IT SYSTEMS & SUPPORT LIMITED

Cloud Connect for Schools

IT Systems Remote Desktop Service enables school staff to access school network systems remotely getting a full user desktop environment on any device (Windows, iOS, MacOS, Android) at anytime from anywhere, provided they have Internet access.
Access is fully GDPR and ISO27001:2013 compliant as data never leaves the school network.

Features

• Secure access to a remote desktop service
• Fully encapsulated in a secure session separate to your device
• Assessible either via rdp or web client
• Access to all curriculum software for planning and preparation
• Access to finance and MIS services remotely

Benefits

• Secure 256bit end to end encryption
• No integration with client device
• Can be used on major desktop and tablet Operating Systems
• Can be used on major Internet browsers
• A single instance for multiple users
• No additional hardware / device cost for schools for staff

£395.00 to £395.00 an instance a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tcoad@itsystems.uk.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

618843944251763

Contact

Tristen Coad
0343 8868660
tcoad@itsystems.uk.net

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: Service would be dependent on the schools AD infrastructure and abilities to interlink with the desktop service; Service is usually included as the IT Systems Cloud As A Platform Service
• System requirements: Broadband connectivity of at least 100mbps

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within business hours: a two hour response; Out of business hours: next working day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Defined by service levels required by the customer
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provision the service based upon the customers requirements, web address and DNS. We undertake full training on-site with all potential users of the service
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data is extracted by IT Systems and presented in the format customer requires it
• End-of-contract process: Data is held for an additional 30 days and then sanitised from IT Systems backup service

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Customers are able to have their own software installed onto the remote desktop service by IT Systems. Should a client have a follow me print solution we can enable print access allowing clients to send data to print in readiness for being on-site

Scaling

• Independence of resources: The platform service is upscaled and forward-filled to always leave additional capacity on the service and is monitored via system metrics as provided centrally and to the establishment directly; The system is load balanced

Analytics

• Service usage metrics: Yes
• Metrics types: We provide service status and usage metrics to the client
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We enable users to port their data off onto another device or we can provide users their data on a secure device
• Data export formats: Other
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.8% uptime subject to planned maintenance
• Approach to resilience: The platform as a service has internal provisioned resilience in terms of:; - load balancing; - data spread across multiple physical disks; - intelligent routing and logical networking
• Outage reporting: Planned outages for maintenance are planned three months in advance,; Clients are made aware via telephone communication should an unplanned outage occur. They are informed of any external factors potentially contributing to the outage and estimated response times

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Tenants are able to access the management interfaces of their defined tenancy only. IT Systems platform team have sole use of the platform management interfaces
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institute
• ISO/IEC 27001 accreditation date: 24/08/2018
• What the ISO/IEC 27001 doesn’t cover: Customer facing systems
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: IT Systems operates an InfoSec Management Team responsible for the delivery, dissemination and rollout of Information Security policies and procedures within IT Systems. Staff have full access to all relevant policies and procedures with regular training including "toolbox talks" as well as "chalk and talk" sessions. All aspects involving Information Security are reported to the InfoSec Management Team. The team regularly meets to review the Information Security calendar for IT Systems in terms of audits, reviews, training, non-conformances and corrective actions.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change management is initiated by a change request form from either a client or the internal team.; This is logged onto our support desk and processed as a support ticket and implemented upon the client’s confirmation.; Internal change requests are logged and raised in the company weekly service meeting. A formal risk assessment is undertaken to assess the need for the change in relation to any potential risks associated with making the change. If authorised, the change is factored into a planned maintenance schedule with all stakeholders informed. Changes are made, monitored, reviewed, rolled-back as required and then closed off.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Patching and updating of the system is undertaken in a cyclical monthly manner.; Vendor releases are logged, assessed, tested and then implemented as necessary. Should an update require roll-back, this is undertaken as soon as any issues are found.; Critical vendor patch release such as zero-day exploit fixes, are undertaken as unplanned maintenance windows overnight or as soon as vendors release updates to resolve.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: IT Systems utilises PRTG monitoring solution to monitor the platform service status; The infrastructure solution communicates via notification to key personnel should an issue arise.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: IT Systems defines incidents under its non-conformance umbrella. An incident log is created with a non-conformance number issued and raised onto our support desk. The incident is investigated by senior staff to undertake the nature of the incident, initial disposition to undertake immediate corrective action, define timescales and person(s) responsible. Root cause analysis is undertaken to move forward with implementing corrective and/or preventative measures which are reviewed and monitored over a defined timescale. Once this monitoring is signed off the incident is closed. All users affected by said incident are informed in writing and are involved with the incident process.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

  Covid-19 recovery

  IT Systems employees are its most valuable assets. They are the face of our company and instill our ethos, beliefs and practices. Our staff literally are what make IT Systems the company it is both now and in the future. In line with this our company ethos is that a person’s health and wellbeing must always come before the needs of the company. Should staff require time for mental health, physical health and/or medical needs this is given without hesitation, question or with any penalisation. ; We are all human. At these times where we could be potentially at our most vulnerable we should be supportive, empathetic and above all kind to what is going on with others. IT Systems staff are not penalised in any manner; be it financially or leave-based, to recover from mental health, physical health and/or medical needs and are supported throughout.

  Tackling economic inequality

  IT Systems believes in creating employment opportunities for all regardless of socio-economic background and academic qualifications. We do not factor in someone’s socio-economic background when undertaking employment but are more interested in the type of person they are. Coupled with this IT Systems offers a robust and well-rounded apprenticeship programme tailored to the individual to empower them to raise their skill set and knowledge in an ever changing and progressive industry.; IT Systems proactively encourages all its employees to enhance and grow their skill set. To do this, we as a company do not believe learning should be stymied by factors such as cost or, if required, travel. Any and all barriers are removed from professional development as a matter of course to enable our staff to be the very best they can be.; Further afield from our own staff, IT Systems feels duty bound to actively progress members of our own supply chains to raise standards for all. We believe in home-grown talent and excellence. As such, IT Systems actively promotes using companies in our supply chain that are local and/or reside in our region. In doing this we are not only raising the profile of our local and regional environment but also providing quality employment to people in our area.; As an ISO 27001:2013 company with UK-GDPR Practitioners we provide complimentary data security and GDPR training to all members of our supply chain. In the first hand this enables us to ensure our supply chain meet our needs in terms of data protection and information security. In doing this however, companies in our supply chain are enhanced and can expand their opportunities in confirming their awareness, alignment and working to national and internationally recognised standards.

  Equal opportunity

  IT Systems prides itself in its commitment to equality and diversity in the workplace. As a company, we view competency and capability above gender-based, sexuality-based and disability-based stereotypes. In a widely male-dominated industry, IT Systems is proactive in raising the profile amongst women (including all who identify as women) of opportunities to enter the IT sector.; At IT Systems we do not believe opportunities for development and progression should be dictated by ones background. Our employment process disregards people’s socio-economic background as a factor for employment and focuses on the quality person themselves. Our apprentice programme gives individuals from all socio-economic backgrounds the opportunity to gain industry recognised qualifications and experience work life in the IT sector. ; IT Systems is encouraged that equality is instilled in the company as:; • 30% of IT Systems staff do not identify as male; • Over 20% of IT Systems are members of the LGBTQ+ community; • IT Systems workplaces are recognised as being DDA compliant; • IT Systems staff come from a variety of socio-economic backgrounds; • Over 40% of IT Systems staff have either undertaken or are currently undertaking an apprenticeship route to qualification

Pricing

• Price: £395.00 to £395.00 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tcoad@itsystems.uk.net. Tell them what format you need. It will help if you say what assistive technology you use.