Skip to main content

Help us improve the Digital Marketplace - send your feedback

Razorblue Group Ltd

Cloud Backup

Cloud Backup utilises Veeam Cloud Connect technology to allow you to back up data held on-site to our secure ISO 27001 datacentres. Data can be encrypted with your own private keys.

Features

  • Using industry-leading Veaam technology
  • Wide range of options for data retention
  • Multiple ISO27001 UK-based datacentre options
  • Flexible options for data recovery
  • Maintain full control through your own Veeam management console
  • Choose from Manchester or Leeds Datacentre Sites
  • Encryption at rest
  • Backup immutability

Benefits

  • Scalable
  • Platform interconnection at major UK datacentres
  • Provides a consistent and predictable operating cost
  • 24/7 core platform support
  • Instant recovery

Pricing

£0.06 a gigabyte a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@razorblue.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 8 7 0 3 8 3 9 7 6 0 0 2 3 6

Contact

Razorblue Group Ltd Hannah Muir
Telephone: 03333446344
Email: tenders@razorblue.com

Service scope

Service constraints
No specific constraints.
System requirements
  • Current version of Veeam Backup & Recovery
  • Valid Veeam software maintenance

User support

Email or online ticketing support
Email or online ticketing
Support response times
Incidents are responded to 24/7 depending on severity.
Change requests are responded to within normal working hours.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
Support is provided by our Service Desk, 24/7.

Account management and technical advice is included.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our platform is based on industry standard infrastructure with which most IT administrators will be familiar. As part of the on-boarding process, users will be offered a walkthrough and Q&A session. Documentation is also available.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The service is provided as a platform, users will have full administrative access to virtual machines to extract data as they wish.
End-of-contract process
At the end of the contract, it is the client's responsibility to remove data and migrate away from the platform.

Using the service

Web browser interface
Yes
Using the web interface
Users can provision and manage virtual machines through the web interface.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
The application is provided by a third party and they have carried out testing.
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Capacity management plan in place to ensure that sufficient levels of capacity are always available with sufficient time to grow the architecture as needed.
Usage notifications
No

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • Disk
  • Memory
  • Network
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Entire virtual machine & granular contents
  • Offsite storage provider
Backup controls
The service is pure storage, users decide what to back up within their own Veeam management console.
Datacentre setup
Multiple datacentres
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Platform availability SLA is 100% excluding any scheduled maintenance.

See service description/manual for more information.
Approach to resilience
All datacentre plant/infrastructure is N+1 as a minimum. The platform itself uses multiple components at each level. Further information is available upon request.
Outage reporting
Our outage & scheduled maintenance notification platform is hosted off-network and includes a public dashboard, e-mail alerts, SMS alerts and twitter notifications.

Identity and authentication

User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Our management network on which cloud platform infrastructure is located, is logically separated from the internet and our corporate network by firewalls. Multi-factor authentication is required to jump between network boundaries.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ISOQAR
ISO/IEC 27001 accreditation date
31/10/2016
What the ISO/IEC 27001 doesn’t cover
A.10.1.1 - Policy on the use of cryptographic controls, excluded - cryptographic process is automated
A.10.1.2 - Key management, excluded - cryptographic process is automated
A.14.2.7 - Outsourced development. excluded - not applicable. No outsourced development
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
ISO 9001

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Razorblue operates an ISMS (Information Security Management System) which is accredited and audited to ISO 27001 by a third party.

The ISMS includes policies and procedures covering our staff, recruitment processes, supplier management, technical configuration management, patch management, and so forth.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our change process is aligned to ITIL and other industry standards. All infrastructure and assets are tracked through a CMDB.

Our change control process includes provision for assessing potential changes for security impact, including peer approval for any security related change.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
This process forms part of our ISO 27001 ISMS.

Our engineers monitor CVE and other supplier bulletins for vulnerabilities that could potentially affect our platform.

Patches are deployed at varying intervals dependent on the risk and ability to exploit the vulnerability. The exact details of this process are not disclosed.

Our engineers and technical architects also regularly attend industry training sessions to understand generic risks and how to combat them.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Proactive monitoring forms part of our ISO 27001 ISMS.

We have detailed incident response processes in place which have varying levels of responsiveness and actions dependent on the specific circumstances.

Our processes include notification of clients and regulatory bodies.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have established processes for incident and outage management. Users can contact us to report incidents, or in some cases we will report these to customers before they are necessarily aware of them.

We have a standardised incident reporting process which provides detailed documentation.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
VLAN separation

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Our datacentres are corporate participants in the European Code of Conduct for Energy Efficiency in Data Centres programme; they aim to actively reduce energy consumption in a cost-effective manner without hampering the critical function of datacentres, by adopting innovative technologies to improve data centre energy efficiency and reduce energy consumption.

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

We believe that businesses have a crucial role to play in shaping a sustainable future for our planet, which is why we are taking a proactive approach to reduce our carbon footprint, striving to create a greener world.

Our most significant carbon contributor is data centre usage. In response to this sector-wide challenge, we have made a conscientious choice to partner exclusively with datacentres that operate on clean and renewable energy, upholding the highest standards of environmental responsibility. By adopting cloud technologies, and promoting this throughout our client base, we not only enhance efficiency and productivity but significantly reduce the carbon emissions that would have been generated by conventional server infrastructures.

We have optimised our office spaces to be energy efficient, integrating automatic LED lighting and heat recovery systems for heating and ventilation. We also embrace a paperless approach, aiming to minimise waste and resource consumption. We heavily promote recycling throughout all offices and have multiple recycling bins and facilities.

As part of our broader vision, we are promoting the transition to electric vehicles (EVs). While the charging infrastructure in the UK presents challenges, we remain steadfast in our goal to replace our fleet of cars with EVs. To accelerate this transition, we have introduced an EV car scheme for our entire workforce, encouraging employees to embrace eco-friendly transportation options.

Tackling economic inequality

razorblue are constantly striving to improve economic, social, and environmental wellbeing.

In line with our dedication to supporting the local community, we proudly support local sports teams and clubs and work with local schools and colleges to promote education and skill-building opportunities. By working with local educational institutes, we aim to contribute to the growth and development of the younger generation.

We have partnerships with universities colleges and schools, such as Teesside University, Darlington College, and Middlesbrough College, with plans to extend partnerships to other institutions within the North East, Manchester, and Scotland and further afield to encourage people into STEM roles.

Equal opportunity

We are in the process of partnering with the Power of Women, which is a movement to inspire young girls and help them throughout their journey at school, and hopefully open their eyes to a career in technology.

Wellbeing

The team culture here is one of total transparency and a shared vision to challenge, innovate, push boundaries, and exceed client expectations. Our in-house Head of People places significant focus on the culture of our company and leads this strategy to give our team an excellent employee experience.
We regularly seek and act upon employee feedback so we can continually improve as an employer. Our employees have multiple ways to submit feedback, whether that is via our company intranet, HR software or in regular catch ups. Feedback is immediately acted upon by the board, and we use this to improve policies, practises, and culture. We learn from the people who do the doing, which is why we have multiple channels out there for our workforce to voice opinions and they can do so anonymously if desired.
Each team is given a quarterly budget to do something fun of their choice, this is there to build better relationships and remove the hierarchy between management and staff so they can approach them on a more personal level. In addition to this we have regular team-building days, a yearly company-wide team building fun day, as well as an Employee Awards Evening to which employees and partners are all invited and paid for.
Our leadership team undergo regular training to help them become amazing and supportive leaders. This training focuses on prioritising the wellbeing and development of employees and demonstrates commitment to creating a positive and empowering workplace culture. Nearly all our leadership team are Mental Health First Aiders, with the aim of all of them being qualified by August 2023.
What’s more we operate an open office with senior leadership and directors opting to work amongst staff and communicate directly as opposed to residing in closed off offices.

Pricing

Price
£0.06 a gigabyte a month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@razorblue.com. Tell them what format you need. It will help if you say what assistive technology you use.