Q Associates Limited

Q_Rubrik Microsoft 365 SaaS Backup

Policy-based protection of Microsoft 365 via its Rubrik SaaS platform. Built on a zero trust architecture, the solution offers unprecedented security, simplicity and performance for search and restore operations across Exchange Online, OneDrive, SharePoint, and Teams. Safeguard from data loss with automated protection at enterprise scale and rapid data recovery.

Features

• PROTECT FROM RANSOMWARE
• air gapped protection separates backups from the Microsoft 365 tenant
• Isolated backup ensures ransomware recovery readiness
• Quickly restore Exchange Online, SharePoint, OneDrive, and Teams data
• Easily locate data with global, predictive, file-level search
• Recover with near zero RTOs and to maintain business continuity.
• Secure and always accessible through a single, intuitive dashboard.
• One SLA policy across enterprise cloud and SaaS apps.
• A secure connection with your Microsoft 365 subscription

Benefits

• Recover from Ransomware
• Protect Exchange Online, OneDrive, SharePoint, and Teams
• Browse point-in-time snapshots for fast recovery.
• Restore entire OneDrive, site, mailbox, even individual folders and items
• Eliminate management burden and maintain predictable cloud costs
• Protect Cloud Workloads
• Native protection of Office 365
• .Easily restore accidentally-deleted SharePoint lists
• Optimize processes and increase operational efficiency
• Recover Teams channel posts to the same Teams channel

£3.60 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@qassociates.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

648719804345407

Contact

Adam Freeman
01635 248181
tenders@qassociates.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Office 365 Backup - for SharePoint, Exchange, OneDrive, Teams, Project, & Groups; Backup for Microsoft Dynamics 365 - for production and sandbox environments
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: A Valid subscription to the services to be backed up

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: "Severity 1 response within 30 minutes; Severity 2 response within 2 hours; Severity 3 response by the same time next business day; Severity 4 response within the next business day"
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: "Essential Support provides:; - Access to technical support provided by telephone on a 24x7 basis; - Access to the Rubrik technical support website on a 24x7 basis; - Continuous Efforts support for Severity 1 Cases (upon customer request); - Access to Hot Fixes and Patches; - Access to Software Version Upgrades"
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: SaaS Backup has a simple Onboarding and offboarding process. Once an account has been provisioned the admin can login and setup the initial backup. All documentation is available at rubrik.com; ; Although service easy to deploy, there could be a number of complex site specific integration requirements and Q has a number of cloud support services that can assist along with a number of Backup Service options.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Customer can perform individual restores and complete dataset downloads are possible via the web interface. Complete datasets can also be downloaded via the API interface. All extracts must be completed before contract end; ; Additionally, should clients exiting service require support in addressing integrated functionality we are able to support clients via our existing G Cloud 11 support services.
• End-of-contract process: After ninety (90) days following expiration or termination of Service, Rubrik shall delete Customer Content, unless otherwise prohibited by law. Please note that any unlimited data retention setting may not be retained and the corresponding Customer Content may be deleted earlier in the event of Service expiration or termination.; ; Q Associates have a number of G-Cloud 13 support services that can assist clients in understanding the implications and options available when exiting cloud services, including both on premise integration and multi-cloud capabilities.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web based
• Accessibility standards: None or don’t know
• Description of accessibility: Web based
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: "APIs are available for; - Account Services; - ACLs; - Authentication services; - Search; - Cloud Connector; - Device Access; - Favourites; - FCM Recipients; - Global Environment; - Job Scheduling; - Logging; - Messaging & Miscellaneous; - Object Encoding; - Performance Logging; - Sharing; - Single Sign On; Volatile Event Queueing"
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Ongoing capacity management ensures continued capacity for all users

Analytics

• Service usage metrics: Yes
• Metrics types: "Service metrics available are; - License Usage; - Dataset Size; - Covered Seats; - Covered Mailboxes; - Covered sites; - Covered drives"
• Reporting types: API access

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Rubrik

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: "Data is encrypted with a unique symmetric key for each storage node pair. Encryption keys are 256-bit Advanced Encryption; Standard (AES)."
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data is exported via the API interface or via the web console
• Data export formats: Other
• Other data export formats: Data is exported in format of the original data only
• Data import formats: Other
• Other data import formats: No data is backed up by product no upload required

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: When clients send data to SaaS Backup for protection, they typically use a Transport Layer Security (TLS)-encrypted tunnel. TLS is an encryption protocol that provides security for communications sent via the Internet as well as other types of data transfers. TLS encryption maintains the confidentiality and integrity of data, so they can't be modified, intercepted, or viewed while in transit. SaaS Backup only uses TLS 1.2 and has deprecated TLS 1.0, 1.1 and all versions of SSL (Secure Socket Layer).
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Data is encrypted with a unique symmetric key for each storage node pair. Encryption keys are 256-bit Advanced Encryption Standard (AES). If clients choose to authenticate via our services, we hash any stored user passwords using the 256bit-SHA2 hashing algorithm with large random salts. This is important in the unlikely event that the database is compromised.

Availability and resilience

• Guaranteed availability: At least 99.9%
• Approach to resilience: "The SaaS Backup is designed to be resilient through the use of ; - Tier 3 Datacentres; - Dedicated Private Dark Fibre Network Backbone; - Each datacentre has 24x7 UPS and emergency Power, along with at least 2 sources of electrical power; - Datacentres are geographically dispersed with each region; - Continual data replication within region"
• Outage reporting: The service uses MIR3 notifications to send email alerts when there is a downtime or degraded performance

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: "By default, users access SaaS Backup services with a username and password, which are verified through an encrypted HTTPS login page. All simple passwords in SaaS Backup are stored, encrypted, and salted. The login; page will yield a simple delay mechanism on subsequent retries to avoid brute force attacks.; ; SaaS Backup leverages Single Sign-on (SSO) through a Security Assertion Mark-up Language (SAML) 2.0, such as Active Directory Federation Services (ADFS) that ensures identity verification by trusted sources. SaaS Backup acts as a service provider and the customer’s infrastructure acts as an identity provider.
• Access restrictions in management interfaces and support channels: "Role based access control in SaaS Backup provides customers with granular permissions. The customer’s Master Admin can restrict access of other admins by assigning them a role with certain limitations. For example, there is a user role where admins can only do an in-place restore. They do not have any option to preview or download data.; ; Rubrik do not have access to see customer data that is stored. Backend tools provide customer account info. and meta data such as email address, backup size, number of objects, connector name and logs. but no data."
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Other
• Description of management access authentication: Management access is done through two factor authentication, password and certificates

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: "US: HIPAA, ISO 27001, SOC 2 Type 2, NIST 800-53/FISMA.; Europe: ISAE 3402 Type 2, ISO 27001, SOC 2 Type 2.; Australia: ISO 27001, SOC 2 Type 2"
• Information security policies and processes: Working towards ISO27001; ; Q Associates entire organisation process and structure are aligned and certified by NQA to ISO27001

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: SaaS Backup proactively monitors all datacentre endpoints using industry leading technology. A comprehensive vulnerability knowledgebase in the industry, this delivers continuous protection against the latest worms and security threats. The solution deployed provides comprehensive reports on vulnerabilities, including severity levels, time to fix estimates, and impact on business, plus trend analysis on security issues. By proactively monitoring every network endpoint, this safeguard dramatically reduces the time spent researching, scanning, and fixing network exposures and enables us to eliminate network vulnerabilities before they can be exploited. All systems are scanned on a weekly basis to ensure security baselines are maintained.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: " SaaS Backup utilises the following cyclic process; 1 - Discover; 2 - Prioritise Assess; 3 - Assess; 4 - Report; 5 - Remediate; 6 - Verify"
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: SaaS Backup employs a variety of monitoring systems that produce alerts for our Data Centre Operations, engineering and management teams via email and SMS in the event of system availability and/or performance issues. Our Data Centre Operations staff has an around-the-clock, on-call rotation model. A dedicated 24x7 staff is responsible for tracking alerts and identifying potential issues.
• Incident management type: Supplier-defined controls
• Incident management approach: A step-by-step process is in place to; investigate and respond to any incidents.; The goals of our Incident Response Team are to:; 1. Identify threats and contain incidents.; 2. Maintain or restore business continuity.; 3. Defend against further attacks.; 4. Deter attackers through continuous monitoring, investigation, and prosecution.; Perform continuous counter-threat and security intelligence action.; If a client-facing issue is detected with the infrastructure or if an issue is reported by clients, a standard resolution process is; employed:

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Q Associates are ISO14001:2015 certified and are a Carbon Neutral Organisation and as such recognise the importance of environmental and sustainable issues and take our responsibility seriously. Please see certificates below; ISO14001-2015-Certificate-2021-2024.pdf (qassociates.co.uk):; Carbon Neutral Certificate
• Equal opportunity:

  Equal opportunity

  Q Associates recognises that Corporate Social Responsibility (CSR) matters are of increasing importance to staff, stakeholders, customers and other interested parties, and awareness and appropriate application is fundamental to the continued success of the company.; ; We believe that our CSR Policy should provide long-term benefits to its employees, customers, partners and individuals in all communities, whether locally, nationally, or internationally through our supply-chain. We focus on the following eight key areas:; Employees–Respecting the values of employees, providing good conditions of work and equal opportunities, improving employee satisfaction and through training and development, enhance their skills and intellectual capacity for their greater benefit and quality of life.; ; Health and Safety–Embedded in all activities and processes for the provision of a safe working environment, wherever they are working.; ; Environmental Impacts–Managing business activities in order to maximise on recycling opportunities and minimise the risk of pollution, waste and nuisance. Sustainable Development–Long-term impacts arising from the communities that the company interacts with including energy efficiency of buildings, transport and meeting social and economic needs.; ; Relationships with Customers–Being responsive to customer needs and providing a quality assured service that intrinsically incorporates all relevant legislative considerations.; Suppliers and Partners–Treating suppliers fairly and driving CSR codes of practice throughout the goods and services supply chain.; ; Community Involvement–Charitable giving and engagement with local communities through funding, support and work experience programmes.; Ethos–Encouraging high standards of professionalism throughout the company,and promoting best practice in respect of ethical behaviour.; ; The Company’sCSR is implemented and maintained through the following Policies:; ; •EqualityandDiversityPolicy; •Modern Slavery Policy; •Anti-briberyand Corruption Policy; •Whistleblowing Policy; •Integrated Business Management Policy; •Health & SafetyPolicy; •EnvironmentalPolicy; •Ethical and Sustainable Procurement; ; Policies are communicated and made available to staff through the Q Intranet and training and are reviewed annually by the Business Process Manager (BPM).

Pricing

• Price: £3.60 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The free 30 day Trial includes all the features of the product with the exception of providing backup for SharePoint. This is available as part of the trial on request
• Link to free trial: https://metallic.io/trial

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@qassociates.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.