Portman Tech Solutions Ltd

Backup for Microsoft 365, Google Workspace and Salesforce

Cloud-based backup & recovery solution for Microsoft 365, Google Workspace & Salesforce.

Features

• Infinite Cloud Retention
• Customisable data retention policies from 90 days to infinite
• Self service granular recovery
• Eliminates the risk of SaaS data loss or downtime
• Complete protection against accidental (or malicious) deletions
• Intuitive search and restore, including end-user self-restore options
• Comprehensive protection from ransomware, and the ability to recover quickly
• Military-grade encryption, SOC 2 Type II certified, intrusion detection

Benefits

• Automate Backup and Disaster Recovery operations
• Unlimited backup versions and an unrestricted retention policy
• Reduce restore / recovery times
• Granular, Search-Based Restore, Point-In-Time Restore
• Mobile-friendly user interface enables restore of data anytime, anywhere
• Active guard with log analysis, file integrity checking, policy monitoring

£1.90 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@portmantech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

660213916032630

Contact

Isaac Izzet
02071951630
tenders@portmantech.com

Service scope

• Service constraints: None
• System requirements: Admin credentials required to configure Microsoft or Google or Salesforce

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response goals are intended to provide a target for initial response to an issue or problem. Unitrends responses are base on severity level/prior defined when the case is opened. We have 4 severity levels and each have a different target response times:; ; - Severity level 1 = One (1) Business Hours; - Severity level 2 = Three (3) Business Hours; - Severity level 3 = Six (6) Business Hours; - Severity level 4 = Ten (10) Business Hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: AI enabled Chat Bot to answer questions and assist in user queries
• Web chat accessibility testing: No Testing done.
• Onsite support: No
• Support levels: There is a single level of support available and the cost varies according to its specific client requirements. ; ; We provide a One (1) business hours response for Severity level 1 issues, Severity level 2 has a Three (3) business hour response, Severity 3 has Six (6) business hour response and Severity level 4 has a Ten (10) business hour response. ; ; To each client, we provide a dedicated Account Manager, also Cloud support engineers are assigned for cloud related issues.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The 1st step is to connect Spanning Backup to the work suite you want to backup.; You need to have admin rights to configure the SaaS product and start the backup.; We provide a free onboarding service to connect your work suite to spanning and initiate the 1st backup.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users will be able to select the data they want to extract and perform a export from the system.; For Eg. Sharepoint and OneDrive files can be downloaded as a zip file. Emails can be downloaded as a pst file.
• End-of-contract process: At the end of an agreed contract, customers can choose to continue using Spanning Backup services based on a new negotiated cost or choose to have their data removed.

Using the service

• Web browser interface: Yes
• Using the web interface: Admins will be able to assign licenses to users and enable or disable backups.; Admins will be able to configure the frequency of backups; Admins will be able to give rights to users for restore of individual mailboxes; Admins will be able to perfrom backup search and restore operations; Based on access rights granted by the Admin, users will be able to login and restore thier own data.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Login to the web interface by visiting https://o365.spanningbackup.com/login.html; or; https://spanningbackup.com/login.html; or; https://login.salesforce.com/; ; Once logged in, users can perform all actions mentioned above.
• Web interface accessibility testing: None
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: The Kaseya cloud team manages the resources and ensure SLAs are met for each customer.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Kaseya

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Microsoft 365 Data
  • Google Workspace Data
  • Salesforce data
• Backup controls: Admins can create a retention policy, schedule the backup frequency and enable or disable backups of specified users.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Other
• Other protection within supplier network: 256-bit AES encryption at rest

Availability and resilience

• Guaranteed availability: Spanning Backup will use commercially reasonable efforts to provide the Service with a Monthly Uptime Percentage of at least 99.9% for each calendar month during the term of a subscription.; ; If Spanning Backup does not meet the Service Availability Goal for a given month during the term of a subscription and Customer meets its obligations under this SLA, Customer will receive Service Credits per the schedule below. Monthly Uptime Percentage: ; ● < 99.9% - >= 99.0% → 5 Days Added to Subscription Term ; ● < 99.0% - >= 95.0% → 10 Days Added to Subscription Term ; ● < 95.0% → 20 Days Added to Subscription Term ; ; Full details at https://spanning.com/downloads/SBO365-SLA.pdf
• Approach to resilience: Available on request
• Outage reporting: Email alerts and via their public dashboard https://status.kaseya.net

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
• Access restrictions in management interfaces and support channels: The management interfaces for cloud devices are out of band.; Only the Kaseya cloud team have access to cloud devices.; Customer access to cloud data is managed through their local backup.; Kaseya provides role based access to customers on the local backup which is able to restrict access to recovery points replicated to the Kaseya cloud.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO Certification
• ISO/IEC 27001 accreditation date: 12/02/2020
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO 9001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: HIPPA, GDPR, ISO 27001, SOC 2 Type II (SSAE 16 & ISAE 3402), SAS-70 Type II, US-EU Privacy Shield, BBB EU Privacy Shield, and Swiss-US Privacy Shield
• Information security policies and processes: Information security policies are based on NIST Cybersecurity Framework with ISO 27001 controls. Kaseya policies and controls also satisfy GDPR and the US standards HIPAA and CJIS.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes to software and services provided are tracked throughout the SDLC process.; All CVEs are monitored on release by a dedicated member of the development team, and appropriate remediations are provided based on the severity of the CVE.; All changes are tested by QA prior to release to the production team.; All changes to production are controlled by the operations team who apply them after acceptance by QA and approval by business management.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our systems constantly guard against intrusion with log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting, and active response.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Kaseya conducts vulnerability scans monthly and penetration tests annually or after significant changes to the infrastructure or application.; Vulnerabilities detected are referred to Kaseya Incident Response Procedures and are triaged, analyzed and remediated as appropriate.; Incident response is based on the severity of the incident detected.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Kaseya has an regular Incident Response Procedure to be followed all levels of incidents.; If the incident is detected by a user, they can call the security hotline or submit the incident via email to the security-incident email alias.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Kaseya uses multiple virtualization technologies to facilitate for the services provided. ; The primary technologies used for Spanning services are VMware and Hyper- V. ; Kaseya is able to isolate tenant services using storage and networking technologies. ; Further information can be obtained by engaging with the Kaseya cloud team.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Spanning Backup uses AWS data centers.; ; AWS support the EU’s Green Deal and help their customers achieve sustainability targets. European businesses can reduce energy use by nearly 80% when they run their applications on the AWS Cloud instead of operating their own data centres.

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Portman Tech Solutions internal operations and its service delivery are aligned to government standards and regulations, including ISO 14001, UK procurement social value themes and our internal environmental policies and best practices. As part of this specific service definition and its delivery, we will work closely with our clients/buyers to define, discuss, and agree specific social value, environmental, and sustainability targets and metrics. These objectives will then be integrated as contractual commitments within our G-Cloud 14 projects. Our key initiatives will include waste reduction, technology recycling, the use of eco-friendly IT devices, enhancing energy efficiency, reducing our carbon footprint, etc. At Portman Tech Solutions, we take fighting climate change very serious and are committed to creating a sustainable future that benefits people, the planet, and society at large.

Pricing

• Price: £1.90 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: All features included for 14 days.
• Link to free trial: https://spanning.com/get-started/free-trial/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@portmantech.com. Tell them what format you need. It will help if you say what assistive technology you use.