MS INFOTECH LTD.

Managed Cloud Services

We provide hosting services for any kind of applications to various cloud solutions like AWS, Azure, Google Cloud etc.

Features

• Cloud Hosting Services
• Application development
• Digital Transformation
• Agile
• Data
• Cybersecurity

Benefits

• Deploy the application to the cloud and provide maintenance support
• Develop a custom applications with a multidisciplinary team
• Our services enable digital transformation in your business flow
• Agile development allows rapid software development
• Our data science experts provides best insights of your data
• Implement cyber security best practices
• Containerize deployment strategy via infrastructure as Code

£200 to £600 a person a day

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@msit.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

610535052094252

Contact

Shital Jamod
+44 7459 897607
contact@msit.co.uk

Service scope

• Service constraints: Services availability depends on cloud service provides i.e. AWS, Azure, Google cloud etc
• System requirements:
  • All software licenses should be purchased by buyers
  • Internet Connectivity
  • Depending on application architecture

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: All kind of support provided based on support agreement, SLA defined based on priority of requests. For example ( High - within 2 hours, medium within 8 hours and low within 2-3 days)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We have chatbot service, we can allocate dedicated staff based on project requirement to provide web support.
• Web chat accessibility testing: We have few clients who are currently enrolled for this service and have chatbot accounts provided to them.
• Onsite support: Onsite support
• Support levels: We provide dedicated full time support or part time support based on project. ; ; Support levels can be defined based on project requirements; ; Resources can be assigned based on complexity of the project as well as based on delivery timeline
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a dedicated team of engagement manager, technical staffs, business analysts etc based on project requirements during application delivery phase; ; We provide hands-on training, documentation and onsite support (if needed) during the application maintenance phase
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We provide a complete backup of all the resources and documentation for restoring them on any other platform at end of contract
• End-of-contract process: End of the contract follows the terms and conditions mentioned in call of the contract document

Using the service

• Web browser interface: Yes
• Using the web interface: We utilize the latest industry-standard to collaborate like slack, Jira, confluence, Microsoft office tools etc with various clients; ; Users can reach out to daily support requests, we provide dedicated account for each clients ; ; We provide dedicate application monitoring via various tools like Opegiene, pager duty etc
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: We provide dedicate client area to all our customers to support their daily needs and collaboration of documents
• Web interface accessibility testing: We havent done testing of web interface yet, however we follow industry best practices.
• API: Yes
• What users can and can't do using the API: All major cloud service providers have API for their services
• API automation tools:
  • Ansible
  • Chef
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
• Using the command line interface: All major cloud service providers have CLI for their services

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: We implement auto scaling based on resource needs so with demand resources will automatically scaled up or down
• Usage notifications: Yes
• Usage reporting:
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: AWS, Microsoft Azure, Google Cloud, Digital Ocean, etc

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Databases
  • Source code ( infrastructure and application)
  • Documentation
• Backup controls: We configure backups based on user requirements
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLAs are depending on service priority mentioned in the call of contract document; ; In case of missing SLA, we provide compensation to client in terms of extra services and free support
• Approach to resilience: We provide consultancy on best usage of well known cloud providers which are already resilient in terms of their backup services
• Outage reporting: A public dashboard; email alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: We make sure that only resources assigned to particular project have access to all communicate mediums and we do full audit trail every month. ; ; All resources use multi factor authentication to login on any platform we provide them to work.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: No
• Security governance approach: We are following all security governance best practices, however we are in process of getting certified on security governance.
• Information security policies and processes: We are following NDA mentioned in the call of contract document

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We provide full documentation of all our services and we manage changes of any of the services via agile tools with audit logs; ; We maintain at least three different environments of live services so before applying any changes we test those changes minimum 2 times on separate environments.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We conduct penetration testing before launching any service and we also schedule pen test after certain period on all live services; ; We do not expose any critical infrastructure on public internet; ; Our cyber security trained staff maintains patching and threat management on all infrastructure.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We implement live dashboard to scan and report any threat. We use certain third party softwares to identify potential compromises. ; ; We have alerts system configured in case of compromises and we respond high priority alerts immediately (24x7)
• Incident management type: Supplier-defined controls
• Incident management approach: We are using various tools like Jira, Confluence, Slack, Opsgiene, Pager duty etc which provides us better process to manage any incidents.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: AWS, Microsoft Azure, Google Cloud, etc
• How shared infrastructure is kept separate: Different organisations have separate accounts which provides highest level of isolation

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: We are using cloud hosting which are adhering all standards

Social Value

• Fighting climate change:

  Fighting climate change

  MSIT support every efforts for fighting climate change
• Covid-19 recovery:

  Covid-19 recovery

  MSIT supports all government initiatives for reducing covid-19 spread and allowed all employees to work from home
• Equal opportunity:

  Equal opportunity

  MSIT provides equal opportunity to each employees and follow government guidelines with each requirements.
• Wellbeing:

  Wellbeing

  MSIT considers every possible actions for employees wellbeings.

Pricing

• Price: £200 to £600 a person a day
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free trial subscriptions are available from cloud service providers

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@msit.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.