Fujitsu Services Limited

Oracle Cloud at Customer

Fujitsu offers a fully managed service to implement and maintain Oracle Cloud at Customer Infrastructure as a service in either Fujitsu or your Data Centre. Providing ongoing support in a secure and manageable manner.

Features

• Benefits of Oracle Public Cloud but in your data centre
• Cost effective pay as you go services
• Proof of concepts and prototypes, Cloud Reference Architectures
• Oracle Cloud Infrastructure provisioning, Network setup and implementing security
• Migration, System Reengineering and Updates
• Administration and Monitoring, Maintenance and Support
• Options for adding other cloud services (SaaS, PaaS)
• Perform gap analysis between current systems and Cloud platforms
• Design secure target architectures for Oracle Cloud
• Develop implementation, migration and upgrade plans for Oracle Cloud

Benefits

• Cloud implementations with shorter lifecycles than traditional on-premise installations
• Allows you to focus on core business tasks
• Leverage OPEX commercial model
• Future proofing IT landscape by moving to Cloud
• On demand infrastructure scalability
• Single Point of Accountability
• License Optimization and Rationalisation
• On demand infrastructure scalability
• Maximum Availability Architecture on Oracle Cloud Components
• Transparency in operations management (single pane of glass)

£10,000 a unit a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government.frameworks@fujitsu.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

683428479480132

Contact

Sam Skinner
07867829234
government.frameworks@fujitsu.com

Service scope

• Service constraints: See https://cloud.oracle.com/home to determine applicable constraints based on buyers requirements.
• System requirements:
  • https://cloud.oracle.com/home
  • https://docs.oracle.com/en/cloud/get-started/subscriptions-cloud/csgsg/web-browser-requirements.html

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: See https://www.oracle.com/corporate/contracts/cloud-services/hosting-delivery-policies.html for information on response times
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Not applicable
• Onsite support: Yes, at extra cost
• Support levels: See https://www.oracle.com/corporate/contracts/cloud-services/hosting-delivery-policies.html for information on service levels
• Support available to third parties: No

Onboarding and offboarding

• Getting started: See https://www.oracle.com/corporate/contracts/cloud-services/service-descriptions.html for descriptions of all of the Oracle Cloud servcies
• Service documentation: Yes
• Documentation formats:
  • HTML
  • Other
• Other documentation formats: Online videos and interactive learning portals
• End-of-contract data extraction: Customer are able to remove their data at any time through the same means they uploaded.
• End-of-contract process: On termination of service customer data will be available for collection purposes only for a period as set out in the service termination details.; ; See https://www.oracle.com/assets/paas-iaas-public-cloud-2140609.pdf for specific details

Using the service

• Web browser interface: Yes
• Using the web interface: Manage and deploy services via the Oracle Cloud Portal
• Web interface accessibility standard: WCAG 2.1 AAA
• Web interface accessibility testing: Not Applicable
• API: Yes
• What users can and can't do using the API: API's are available for the Oracle Cloud to provide user functionality or programmatic control of the Oracle Cloud environment.; ; See https://apicatalog.oraclecloud.com/ui/
• API automation tools:
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: The Oracle Command Line Interface (CLI) is a small footprint tool that you can use on its own or with the Console to complete Oracle Cloud Infrastructure tasks; ; See https://docs.cloud.oracle.com/iaas/Content/API/Concepts/cliconcepts.htm

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Oracle Cloud represents a hyper-scale public cloud service, as such the environments are over sized and actively monitored to ensure there is no degradation in service.; ; See https://cloud.oracle.com/iaas/architecture
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Oracle

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Under User Control
• Backup controls: Under User Control
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: See https://www.oracle.com/corporate/contracts/cloud-services/hosting-delivery-policies.html for information Guaranteed Availability
• Approach to resilience: See https://www.oracle.com/corporate/contracts/cloud-services/hosting-delivery-policies.html for information on Oracles approach to resilience
• Outage reporting: Please see https://ocistatus.oraclecloud.com/ for Oracle Cloud Health

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Oracle Cloud Infrastructure Identity and Access Management (IAM) lets you control who has access to your cloud resources. You can control what type of access a group of users have and to which specific resources.; ; See https://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/overview.htm
• Access restrictions in management interfaces and support channels: Oracle Cloud Infrastructure Identity and Access Management (IAM) lets you control who has access to your cloud resources. You can control what type of access a group of users have and to which specific resources.; ; See https://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/overview.htm
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas
• ISO/IEC 27001 accreditation date: 06/01/2022
• What the ISO/IEC 27001 doesn’t cover: See https://cloud.oracle.com/en_US/cloud-compliance
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: NA
• ISO 28000:2007 accreditation date: NA
• What the ISO 28000:2007 doesn’t cover: NA
• CSA STAR certification: Yes
• CSA STAR accreditation date: NA
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: NA
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: See https://cloud.oracle.com/cloud-compliance for list of standards
• Information security policies and processes: Not Available

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Oracle Cloud Operations performs changes to cloud hardware infrastructure, operating software, product software, and supporting application software that is provided by Oracle as part of the Oracle Cloud Services, to maintain operational stability, availability, security, performance, and currency of the Oracle Cloud Services. Oracle follows formal change management procedures to review, test, and approve changes prior to application in the production service.; ; See http://www.oracle.com/us/corporate/contracts/ocloud-hosting-delivery-policies-3089853.pdf
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Oracle regularly performs penetration and vulnerability testing and security assessments against the Oracle cloud infrastructure, platforms, and applications. These tests are intended to validate and improve the overall security of Oracle Cloud Services.; ; See https://docs.cloud.oracle.com/iaas/Content/Security/Concepts/security_testing-policy.htm
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Oracle have automated mechanisms to log various security-relevant events (for example, API calls and network events) in the infrastructure, and monitor the logs for anomalous behaviour. Alerts generated by monitoring mechanisms are tracked and triaged by the security team; ; See https://docs.cloud.oracle.com/iaas/Content/Security/Concepts/security_overview.htm
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Oracle Global Information Security (GIS) defines roles and responsibilities for the incident response teams embedded within the Lines of Business (LoBs). All LoBs must comply with GIS incident response guidance about detecting events and timely corrective actions. Corporate requirements for LoB incident-response programs and operational teams are defined per incident type:; Validating that an incident has occurred; Communicating with relevant parties and notifications; Preserving evidence; Documenting an incident itself and related response activities; Containing an incident; Eradicating an incident; Escalating an incident; ; See https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html for users process for reporting security incidents

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Oracle VM
• How shared infrastructure is kept separate: Customer isolation that allows you to deploy your application and data assets in an environment that commits full isolation from other tenants and Oracle’s staff, as well as between the same tenant’s workloads; ; See https://docs.cloud.oracle.com/iaas/Content/Security/Concepts/security_guide.htm

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: The Strategic Fujitsu Datacentres are registered “participants” in the EU Code of Conduct for datacentres, complying with their energy efficiency guidelines conforming to ISO50001 Energy Management. The Supplier’s infrastructure planners have used optimal layouts, as determined by the EU Code of Conduct to build the service within these datacentres.

Social Value

• Fighting climate change:

  Fighting climate change

  Fujitsu operates a Dual Delivery approach to Social Value (SV).; ; Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.; To align with the theme of Fighting Climate Change with a policy outcome, we co-ordinate our efforts via an environmental action plan, a green procurement policy and a responsible procurement charter. Our initiatives are based on the National TOMs Framework. The 47 metrics of the Fujitsu TOMs have been developed in consultation with the Social Value Portal (SVP). We will use this to manage, monitor, measure, evidence and report on implemented initiatives within G-Cloud 13. At the end of each year, we will provide an independently audited Social Value Report, outlining completed activities, quantifiable SV generated and how each initiative aligns to the SVM policy outcomes.; ; The G-Cloud Service initiatives may include:; ; Developing Environmental Action Plans focusing on societal challenges of climate change, resource circulation and living in harmony with nature.; ; Supporting local School’s Programmes i.e. the UK Trees to supporting biodiversity, environmental education & clean air.; ; Ensuring all projects utilise our secure logistics facility so that all IT assets are re-purposed before recycling or disposal through secure /accredited routes.; ; Continuing the installation of Solar Panels across our or customer sites, enabling self-generating renewable energy.; ; Fujitsu as a member of RE100, promotes global corporate initiatives driving towards 100% renewable energy.; ; Supporting customer efforts to collect information on measures to promote the resource-saving design of products.
• Covid-19 recovery:

  Covid-19 recovery

  Fujitsu operates a Dual Delivery approach to Social Value (SV). ; ; Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.; To align with the theme of supporting Covid 19 recovery with a policy outcome, we focus on helping our customers, local communities and supporting our staff with the social and economic impacts. Our initiatives are based on the National TOMs Framework. The 47 metrics of the Fujitsu TOMs have been developed in consultation with the Social Value Portal (SVP). We will use this to manage, monitor, measure, evidence and report on implemented initiatives within G-Cloud 13. At the end of each year, we will provide an independently audited Social Value Report, outlining completed activities, quantifiable SV generated and how each initiative aligns to the SVM policy outcomes.; ; The G-Cloud Service initiatives may include: ; ; Helping our customers move to a more home-based/mobile service.; ; Support to local communities and helping schools to ensure disadvantaged children are not left behind in terms of access and skills to learn remotely by supplying equipment and training.; ; Our volunteering refocussed on the transfer of digital skills to support schools and the unemployed.; ; Acceleration of our apprentice schemes to support employment initiatives, including tackling skills gaps.; ; Support to enable SMEs/VCSEs to develop in disadvantaged areas through gifting of our apprentice levy.; ; Initiatives such as DASH, Karma Nirvana, Manchester Women’s Aid to support the Home Office Domestic Abuse Charity, provided laptops and technical support.
• Tackling economic inequality:

  Tackling economic inequality

  Fujitsu operates a Dual Delivery approach to Social Value (SV). ; ; Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.; To align with the theme of Tackling Economic Inequality with a policy outcome, we focus on creating employment and removing any barriers to employment, developing new skills, supporting our supply chain including SMEs and VCSEs. Our initiatives are based on the National TOMs Framework. The 47 metrics of the Fujitsu TOMs have been developed in consultation with the Social Value Portal (SVP). We will use this to manage, monitor, measure, evidence and report on implemented initiatives within G-Cloud 13. At the end of each year, we will provide an independently audited Social Value Report, outlining completed activities, quantifiable SV generated and how each initiative aligns to the SVM policy outcomes.; ; Tackling economic inequality:; ; The G-Cloud Service initiatives may include:; ; Providing employment opportunities for those facing barriers to employment, particularly those located in deprived areas.; ; Working with educational institutions and community groups to provide CV Skills/Mock Interview Workshops and STEM Schools career visits.; ; Creating apprenticeship/graduate opportunities within Fujitsu.; ; Training opportunities, for industries with skills shortages or high growth sectors i.e. Digital skills programmes. ; ; Assisting Rock2Recovery helping Armed Forces Veterans and an increasing number of Blue Light staff and their families by providing coaching and support e.g. business advice and their fund-raising activities.; ; Supporting local SMEs/VCSEs with access to learning pathways to develop and learn new skills to enhance their offerings.
• Equal opportunity:

  Equal opportunity

  Fujitsu operates a Dual Delivery approach to Social Value (SV). ; ; Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.; To align with the theme of Equal Opportunity with a policy outcome, we focus on reducing the disability employment gap, tackling workforce inequality and providing demonstrable value to society. Our initiatives are based on the National TOMs Framework. The 47 metrics of the Fujitsu TOMs have been developed in consultation with the Social Value Portal (SVP). We will use this to manage, monitor, measure, evidence and report on implemented initiatives within G-Cloud 13. At the end of each year, we will provide an independently audited Social Value Report, outlining completed activities, quantifiable SV generated and how each initiative aligns to the SVM policy outcomes.; ; The G-Cloud Service initiatives may include:; ; Our Work Your Way Programme, providing flexible working arrangements to all employees from day one.; ; Comprehensive digital skills training for disadvantaged people e.g. NEETs, minority, gender and ethnic groups, disabled, rehabilitating young offenders, or elderly people.; ; Employee Passport detailing all adjustments to fully supporting employees throughout their career.; ; Mandated accessibility standards are actively considered in Framework contracts throughout the solution/product/service lifecycle.; ; Opening up our supply chain to SMEs to share an ecosystem of alliances, expert partners and academic institutions and charities.; ; We build accessibility into Framework contracts via policies, processes and working environments to comply with legislation.
• Wellbeing:

  Wellbeing

  Fujitsu operates a Dual Delivery approach to Social Value (SV). ; ; Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.; To align with the theme of Wellbeing with a policy outcome, we focus on the Health and Wellbeing of all our workforce including our supply chain. Our initiatives are based on the National TOMs Framework. The 47 metrics of the Fujitsu TOMs have been developed in consultation with the Social Value Portal (SVP). We will use this to manage, monitor, measure, evidence and report on implemented initiatives within G-Cloud 13. At the end of each year, we will provide an independently audited Social Value Report, outlining completed activities, quantifiable SV generated and how each initiative aligns to the SVM policy outcomes.; The G-Cloud Service initiatives may include:; ; We provide access to Wellbeing Programmes supporting mental and physical health, including:; Employee Assistance Programme; “My Healthy Advantage” app providing content and 121 Live-Chat support;  Mental Health First Aiders; ; Mental Health campaigns for all staff including subcontractors, to create community of acceptance around mental health.; ; Fujitsu and supplier volunteering to support local wellbeing projects initiatives to support older, disabled and vulnerable people to build a stronger community network.; ; Providing specialist skills to support “Creating Better Environments” project – creating a digital platform helping autistic people better navigate environments.; ; The BuddyConnect™ application created by Fujitsu to support neurodiversity and inclusion in the workplace.

Pricing

• Price: £10,000 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government.frameworks@fujitsu.com. Tell them what format you need. It will help if you say what assistive technology you use.