Skip to main content

Beta Help us improve the Digital Marketplace - send your feedback

BOM Group Ltd

Managed Data Centre Colocation

Data Centre Colocation provides for secure hosting of server hardware in highly redundant fit for purpose facilities.

Features

  • High Availability Colocation Data Centres
  • High Availability Connectivity

Benefits

  • Provides for high availability/access of services
  • Provides high levels of security
  • Provides remote access
  • Helping meet governance and compliance requirements

Pricing

£200 to £10,000 a unit

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david.trump@bom.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 3 8 9 6 9 7 7 9 8 7 1 6 6 9

Contact

BOM Group Ltd David Trump
Telephone: 07769672111
Email: david.trump@bom.co.uk

Service scope

Service constraints
N/A
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
Dependant on specific agreed SLA's
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Access to dedicated senior technical engineer and bespoke support levels per customer
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Stage and deliver buyers applications and tools into the colocation site
Service documentation
No
End-of-contract data extraction
Buyers can copy data which is needing to be removed. BOM destroy all backups in line with the service schedule.
End-of-contract process
The buyer must clear all outstanding balances prior to the service ceasing. BOM destroys all information relating to the buyer securely and decommissions the colocation.

Using the service

Web browser interface
No
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
The datacentre and resources within it are monitored with the customer being immediately notified if an event is identified.
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Memory
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Vantage

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files
  • Folders
  • Virtual machines
  • Physical machines
  • Data bases
Backup controls
User are unable to control backups as this is a managed service, however, users can specify the frequency data is backed up.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
All contracts are bespoke per customer where support levels are agreed.
Approach to resilience
The data centre campus provides N+N topology for redundancy. A unique dedicated 400kV substation on campus connects, directly and privately, to the U.K. SuperGrid.

All racks are fitted with redundant power, redundant internet connections. Devices are deployed in HA clusters and colocation's. Regular backups are preformed regularly with the frequency stipulated with the service schedule.
Outage reporting
Email
Phone

Identity and authentication

User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Management interfaces are restricted to supplier only access.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
14/02/2024
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
BOM follows the ISO 27001 Information Security framework and have implemented a reporting structure compliant to ITIL

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
BOM follows the ISO 27001 Information security framework and have implemented change management standards following the ITIL process.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
A combination of security tools are used to provide a holistic view of the businesses vulnerabilities. These include:

Vulnerability Management Detection and Response (VMDR)
Endpoint Detection and Response (EDR)
Managed Extended Detection and Response (MXDR)
Processes, procedure and plans as set out in the ISO 27001 framework
Threat intelligence reports and vendor specific communications
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
A combination of security tools are used to provide holistic monitoring of the businesses. These include: Vulnerability Management Detection and Response (VMDR) Endpoint Detection and Response (EDR) Managed Extended Detection and Response (MXDR) Processes, procedure and plans as set out in the ISO 27001 framework Threat intelligence reports and vendor specific communications
Incident management type
Supplier-defined controls
Incident management approach
As set out in BOM's ISO 27001 all policies, processes, procedures and plans are in place and have been tested.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
All customer infrastructure separated through specific VLANs, Hypervisor level access control and firewalls.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Deployment of the latest cooling technologies to provide industry leading PUE's, using 100% renewable energy sources as well HVO fuelled generators

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Wellbeing

Fighting climate change

By adopting cloud-based SaaS products, organisations can remove on-premises infrastructure and reduce their carbon footprint.

Covid-19 recovery

Advanced security management helps organisations better protect themselves against increasing cyber threats, giving peace of mind and reducing risk - to support long-term success from attacks that could case reputational and costly damage.

Wellbeing

Through automations and system integration, staff benefit from reduced time-consuming manual tasks and their time can be better spent on beneficial activities that bring better work satisfaction. With enhanced security protection, staff also have greater peace of mind and less workplace stress.

Pricing

Price
£200 to £10,000 a unit
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david.trump@bom.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.