QuantSpark Analytics

QuantSpark Cloud Hosting

QuantSpark provide cloud hosting services to support buyers to deploy, manage and run software, provision and use processing, storage or networking resources.

Features

• Real-Time Analytics and Insights
• Security
• Compliance and Governance
• Scalability
• Seamless Integration
• Accessibility
• Customisable Solutions

Benefits

• Fast and reliable
• Custom for needs
• Operational Agility
• Improved Performance
• Risk Mitigation
• Scalable Growth
• Innovation Enablement
• High Availability and Reliability
• Cost Efficiency
• Faster Deployment

£1 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.butcher@quantspark.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

652211841309792

Contact

James Butcher
+44(0)20 8075 7677
james.butcher@quantspark.com

Service scope

• Service constraints: Dependent on requirements
• System requirements: Dependent on solution

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Dependent on agreement
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Slack or Teams
• Web chat accessibility testing: Native features as part of Slack or Teams offering
• Onsite support: Yes, at extra cost
• Support levels: We can customise according to needs. It could range from roles such as Product Manager, Cloud Support Engineer, amongst a number of other roles.; The level of support and cost would be inline with our rate cards.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Workshops, onsite training, online training, user documentation and additional provisions dependent on requirements
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Via Email, or meeting, or another arrangement if required
• End-of-contract process: Dependent on requirements

Using the service

• Web browser interface: Yes
• Using the web interface: Dependent on solution
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Dependent on requirements
• Web interface accessibility testing: Dependent on requirements
• API: Yes
• What users can and can't do using the API: Dependent on requirements
• API automation tools:
  • Ansible
  • OpenStack
  • Terraform
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Dependent on requirements

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Our cloud services are designed with a core focus on reliability and scalability, ensuring that all users receive an uninterrupted and high-quality service experience, even during peak demand periods. We employ a multifaceted approach to resource management, service architecture, and operational monitoring to guarantee performance consistency across our user base. This may include: resource isolation, load balancing and traffic management, auto-scaling capabilities, monitoring and predictive analysis
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types: API access

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Dependent on requirements, SLAs can be agreed and users can be refunded if we do not meet guaranteed levels of availability
• Approach to resilience: Available on request
• Outage reporting: Our service prioritises transparent and timely communication with our users in the event of an outage. We understand the critical nature of our cloud services to our clients' operations, and we're committed to providing comprehensive and proactive outage reporting as part of our overall service reliability strategy. This can include email alerts or other communication reporting means if agreed upon

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
• Access restrictions in management interfaces and support channels: We restrict access to management interfaces and support channels through:; ; Role-based access control, limiting privileges to necessary personnel.; ; Two-factor authentication for added security.; ; IP whitelisting to restrict access to specified locations.; ; Encryption of communication channels to safeguard data in transit.; ; Continuous monitoring for suspicious activities.; ; Immediate revocation of access upon personnel changes or security incidents.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: JOSCAR (Joint Supply Chain Accreditation Register)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus & Cyber Essentials
• Information security policies and processes: We adhere to ISO 27001 standards, enforcing access controls, encryption, and regular security audits. Reporting is hierarchical, with employees reporting to department managers and department heads, who then report to the COO and CEO. We ensure compliance through continuous training, regular audits, and automated monitoring tools.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management processes, rooted in ITIL frameworks, meticulously track the components of our services throughout their lifecycle, ensuring comprehensive oversight and management of each element's evolution. Additionally, every change proposed is rigorously assessed for potential security impacts, incorporating a detailed analysis to identify, evaluate, and mitigate any risks to maintain the integrity and security of our services
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Our process is proactive and comprehensive, with regular, automated scans of our frontend/backend codebases to assess potential threats . Upon detecting new vulnerabilities, our team is alerted. The urgency and criticality of these vulnerabilities dictate our response—critical issues prompt a hotfix, whereas less urgent vulnerabilities are scheduled for resolution in forthcoming releases. We derive our information on potential threats from trusted cybersecurity databases, and real-time alerts from security scanning tools (Trivy/Prowler), ensuring we are informed of the latest vulnerabilities . This multi-faceted approach enables us to deploy patches swiftly, often ahead of potential exploitation, safeguarding our services against emerging threats.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We employ continuous monitoring tools for anomaly detection, alerting us to potential compromises. Upon detection, we enact incident response protocols, isolating affected systems and initiating forensic investigation. Response time varies based on severity, but we aim for immediate action, with critical incidents addressed within minutes and comprehensive incident reports generated within 24 hours.
• Incident management type: Undisclosed
• Incident management approach: Pre-defined processes exist for common incidents, documented in our incident response plan. Users can report incidents through a dedicated ticketing system or directly to the Service and Support Manager. Upon receipt, incidents are triaged based on severity. We provide timely incident reports to stakeholders via email or internal communication channels, outlining the incident's nature, impact, and resolution steps, based on in place SLAs.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We support activities that enable the policy outcomes of "Effective stewardship of the environment"

  Covid-19 recovery

  We support activities that enable the policy outcomes of "Help local communities to manage and recover from the impact of COVID-19"

  Tackling economic inequality

  We support activities that enable the policy outcomes of 'Create new businesses, new jobs and new skills' and 'Increase supply chain resilience and capacity'

  Equal opportunity

  We participate in a number of activities to support the policy outcomes of 'Tackle workforce inequality' and 'Reduce the disability employment gap'

  Wellbeing

  We participate in a number of activities to support 'Improve health and wellbeing' and 'Improve community integration'

Pricing

• Price: £1 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.butcher@quantspark.com. Tell them what format you need. It will help if you say what assistive technology you use.