Cloud Backup
Cloud Backup utilises Veeam Cloud Connect technology to allow you to back up data held on-site to our secure ISO 27001 datacentres. Data can be encrypted with your own private keys.
Features
- Using industry-leading Veaam technology
- Wide range of options for data retention
- Multiple ISO27001 UK-based datacentre options
- Flexible options for data recovery
- Maintain full control through your own Veeam management console
- Choose from Manchester or Leeds Datacentre Sites
- Encryption at rest
- Backup immutability
Benefits
- Scalable
- Platform interconnection at major UK datacentres
- Provides a consistent and predictable operating cost
- 24/7 core platform support
- Instant recovery
Pricing
£0.06 a gigabyte a month
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
6 8 7 0 3 8 3 9 7 6 0 0 2 3 6
Contact
Razorblue Group Ltd
Hannah Muir
Telephone: 03333446344
Email: tenders@razorblue.com
Service scope
- Service constraints
- No specific constraints.
- System requirements
-
- Current version of Veeam Backup & Recovery
- Valid Veeam software maintenance
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Incidents are responded to 24/7 depending on severity.
Change requests are responded to within normal working hours. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
Support is provided by our Service Desk, 24/7.
Account management and technical advice is included. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Our platform is based on industry standard infrastructure with which most IT administrators will be familiar. As part of the on-boarding process, users will be offered a walkthrough and Q&A session. Documentation is also available.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- The service is provided as a platform, users will have full administrative access to virtual machines to extract data as they wish.
- End-of-contract process
- At the end of the contract, it is the client's responsibility to remove data and migrate away from the platform.
Using the service
- Web browser interface
- Yes
- Using the web interface
- Users can provision and manage virtual machines through the web interface.
- Web interface accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web interface accessibility testing
- The application is provided by a third party and they have carried out testing.
- API
- No
- Command line interface
- No
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- Capacity management plan in place to ensure that sufficient levels of capacity are always available with sufficient time to grow the architecture as needed.
- Usage notifications
- No
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- Disk
- Memory
- Network
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
- Hardware containing data is completely destroyed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Entire virtual machine & granular contents
- Offsite storage provider
- Backup controls
- The service is pure storage, users decide what to back up within their own Veeam management console.
- Datacentre setup
- Multiple datacentres
- Scheduling backups
- Users contact the support team to schedule backups
- Backup recovery
-
- Users can recover backups themselves, for example through a web interface
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Platform availability SLA is 100% excluding any scheduled maintenance.
See service description/manual for more information. - Approach to resilience
- All datacentre plant/infrastructure is N+1 as a minimum. The platform itself uses multiple components at each level. Further information is available upon request.
- Outage reporting
- Our outage & scheduled maintenance notification platform is hosted off-network and includes a public dashboard, e-mail alerts, SMS alerts and twitter notifications.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Our management network on which cloud platform infrastructure is located, is logically separated from the internet and our corporate network by firewalls. Multi-factor authentication is required to jump between network boundaries.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
- Dedicated device on a segregated network (providers own provision)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- ISOQAR
- ISO/IEC 27001 accreditation date
- 31/10/2016
- What the ISO/IEC 27001 doesn’t cover
-
A.10.1.1 - Policy on the use of cryptographic controls, excluded - cryptographic process is automated
A.10.1.2 - Key management, excluded - cryptographic process is automated
A.14.2.7 - Outsourced development. excluded - not applicable. No outsourced development - ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- ISO 9001
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Razorblue operates an ISMS (Information Security Management System) which is accredited and audited to ISO 27001 by a third party.
The ISMS includes policies and procedures covering our staff, recruitment processes, supplier management, technical configuration management, patch management, and so forth.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Our change process is aligned to ITIL and other industry standards. All infrastructure and assets are tracked through a CMDB.
Our change control process includes provision for assessing potential changes for security impact, including peer approval for any security related change. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
This process forms part of our ISO 27001 ISMS.
Our engineers monitor CVE and other supplier bulletins for vulnerabilities that could potentially affect our platform.
Patches are deployed at varying intervals dependent on the risk and ability to exploit the vulnerability. The exact details of this process are not disclosed.
Our engineers and technical architects also regularly attend industry training sessions to understand generic risks and how to combat them. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Proactive monitoring forms part of our ISO 27001 ISMS.
We have detailed incident response processes in place which have varying levels of responsiveness and actions dependent on the specific circumstances.
Our processes include notification of clients and regulatory bodies. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
We have established processes for incident and outage management. Users can contact us to report incidents, or in some cases we will report these to customers before they are necessarily aware of them.
We have a standardised incident reporting process which provides detailed documentation.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- VMware
- How shared infrastructure is kept separate
- VLAN separation
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- Our datacentres are corporate participants in the European Code of Conduct for Energy Efficiency in Data Centres programme; they aim to actively reduce energy consumption in a cost-effective manner without hampering the critical function of datacentres, by adopting innovative technologies to improve data centre energy efficiency and reduce energy consumption.
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
We believe that businesses have a crucial role to play in shaping a sustainable future for our planet, which is why we are taking a proactive approach to reduce our carbon footprint, striving to create a greener world.
Our most significant carbon contributor is data centre usage. In response to this sector-wide challenge, we have made a conscientious choice to partner exclusively with datacentres that operate on clean and renewable energy, upholding the highest standards of environmental responsibility. By adopting cloud technologies, and promoting this throughout our client base, we not only enhance efficiency and productivity but significantly reduce the carbon emissions that would have been generated by conventional server infrastructures.
We have optimised our office spaces to be energy efficient, integrating automatic LED lighting and heat recovery systems for heating and ventilation. We also embrace a paperless approach, aiming to minimise waste and resource consumption. We heavily promote recycling throughout all offices and have multiple recycling bins and facilities.
As part of our broader vision, we are promoting the transition to electric vehicles (EVs). While the charging infrastructure in the UK presents challenges, we remain steadfast in our goal to replace our fleet of cars with EVs. To accelerate this transition, we have introduced an EV car scheme for our entire workforce, encouraging employees to embrace eco-friendly transportation options.Tackling economic inequality
razorblue are constantly striving to improve economic, social, and environmental wellbeing.
In line with our dedication to supporting the local community, we proudly support local sports teams and clubs and work with local schools and colleges to promote education and skill-building opportunities. By working with local educational institutes, we aim to contribute to the growth and development of the younger generation.
We have partnerships with universities colleges and schools, such as Teesside University, Darlington College, and Middlesbrough College, with plans to extend partnerships to other institutions within the North East, Manchester, and Scotland and further afield to encourage people into STEM roles.Equal opportunity
We are in the process of partnering with the Power of Women, which is a movement to inspire young girls and help them throughout their journey at school, and hopefully open their eyes to a career in technology.Wellbeing
The team culture here is one of total transparency and a shared vision to challenge, innovate, push boundaries, and exceed client expectations. Our in-house Head of People places significant focus on the culture of our company and leads this strategy to give our team an excellent employee experience.
We regularly seek and act upon employee feedback so we can continually improve as an employer. Our employees have multiple ways to submit feedback, whether that is via our company intranet, HR software or in regular catch ups. Feedback is immediately acted upon by the board, and we use this to improve policies, practises, and culture. We learn from the people who do the doing, which is why we have multiple channels out there for our workforce to voice opinions and they can do so anonymously if desired.
Each team is given a quarterly budget to do something fun of their choice, this is there to build better relationships and remove the hierarchy between management and staff so they can approach them on a more personal level. In addition to this we have regular team-building days, a yearly company-wide team building fun day, as well as an Employee Awards Evening to which employees and partners are all invited and paid for.
Our leadership team undergo regular training to help them become amazing and supportive leaders. This training focuses on prioritising the wellbeing and development of employees and demonstrates commitment to creating a positive and empowering workplace culture. Nearly all our leadership team are Mental Health First Aiders, with the aim of all of them being qualified by August 2023.
What’s more we operate an open office with senior leadership and directors opting to work amongst staff and communicate directly as opposed to residing in closed off offices.
Pricing
- Price
- £0.06 a gigabyte a month
- Discount for educational organisations
- Yes
- Free trial available
- No