.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
Web chat accessibility testing: Web chat is accessed via our live webchat widget on our website www.joskos.com. This is directly linked to our ticketing system and our support desk. Customers can directly speak with one of engineers, initiate a remote session and share their screen if required directly from the chat.
Onsite support: Yes, at extra cost
Support levels: We can provide both a technical account manager and a cloud support engineer if required by the customer and is subject to the customers needs and budget. We can adapt our services to meets the needs of our customers and provide anything from just remote support to a fully comprehensive cloud managed service support.
Support available to third parties: No

Onboarding and offboarding

Getting started: We provide a mixture of documentation, online training, videos and also onsite training and CPD which is done by our in-house team. We will conduct a service launch session online where all users are invited as this will be recorded so it can be accessed in their own time again. We provide how to guides which are saved into the service page when they login and for certain users we also have physical how to guides to place in their workplace, We can conduct bite size refresher sessions throughout the year to accomodate any new staff.
Service documentation: Yes
Documentation formats: HTML

ODF

PDF
End-of-contract data extraction: Onboarding and offboarding documentation is accessible through a secure, invite-only link to a shared workspace. This ensures that sensitive information remains protected and is only available to authorised personnel.

At the end of the contract we provide a full documentation pack via an encrypted and secure link and this is then provided to the customer for them to access and download all thier documentation, credentials and passwords are transferred securely using our password and credentials vault software. Once the customer has confired they have all their documentation and credentials we destroy the data in line with our data retention policy after 30 days from receiving notice from the customer.
End-of-contract process: At the end of the contract the customer has the opportunity to either renew the contract or not. They need to provide suitable notice of 6 months prior notice to cancel the contract which will initiate the offboarding process. Should the client not wish to renew the contract then there are no fees for the offboarding process. The client will be expected to settle all payments of the service in full as per the initial contract terms. Should the customer wish to renew then we would present the new contract fees to include any adjustment in line with CPI, adapt services based on feedback etc and adjust the new contract accordingly.

Using the service

Web browser interface: Yes
Using the web interface: We have a client support portal which users can access via the web aligned to their work email address. This portal allows to them view, monitor, add notes and updates to tickets and track their tickets raised with our support desk as well as raise new tickets via the portal. Users are setup by our service desk and recieve a link to access the portal. Users are categorised into certain groups which determines the level of detail they can see through the cloud dashboards - i.e. Senior Management will have more detail on activity across the whole organisation as opposed to a staff member who will only see their personal ticket log.
Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
Web interface accessibility testing: User can access our help centre using the https://support.joskos.com/portal/ link. Once they are signed up they can access our help topics, articles, community areas as well as raise tickets and view, monitor and respond to tickets via the help centre. As this is browser based they can use the assistive technology functions on their device and browser.
API: No
Command line interface: No

Scaling

Scaling available: Yes
Scaling type: Automatic

Manual
Independence of resources: We allocate the appropriate infrastructure from Microsoft Azure datacenters to that clients organisation which does not crossover with other users/organisations. The Microsoft Azure datacentres in the UK load balance to ensure there is appropriate resource allocation between customers.
Usage notifications: Yes
Usage reporting: Email

Analytics

Infrastructure or application metrics: Yes
Metrics types: CPU

Disk

Memory

Number of active instances
Reporting types: Reports on request

Resellers

Supplier type: Reseller providing extra features and support
Organisation whose services are being resold: Microsoft Azure and Google

Staff security

Staff security clearance: Staff screening not performed
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: In-house
Protecting data at rest: Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Hardware containing data is completely destroyed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery: Yes
What’s backed up: Microsoft 365, Azure, Server level backups, database backups

Virtual machines can be restored down to file level
Backup controls: As part of the backup implementation project the users will engage with our solution design team to request their preferences on the backup schedule. They are provided with suitable access to the backup console and can contact the support team in the first instance to discuss any future changes needed to their backup requirements by logging a ticket.
Datacentre setup: Multiple datacentres with disaster recovery
Scheduling backups: Users contact the support team to schedule backups
Backup recovery: Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: The Service Level Agreements (SLA) relate to Microsoft’s commitments for uptime and connectivity for Microsoft Online Services.

The current SLA is available for download and covers Azure, Dynamics 365, Office 365, and Intune. - https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1
Approach to resilience: Our solutions are designed and implemented with redundancy in mind, including power. Virtual machines and infrastructure are clustered and geo-redundant where feasible.
Outage reporting: Outages are reported through email alerts and phone call via the dedicated Service delivery allocated to each client. There is a clear plan of action and communication plan outlined at the beginning of the service going live should an outage occur.

Identity and authentication

User authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google apps)

Dedicated link (for example VPN)

Username or password
Access restrictions in management interfaces and support channels: We use Single Sign On with Multi-factor Authentication wherever possible. We also employ Microsoft Entra ID conditional access policies to enforce device heath requirements, geographical and time based restrictions.
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Dedicated link (for example VPN)

Username or password
Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: Between 1 month and 6 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: Citation ISO
ISO/IEC 27001 accreditation date: 28/03/2024
What the ISO/IEC 27001 doesn’t cover: We are fully covered by ISO27001:2022 and includes all aspects of information security
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: The Managing Director has approved the Information Security Policy. Overall responsibility for Information Security rests with the ISMS Manager. Day-to-day responsibility for procedural matters, legal compliance, maintenance and updating of documentation, promotion of security awareness, liaison with external organisations, incident investigation and management reporting etc. rests with the ISMS Manager. Day-to-day responsibility for data protection rests with the Data Protection Officer (DPO). Day-to-day responsibility for technical matters, including technical documentation, systems monitoring, technical incident investigation and liaison with technical contacts at external organisations, rests with the ISMS Manager. All employees or agents acting on the Organisation’s behalf have a duty to safeguard assets, including locations, hardware, software, systems or information, in their care and to report any suspected breach in security without delay directly to the ISMS Manager. Employees attending sites that are not occupied by the Organisation must ensure the security of the Organisation’s data and access their systems by taking particular care of laptops and similar computers and of any information on paper or other media that they have in their possession. The ISMS Manager is responsible for drafting, maintaining and implementing this Security Policy and similarly related documents.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Any configuration or change request follows our very clearly defined ISO27001 and ITIL process for change management. A change request ticket is raised in our ticketing system which is then reviewed and the CAB is setup. The request goes through the following steps to determine the risks and outline the change plan.
Scope Definition
Change Request Submission
Change Evaluation
Change Approval
RIsk Assessment
Change Implementation
Change Verification
Documentation
Monitoring and Review
Training and Awareness
Incident Response
Continuous Improvement"
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: All our services and our internal network is hosted in Azure, we have multiple redundancies in place as well as full cloud backup of all our services and data. We conduct regular penetration testing and vulnerability checks to ensure our network is secure at all times. Patches are automatically deployed and installed in real-time ensuring we are using the latest patches.

We get our information from the following:
NPSA
NCSC
Crowdstrike - Falcon X
Fortiguard - Threatmap"
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Our protective monitoring approach is designed to swiftly identify and respond to potential compromises to ensure the security and integrity of our systems and data as follows:

Identification of Potential Compromises:
We employ a combination of automated tools and manual checks to continuously monitor our systems for any suspicious activities or indicators of compromise.

Response to Potential Compromises:
The incident response team follows predefined procedures and protocols to assess the severity of the incident and mitigate any immediate risks.

Actions may include isolating affected systems, blocking suspicious traffic, or initiating forensic analysis to determine the extent of the breach.
Incident management type: Supplier-defined controls
Incident management approach: Our incident management process is efficient and user-friendly. Users report incidents via email, phone, or our portal, following clearly communicated procedures.

The company ensures employees and contractors understand their reporting responsibilities and the prohibition on attempting to exploit security weaknesses.

Any observed or suspected incidents are promptly reported to the IT Department. Incident management procedures are easily accessible for quick reference.

Incident reports detail the incident, actions taken, and recommendations. We prioritise transparency and swift resolution to minimise disruption.

Secure development

Approach to secure software development best practice: Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
Who implements virtualisation: Supplier
Virtualisation technologies used: Hyper-V
How shared infrastructure is kept separate: Organisations using our service primarily have their own dedicated infrastructure contained within their own cloud provider tenant or on-premises which has no links to any other organisations networks.

Energy efficiency

Energy-efficient datacentres: Yes
Description of energy efficient datacentres: Microsoft datacentres comply with the EU Code of Conduct for Energy Efficient Datacentres by adopting best practices that aim to reduce energy consumption and increase energy efficiency. These datacentres are designed with advanced cooling and power management technologies, as well as using renewable energy sources wherever feasible. Microsoft actively participates in industry-wide efforts to improve datacentre energy efficiency, demonstrating their commitment by aligning with standards that promote sustainability in their operations across the European Union.

Social Value

Fighting climate change

Cloud hosting in Microsoft Azure datacentres supports the fight against climate change by actively working towards net zero greenhouse gas emissions. These datacentres implement energy-efficient technologies and use renewable energy sources, reducing the overall carbon footprint of cloud services. Moreover, through the delivery of contracts, Joskos influences its staff, suppliers, customers, and communities to engage in and support environmental protection and improvement. This comprehensive approach promotes sustainability and awareness, contributing to a broader impact on climate change mitigation efforts.

Pricing

Price: £68.62 to £551.15 a virtual machine a month
Discount for educational organisations: Yes
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Pricing

Service documents

Cookies on Digital Marketplace

JKloud Hosting

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Social Value

Pricing

Service documents