Skip to main content

Help us improve the Digital Marketplace - send your feedback

Redcentric Solutions Limited

Storage as a Service

Redcentric’s Storage as a Service (STaaS) is an ITIL aligned storage infrastructure, storage provisioning and storage administration service. STaaS provides cost effective resilient storage capacity backed by industry leading vendors (NetApp, Dell) hosted in UK datacentres.

The price is per GB basis which includes storage management, infrastructure, licensing and networking.

Features

  • Capacity Scaling
  • Monitoring, observability and reporting
  • Encryption
  • High Availability
  • Performance tiering
  • Unified storage (Block/File/Object)
  • Snapshots
  • Cloud/Infrastructure cross compatibility
  • Ransomware detection, prevention, and response
  • Physical isolation of infrastructure (where required)

Benefits

  • Optimise storage TCO through improved utilisation
  • Eliminate CAPEX
  • Simplified licence management and procurement
  • Reduced support costs
  • Reduced cyber threat exposure
  • Reduced cost and timescales for design/build/migration phase
  • Provides customer access to advanced technical capability and vendor expertise
  • Cost efficiency through access to vendor discounts and Redcentric networking
  • Reduced investment in commodity technology enabling investment in value add/innovation
  • Platform evolves to reflect latest technologies and changing customer requirements

Pricing

£0.09 a gigabyte

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@redcentricplc.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 8 2 9 4 5 8 9 1 4 2 6 4 4 7

Contact

Redcentric Solutions Limited Steph Heseltine
Telephone: +441423850000
Email: tenders@redcentricplc.com

Service scope

Service constraints
Redcentric is committed to continually improving and expanding its core network and data centre capabilities, thus striving to provide the highest levels of service to its customers. To facilitate these improvements, it is necessary to carry out essential work from time to time. These activities are carefully scheduled using an internal change control process which is designed to present maximum visibility of that change and thereby ensure that planning and implementation are carried out to minimise the effect on customers and their network services.
System requirements
No system requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Priority 1 – first response within 1 hour

Priority 2 – first response within 4 hours

Priority 3 – first response within 24 hours

Priority 4 – first response within 48 hours

There is no difference between weekdays and weekends.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
Full support is included in the price. Onboarding is a Redcentric run project with constant communication with customers. After the user acceptance test and the service is considered live, customers have access to our 24x7 telephone support line and ticketing system. Scheduled customer tests and invocations are supported by Redcentric personnel.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Redcentric will provide professional services to assist the customer with the service activation. This will encompass, but is not limited to, project management, network design, storage tier configuration and migration. Where physical isolation is required Redcentric will procure and install storage and networking hardware. Redcentric will liaise with the customer’s engineering team to support connectivity to the customer’s environment. Redcentric will provide technical documentation STaaS is an end-to-end managed service so there is no requirement for customer training on usage.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Users retain full control of their data throughout the contract period. At the contract end period they will have the option to either delete the data or extract to a compatible storage target. As part of any data deletion process all associated encryption keys will also be deleted.

Users will also have the option of physically removing the hardware subject to a final payment.

An exit plan will be agreed that will:

assist the Customer in facilitating the transition of the Redcentric Services from Redcentric to a replacement supplier

provide an estimate of the scope of transitional assistance that may be required by the Customer and suggest how such assistance might be provided (if required); and

provide an estimate of Redcentric’s personnel that may be required to provide transitional assistance and suggest the management structure to be put in place and employed to provide such transitional assistance.

Where the Customer requests the provision of additional transitional assistance, in addition to their initial requirements, Redcentric shall provide such assistance as an additional service. The additional transitional assistance shall be chargeable at the Redcentric prevailing time and materials consultancy day rates.
End-of-contract process
Users retain full control of their data throughout the contract period. At the contract end period they will have the option to either delete the data or extract to a compatible storage target. As part of any data deletion process all associated encryption keys will also be deleted.

Users will also have the option of physically removing the hardware subject to a final payment.

An exit plan will be agreed that will:

assist the Customer in facilitating the transition of the Redcentric Services from Redcentric to a replacement supplier

provide an estimate of the scope of transitional assistance that may be required by the Customer and suggest how such assistance might be provided (if required); and

provide an estimate of Redcentric’s personnel that may be required to provide transitional assistance and suggest the management structure to be put in place and employed to provide such transitional assistance.

Where the Customer requests the provision of additional transitional assistance, in addition to their initial requirements, Redcentric shall provide such assistance as an additional service. The additional transitional assistance shall be chargeable at the Redcentric prevailing time and materials consultancy day rates.

Using the service

Web browser interface
Yes
Using the web interface
Users are able to raise service requests and incident tickets via Redcentric’s ticketing system. 

Customers can create, stop, start, and restart virtual machines using the Redcentric portal – where Redcentric provides a managed service customers are limited to view access.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Customers access our web portal via the Internet secured with HTTPS and 2FA.
Web interface accessibility testing
N/A
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
Utilising NetApp’s Adaptive Quality-of-Service throughput Floors and Ceilings will be set on each storage volume. The floors and ceilings prevent workloads from accessing resources assigned to other workloads. Adaptive QoS is dynamic based upon volume size, meaning a 10GB volume has a different Floor and Ceiling than a 10 TB volume.

Each volume is configured with minimum, maximum, and burst IOPS values that are strictly enforced. QoS guarantee’s performance, independent of what other applications are doing ensuring consistent performance. QoS enables SLAs around performance metrics and complete control over end-user experience.
Usage notifications
Yes
Usage reporting
  • Email
  • Other
Other usage reporting
Service Review Meetings

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
Performance & capacity metrics
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
ISO27001 certified.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files
  • Virtual Storage Machines
  • Configuration
Backup controls
During the service design Redcentric will agree with the customer the backup schedule, the areas to be backed up, frequency, etc.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The Redcentric STaaS availability is 99.999% per calendar month. 

Any reduced charges under this Service Level Agreement will be confirmed by credit note issued by Redcentric to our customers, confirming the adjustment to be made to the following monthly charge.

The availability Service Level is calculated at the end of each measurement Period and is calculated as follows:

Percentage Availability = ((MP-SU)x100)/MP

Where:

MP = Measurement Period. This is the total number of minutes in the measurement period.
SU = Service Unavailability. This is the total number of minutes in the measurement period when the Service is not available for use by the Customer for reasons other than those set out below.
Approach to resilience
Due to the secure nature of the services Redcentric provides, this information is available on request
Outage reporting
During a system outage Redcentric will communicate with our customers via email, updates are also provided via the Redcentric customer portal.

The Service Manager will also provide a detailed report following any outage showing the cause of the outage and what mitigation has been put in place to prevent the issue repeating in the future.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access to management interfaces and support channels is based on business need. Implementation is by least privilege RBAC; unique credentials assigned, and all access (successful or failed) is logged using anti-tamper mechanisms, made available for audit and retained for 12 months.  Alerts are generated for multiple attempts for investigation by global sysadmins.  

Additional authentication mechanisms are used for support channels to assure customers only authorised personnel respond. 

Regular access reviews by service and platform owners are conducted with support from the Joiners, Leavers, Movers process, which ensures access is revoked or amended in a timely manner.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
20/08/2023
What the ISO/IEC 27001 doesn’t cover
Nothing i.e. all services and locations offered under GCloud 14 ARE covered.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Gemserv Ltd
PCI DSS accreditation date
05/09/2023
What the PCI DSS doesn’t cover
Physical hosting and managed firewall services are covered.  All other services are excluded. 

Requirements 3, 4, 10, A1 and A2 are excluded.
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • Certificates for physical security of all premises including Data Centres:-
  • Issued by an external assessor against the following standards:-
  • Centre for Protection of National Infrastructure (CPNI):-
  • Using the Classified Material Assessment Tool (CMAT):-
  • Supports the storage and processing of HM Government data to:-
  • Classification ‘OFFICIAL’ including ‘OFFICIAL-SENSITIVE’ special handling.
  • NHS England Data Security and Protection Toolkit; assessment ‘exceeding standards’.
  • Main Data Centres are certified as Police Assured Secure Facilities.
  • HSCN CN-SP Network provider.
  • PSN Connectivity Service; certified to connect organisations to the PSN.

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Redcentric’s InfoSec scope includes ISO27001 certification, and other critical aspects including physical security, employees and third parties.   Our approach is to understand the risk from threat actors and implement the controls and mitigations to assure the Confidentiality, Integrity and Availability of data.   

Security is driven from the top with the CTO as SIRO (Senior Information Risk Owner), being accountable for several key policy documents, and the signatory for Security and Compliance attestation statements.  Ops Board members regularly review key and corporate risks. 

Security roles are assigned, with the Head of Compliance owning InfoSec and Operational Security Manager responsible for day to day matters. Regular security forum meetings are held, in addition to senior management review meetings. 

Policy compliance is monitored by regular internal security audits, and six monthly surveillance audits by BSI.  Annual security training is mandatory for all employees with attendance records maintained for audit purposes. 

The following policies and procedures are operable: 

IS Policy 

Data Protection Policy 

Security Incident Management Process. 

Acceptable Use Policy 

Access Control Policy 

Data Classification and Handling Policy 

Joiners, Movers, Leavers Process 

Third Party System Access Procedure 

Visitor Access Procedure 

Change Management Procedure 

Clear Desk & Screen Policy 

Secure Disposal Policy

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Redcentric operates an ISO20000-1 compliant Change Management Process.  Objective is to minimise risk to services whose CIs are impacted.   

Achieved by:- 

Using standardised methods ensuring efficient handling of all changes using the Change Management Toolset. 

Changes are recorded, classified, assessed, approved, prioritised, planned, tested, implemented and documented. 

Changes are recorded against the relevant CMDB Configuration Item.  

Inputs:- 

Completed change records with Impact Assessment  

Risk (Security) Assessment    

Outputs:- 

Accurately recorded change records including all stages of the change lifecycle  

Changes by outcome  

Forward Schedule of Change    

The Change Advisory Board is the final approval stage in the Change Management process.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We operate a Vulnerability Management and Patch Management policy and process based on NCSC guidance.  Good industry practice is adopted to ensure deployed services are protected at the edge by stateful next-generation firewalls with UTP/IDS/IPS enabled.  Assets threats assessed by technical owners against the Design.  Resultant risks are impacted, with critical ones contained immediately and patches applied within 48 hours where available.  Automated patch management is supported by Kaseya, with end points managed by Microsoft Intune.   

We subscribe to the NCSC CISP scheme for vulnerability notification and receive advance notifications from vendors, often before hitting the public domain.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Redcentric has implemented NCSC GPG-13 guidelines for Protective Monitoring (PM).  We utilise a range of PM services including vulnerability management and auditing services such as SIEM.  The 24*7*365 SIEM service ingests various logs combined with proactive threat analysis to assess potential impact to services.  Response is provided by auto-generation of Service Management tickets on resolver groups for immediate triage and remediation.  Incident response is often before threats are realised, due to externally provisioned threat analysis notifications. The combination of threat analysis, machine learning, trend analysis, IP blacklist services and Security Operations Centre SMEs provide robust and effective protection of services.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Redcentric operates a Security Incident Management policy, which outlines pre-defined processes for how suspected and actual security breaches (including data) must be managed.   The policy  covers all incidents which affect availability, confidentiality and integrity of data and technology.  Common events such as phishing or viruses are included.   

Users must report incidents to the ISO mailbox or Assurance team, who will create a Security Incident Record and initiate an investigation. Assurance will manage the incident to closure and decide whether external authorities are notified. 

Incident reports are created and reported to the InfoSec Management Group and are available for audit.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
We have implemented many of the guidelines referenced in the Sustainability section of our Annual Report; Redcentric-Report-and-Accounts_FY23.pdf (redcentricplc.com), which is aligned to the best practices in the EU Code of Conduct on Data Centre Energy Efficiency (DCEE). 

New company acquisitions of Sungard and 4D increased our total DC count to nine, which has now reduced with the closure of Harrogate and migration to the newer, more energy efficient facility at Elland.  A further DC will close later this year.   



We are ISO14001 environmental management certified, and have an active Carbon Reduction Plan, supporting the Government net zero target by 2050.  As an empowered operator and MSP we have commissioned several energy efficiency projects, including PUE device energy management and reporting, which assists the tracking of CRP objectives.  A PV solar panel solution has been deployed in one DC as alternative ‘green’ power generation. We provide the most energy efficient new infrastructure devices where options allow.  Cold aisle containment has been introduced into a number of facilities, increasing efficient use of existing cooling.  A decommission project has identified, powered down and removed redundant or surplus equipment from all premises.   

We will continue to support the EU Code of Conduct DCEE.

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Redcentric stands committed in the fight against climate change and dedicated to supporting the UK Government goal of achieving Net Zero emissions by 2050. This commitment is reflected in a meticulously crafted Environmental, Social, and Governance (ESG) strategy, aligned with the United Nations sustainable development goals, and upheld by ISO 14001:2015 certification for three consecutive years, showcasing the company's dedication to environmental stewardship.

As a prominent entity listed on the AIM, Redcentric prioritise transparency and accountability, diligently adhering to regulations. Mandatory publication of carbon emissions in annual reports underscores the unwavering commitment to environmental responsibility and corporate transparency.

Redcentric's dedication to sustainability extends beyond compliance, it’s ingrained in every aspect of operations. Notably, investments totalling £5million in the data centre estate focus on enhancing efficiency, evidenced by Power Usage Effectiveness (PU) reduction from 2 to an impressive 1.6.

The company ensures 100% of power requirements are from sustainable sources, alongside proactive measures like converting backup diesel generators to environmentally friendly alternatives and replacing diesel vans with electric counterparts.

Participation in Manage your UK Emissions Trading Scheme Reporting Service (METS) through GOV.UK and holding a greenhouse gas emissions permit underscore Redcentric's commitment to reducing its carbon footprint. Additionally, the provision of customer monthly reports detailing energy consumption metrics and procurement of all electricity from 100% carbon-neutral sources exemplify the company's dedication to transparency and sustainable practices.

The Redcentric board acknowledges the evolving landscape of ESG considerations, driving greater accountability and transparency across operations. Regular updates to the website keep stakeholders informed about key corporate policies and sustainability initiatives.

Redcentric's commitment to sustainability isn’t just a declaration but a deeply ingrained aspect of corporate ethos. From stringent adherence to regulatory requirements, to proactive investments in renewable energy, comprehensive reporting mechanisms, every action underscores our unwavering dedication to environmental responsibility and corporate transparency.

Tackling economic inequality

Redcentric actively addresses economic inequality through diverse initiatives aimed at empowering communities and fostering long-term sustainability:

Community Engagement Programs & Digitally Driven Fundraising Campaigns:

Utilises technology and resources to support local charities, raising over £50,000 for the Children’s Heart Surgery Fund through outreach campaigns.

The Breck Foundation: Provides online safety training for pupils, parents, and teachers, promoting safety in the online world.

Employment and Training Opportunities: Prioritise job creation and training programs for local residents, offering apprenticeships to rugby league players, wheelchair rugby players, and young athletes, fostering economic development and empowerment.

Charitable Partnerships & Business Fundraising Programme:

Raises funds for charities through sponsored events, like a Yorkshire 3 Peaks walk, involving over 30 employees and raising more than £12,000.

Business Fundraising Enablement Programme: Supports charities in engaging target businesses for funding through calling data and tailored emails.

Digital Transformation Programme: Facilitates digital transformation within charities, enhancing patient and family support.

Transparency and Accountability: Committed to transparency by providing regular reports on the social impact of projects, ensuring stakeholders understand the positive outcomes generated through collaboration.

Upskilling Workforce and Supporting Lower Paid Workers: Offers apprenticeship programs with planned career pathways into senior positions, promoting skill development and progression.

Promotes training and development for all colleagues through a learning management system, investing in role-specific certifications and development programs.

Implements a hybrid working model to support lower-paid workers with reduced travel costs and offers above the apprentice minimum wage, recognising the value apprenticeships bring to the company.

Through these initiatives, we are dedicated to addressing economic inequality and creating a more equitable society. Redcentric believe that by providing individuals with access to opportunities for growth and advancement, we can contribute to reducing economic disparities and promoting social mobility.

Equal opportunity

Redcentric actively fosters an environment where individuals are valued and treated fairly, irrespective of their background, and opposes any form of discrimination prohibited by law.

A key indicator of this commitment is evident in Redcentric's gender pay report, where efforts to address disparities in earnings between men and women are transparently acknowledged. By identifying imbalances in the workforce and actively working to rectify them, Redcentric demonstrates a proactive approach to promoting gender equality within the organisation.

Redcentric's Diversity and Inclusion Forum serves as a platform for ongoing dialogue and action. By establishing working groups focused on specific aspects of diversity, such as gender equality and remote working, employees are empowered to drive positive change and contribute to a more inclusive workplace culture. The planned LGBTQ+ working group further exemplifies Redcentric's commitment to embracing diversity in all its forms.

In terms of recruitment and talent development, Redcentric implements diverse hiring practices and apprenticeship schemes aimed at supporting individuals from various backgrounds. By partnering with outreach organisations and providing apprentices with clear career pathways, Redcentric ensures that opportunities for growth and advancement are accessible to all employees, regardless of their starting point.

Redcentric's inclusive leadership and flexible work policies underscores its dedication to accommodating diverse needs and promoting work-life balance. By offering leadership training that prioritises inclusion and implementing policies such as flexible working hours and enhanced maternity packages, Redcentric creates an environment where employees can thrive professionally while maintaining personal well-being.

In conclusion, Redcentric's comprehensive approach to equal opportunity extends beyond mere policies to encompass tangible actions aimed at fostering diversity, inclusion, and professional development for all employees. By prioritising these values, Redcentric not only enriches its workforce but also sets a standard for ethical and equitable business practices in the industry.

Wellbeing

At Redcentric, prioritising the well-being of our colleagues is paramount, and we've implemented various initiatives to support their mental and physical health. Our commitment to enhancing health and well-being extends to our contract workforce as well. Here's how we're making a difference:

Hybrid Working Model: Providing flexibility to achieve a better work-life balance for our colleagues, fostering a supportive environment and preventing isolation through social networking within the company, including organized social and corporate events. Over 40% of Redcentric’s employees either work from home or on a hybrid model.

MetLife Well-being Hub: Accessible to all employees, offering a comprehensive range of well-being support services, such as confidential 24/7 telephone support, structured counselling sessions, cognitive-behavioural therapy, legal advice, financial management guidance, and health risk assessments.

Well-being Channel: A valuable resource offering mental and physical health support, including webinars and mental health resources for adults and children.

Corporate Social Responsibility Events: Organizing events throughout the year to promote well-being across the organization, utilizing a structured well-being calendar highlighting key awareness weeks like men’s health week and stress awareness week. Additionally, training over 20 mental health first aiders across the business to provide continuous support and engagement.

Leadership Commitment: Our Board sets an example by promoting a healthy corporate culture and embedding ethical values in our business operations. Through these initiatives, we aim to foster a culture where the well-being of our colleagues is prioritised, ensuring a resilient and empowered workforce poised for success.

Pricing

Price
£0.09 a gigabyte
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@redcentricplc.com. Tell them what format you need. It will help if you say what assistive technology you use.