Zaizi Limited

Cloud Hosting Infrastructure Service

Zaizi's cloud service offering encompasses comprehensive solutions from design and build to ongoing support, with a strong emphasis on ensuring robust security, clear cost visibility, and continuous optimisation.

We leverage cloud services to tailor scalable, secure, and cost-efficient infrastructures that meet your unique business and hosting needs.

Features

• Cloud best practice and industry standards
• Build, test, package, deploy and support platform services
• Meet resilience, security and compliance requirements
• ITIL based Incident, Change, Service Request and Release Management
• Automated build
• Rapid onboarding
• Data protection and disaster recovery

Benefits

• Assessment of operational readiness and processes
• Scalable, high performance solutions
• Security Cleared support teams
• 24 x 7 platform support
• Security controls to reduce common cloud risks
• ISO27001 service, NCSC principles

£0.01 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@zaizi.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

674016567151808

Contact

Andrew Hawkins
0203 582 8330
sales@zaizi.com

Service scope

• Service constraints: We provide AWS and Azure Services. Please see their websites for full service constraints
• System requirements: Restraints are available on https://aws.amazon.com and https://azure.microsoft.com

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Defined within a customer SLA. Zaizi offers Level 2 and Level 3 support services offered for: Core Business Hours 8:00 – 18:00 Extended Business hours (not weekends and Bank Holidays) 24/7 Support Via UK Support desk Zaizi prioritises all issues raised aiming to resolve within agreed response and resolution times, the table below provides the typical response times offered. P1: Response 1hr, target resolution 4hrs P2: Response 2hr, target resolution 24hrs P3: Response 4hrs, target 5 business days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Zaizi offers Level 2 and Level 3 support services supporting the application, platform and infrastructure as required. Level 1 support can be provided as a separate costed option. We operate under an ITIL v3 support model as well as a DevOps model incorporating a Continual Improvement (CI) and automated testing approach. Support is offered for: Core Business Hours 8:00 – 18:00 Extended Business hours (not weekends and Bank Holidays) 24/7 Support Via UK Support desk Zaizi prioritises all issues raised aiming to resolve within agreed response and resolution times, the table below provides the typical response times offered. P1: Response 1hr, target resolution 4hrs P2: Response 2hr, target resolution 24hrs P3: Response 4hrs, target 5 business days Manually responded by Support-Engineer (as agreed commercially, typically following the below schedule): P1 - respond within 1hrs - fix within 2hrs - updates hourly P2 - respond within 2hrs - fix within 4hrs - updates every 4hrs P3 - respond within 6hrs - fix within 1 business-day P4 - respond within 1 business-day - fix within 2 business day(s) P5 - response as agreed by Backlog owner - fixed within next planned release
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide online training for our clients and can arrange onsite as part of our service delivery
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Exact extraction will be depend on the service. Data from virtual machines may be copied out using OS-level tools. Databases can have data extracted using client SDK or API tools for example
• End-of-contract process: Our client may terminate the relationship us for any reason by (i) providing us with notice and (ii) closing the clients account for all services for which we provide an account closing mechanism. Data will typically still be kept for 30 days post the termination, allowing data transfer.

Using the service

• Web browser interface: Yes
• Using the web interface: Users have an account on our support system for placing support calls
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Access to standard AWS and Azure APIs
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: We make use of AWS or Azure service capabilities to ensure guarantee when needed.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Amazon Web Services and Azure

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • VMs
  • Databases
  • Agreed additional data
• Backup controls: Backup processes are agreed for each client upfront and in line with AWS or Azure service offerings.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: We meet the SLAs for the AWS and Azure services, available on their websites
• Approach to resilience: We utilise the AWS and Azure cloud datacentre resilience
• Outage reporting: Reporting through AWS and Azure interfaces

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: All access is managed through Zaizi support calls. Within the AWS environment AWS controls access via unique user ID/password authentication. No actions are permissible without authentication. Remote access is multi-factor, login attempts are limited, remote administrative access attempts are logged and reviewed by Security. Suspicious activity initiates incident response procedures. A session lock out policy that is systematically enforced: locks are retained until identification/authentication procedures are concluded. AWS’s Identity and Access Management (IAM) system controls access to AWS services/resources. IAM facilitates the issuance of access permissions per user/group
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The British Assessment Bureau
• ISO/IEC 27001 accreditation date: 25th August 2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow ISO27001, Cyber Essentials plus and NCSC guidance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Zaizi follows ITIL processes for service delivery including compliance to ISO27001. The AWS platform. Changes to AWS services and features follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is via explicit access system requests, subject to owner review and authorisation. Teams set bespoke change management standards per service, underpinned by standard AWS guidelines. All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), final approval by authorised party.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: AWS Security performs vulnerability scans on the host operating system, web applications, and databases in the AWS environment. Approved 3rd party vendors conduct external assessments (minimum frequency: quarterly). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities. AWS Security monitors newsfeeds/vendor sites for patches and receives customer intelligence via http://aws.amazon.com/security/vulnerability-reporting/. AWS customers are responsible for all scanning, penetration testing, file integrity monitoring and intrusion detection for their Amazon EC2 and Amazon ECS instances/ applications. Scans should include customer IP addresses (not AWS endpoints). AWS endpoint testing is part of AWS compliance vulnerability scans
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Azure and AWS deployed monitoring devices to collect information on unauthorized activity
• Incident management type: Supplier-defined controls
• Incident management approach: Azure and AWS controls. E.g AWS adopts a three-phased approach to manage incidents: 1. Activation and Notification Phase 2. Recovery Phase 3. Reconstitution Phase To ensure the effectiveness of the AWS Incident Management plan, AWS conducts incident response testing, providing excellent coverage for the discovery of defects and failure modes as well as testing the systems for potential customer impact. The Incident Response Test Plan is executed annually, in conjunction with the Incident Response plan. It includes multiple scenarios, potential vectors of attack, the inclusion of the systems integrator in reporting and coordination and varying reporting/detection avenues.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: AWS and Azure
• How shared infrastructure is kept separate: Using AWS and Azure processes

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Our partners AWS and Azure. For example, AWS has a long-term commitment to achieve 100% renewable energy usage for its global infrastructure footprint. In January 2018, AWS achieved 50% renewable energy usage

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  Zaizi is committed to tackling Economic Inequality through our core purpose to realise the potential of our staff, customers, and fellow citizens:; ; We contribute to the levelling up agenda through our hybrid working policy with hubs in London, Bristol, Manchester, Sheffield, and Newcastle. ; ; We’ve partnered with the Future Frontiers Programme for our staff to mentor school students from deprived areas. ; ; Signatories to the Armed Forces Covenant, we recruit ex-forces colleagues with DV clearance and train them in digital capability. We provide Reservists full pay when they are on training. ; ; Our full-time Organisational Coach, works with our staff to create a mind-set for positive change, enabling all to achieve their goals and thrive at work. ; ; Furthermore, we’ve created a multi-stream approach to recruitment and retention. Board level KPIs measure our impact across multiple facets including reach. This ensures we can resource projects to support the Levelling Up agenda, actively recruiting across the UK.; ; We actively encourage and support those from economically disadvantaged areas and agree KPI’s with our G-Cloud clients for target inclusion rates.; ; We work with our apprenticeship providers Founders & Coders & Makers Academy to source candidates from diverse backgrounds. To date we’ve onboarded 12 apprentices including refugees, return to work mums and career changers such as primary school teachers. ; We recruit nationally in the UK, enabling people to work from anywhere in the UK, enabling remote working as an opportunity to tap into areas traditionally less digitally aware using a variety of techniques to engage in different ways. ; We use projects to help us upskill apprenticeships, graduates and people looking to change careers. For example, one client contract has enabled us to on-board and train over 15 apprentices, graduates and junior staff.

  Equal opportunity

  An ethnic minority owned business, our purpose is to realise the potential of our staff, customers, and fellow citizens through equal opportunity. Through the provision of our G-cloud services continually expand our commitment. Example measures include:; ; 37% of our workforce are women (industry average is 26%). Target 50% by 2027.; 48.5% of the workforce identify as non-White (industry average is 15.2%). ; ; Board level KPIs measure our impact across multiple facets, such as gender, age, ethnicity, religion, gender / sexual orientation, maternity / paternity, and reach. ; ; We actively encourage and support Women, BAME and those from economically disadvantaged groups, agreeing targets with G-cloud clients.; ; All our job adverts carry the following description: “Studies show that women and Black, Asian and minority ethnic people are less likely to apply for a job unless they meet every qualification. So, if you’re excited about this role but your experience doesn’t align perfectly with the job description, we’d love you to still apply. You might just be the perfect person for this role, or another role here at Zaizi.” We ensure we post all jobs on women only job boards as well as other forums.; We work with our apprenticeship providers to source candidates from diverse backgrounds, including refugees, return to work mums and career changers such as primary school teachers. ; We offer flexible and part-time work to enable working mums to pursue a career with us and publish pay bands for all vacancies that we advertise for transparency, ensuring we do not disproportionately negatively impact those from under-represented groups in our industry. ; We are disability confident committed and aim to become a disability confident employer, making necessary adjustments for people with physical and mental disabilities. ; We have women in our board, management and senior roles providing role models for others and attracting more women.

Pricing

• Price: £0.01 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@zaizi.com. Tell them what format you need. It will help if you say what assistive technology you use.