DATAQUEST (HEATHROW) LIMITED

Infrastructure and Platform Security

We offer a fully proactive managed IPS/IDS solution to block unwanted traffic from entering your network. MFA and SSO capabilities can also be optionally added. Addtional benefits, include Qualys vulnerability reporting and proactive remediation.

Features

• AI learns specific threats and behaviours and responds accordingly
• The AI executes predefined actions if suspicious activities are detected
• Compliments normal firewall protection service
• Manages signature updates to supported products
• Innovative Multi-Factor methods to positively identify users
• SSO to simplify the login process (securely)
• Integration into all cloud environments
• Qualys reporting
• Infrastructure Security

Benefits

• Automated predefined actions according to content type
• Traffic baseline and rule setting to understand your network
• Automated tuning and adaptations as security devices learn new behaviours
• Single sign on to improve user experience
• Reduces risk to your organisation from external and internal users
• Single Sign-On frees people from password chains
• Helps with compliance
• Access applications anywhere on any device securely

£47 a virtual machine a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@dqgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

687250947423908

Contact

Michael Lyons
07799894781
gcloud@dqgroup.com

Service scope

• Service constraints: None
• System requirements:
  • OS must be on the SCL of the MFA/SSO vendor
  • IDS/IPS must be enabled on the security device

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Dataquest will monitor, manage and maintain the underlying hardware infrastructure and Hypervisor. The Customer has 3 options for managing the virtual machines that sit on the hyper visor:; ; 1. Self-Service (Customer's IT Team manage, patch and troubleshoot the virtual server estate); 2. Fully Managed Service - The Customer Purchases a Fully managed service from Dataquest with a defined Service Level Agreement.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The Dataquest Helpdesk is available to provide 1st and 2nd line technical support over the telephone, through our online helpdesk, and our remote management tool . This is a paid for service see rate card for Pro-Active or Reactive support.; ; A call is recorded, triaged, and classified as an Incident, Request, Change, Complaint, or other piece of demand in accordance with ITIL guidance. Alerts are monitored by Dataquest's Integrated Operations Centre. ; ; Depending on the contract that is entered into the support desk is available 24x7x365 or during Normal business hours.; ; Dataquest Normal Business Hours are defined as: ; Monday to Friday 08:00 to 18:00 excluding public holidays.; ; Dataquest has 4 Incident SLAs:; ; Priority 1 - High impacting incident - response within 1 hour; Priority 2 - Moderate to high impacting incident - response within 2 hours; Priority 3 - Low to moderate impacting incident - response within 4 hours; Priority 4 - Very low impacting incident or service/information request - response within 5 working days.; ; Each Customer has a Customer Excellence Manager who manages the relationship through regular Teams or face to face meetings. Furthermore the Customer will have access to a technical account manager or cloud support engineer, if required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All of Dataquest's managed cloud service contracts start with an initiation meeting, it is at this point that the Customer will be trained on how get started and how to interact with Dataquest 's service desk. This training will take the form of either remote or onsite training dependent on the customer's preference. Documentation will also be provided.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Before the end of a contract is reached the assigned Service Delivery Manager at Dataquest will reach out to the customer to discuss and agree on a contract exit strategy. Part of the agreed strategy will include data extraction and deletion from the Dataquest infrastructure. Furthermore the customer can add change or remove their data at any time with or without Dataquest's input.
• End-of-contract process: Where a client chooses to terminate their subscription with Dataquest, we are able to provide support for data extraction and/or migration where reasonable. We will agree a point of service termination with the client when the transition is complete. At this point, our dedicated support and technical teams will cease to provide any services. We will work to ensure that this transition is seamless.

Using the service

• Web browser interface: Yes
• Using the web interface: Where a Buyer opts for Dataquest's self-managed IaaS they will be able to configure their environment by using Dataquest's orchestration tool OnApp, This will allow them to allocate CPU, RAM and disk space to their virtual servers. They can also create, delete and reboot servers without having to contact Dataquest Support; ; If the customer does not want to utilise OnApp then we can provide limited access to vCentre, where they can only see their estate and they have the ability shutdown/reboot servers.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: They can not increase the size of their resource pool; any increase of CPU RAM or disk would require a signed sales order from the Customer.; ; They can not access anything other than their own environment. They will have limited access to vCentre
• Web interface accessibility testing: None
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: We use tools a number of tools to monitor our infrastructure and alert the support team accordingly. Furthermore we use tools within VMware to dynamically load our infrastructure.; We also do not over sell the capacity - vCPU is on a 4:1 ratio, RAM is on a 1:1 ratio and we do not thin provision the SAN
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics: Login attempts
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Each service is provided with a guarantee of availability at contract level and sanctions in case of the service availability dropping below guaranteed level.
• Approach to resilience: Available on request
• Outage reporting: An API, email alerts, SMS

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is restricted through a combination of username and passwords, multifactor authentication, firewalling, IP restrictions, the use of bastion hosts as appropriate.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institute (BSI)
• ISO/IEC 27001 accreditation date: 19/05/2022
• What the ISO/IEC 27001 doesn’t cover: Software development
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: A mature security program is in place. Head of Compliance manages the company’s risk through security technologies, auditable work processes, and documented policies and procedures such as; Acceptable Use Policy (AUP), Access Control Policy (ACP), Change Management Policy, Information Security Policy, Incident Response (IR) Policy, Remote Access Policy, Email/Communication Policy, Disaster Recovery Policy, Business Continuity Plan (BCP). These policies are just some of the basic guidelines Dataquest use to build successful security programs.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The key elements of Dataquest's configuration management are:; version control, baseline and release information, audits & review; documented process and build, integrate and deploy scripts.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Evaluated and appropriate measures are taken to address any associated risks; management of technical vulnerabilities, restrictions on software installation, information systems audit controls. In accordance with Dataquest’s ISO 27001 ISMS (technical vulnerability management) testing is carried out at least once annually and when applicable patches to the system are introduced to the main systems, when new network infrastructure or applications are added, if significant upgrades or modifications are applied to infrastructure or applications and end user policies are modified.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: PMCs used to assist Dataquest in the protection of its staff, assets and information and to assist in the investigation of misconduct or criminal activity. Accurate time in logs, recording relating to business traffic crossing a boundary,recording relating to suspicious activity at a boundary,recording of workstation, server or device status, recording relating to suspicious internal network activity,recording relating to network connections,recording of session activity by user and workstation,recording of data backup status,alerting critical events, reporting on the status of the audit system,production of sanitised and statistical management reports and providing a legal framework for protective monitoring activities.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: As part of Dataquest's service operation, incident management aims to manage the lifecycle of all incidents. Our primary objective is to return the IT service to users as quickly as possible. The incident management sub-processes and objectives are aligned to ITIL and ISO 27001:2013 standard. Incident management support, incident logging and categorisation, incident resolution, incident monitoring and escalation, incident closure and evaluation, pro-active user information and incident management reporting.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: VMware's vCenter uses a layered approach with security controls, isolation mechanisms, and monitoring controls embedded in the network, compute, and storage layers of the service stack. ; ; This layered approach provides secure access to the hosts, guarantees resources to tenants, and provides abstraction to the physical components. The VMware software-defined solutions at different layers allow the infrastructure to provide isolation of resources.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Telehouse West saves up to 1,110 tonnes of CO2 emissions per annum and provides up to nine megawatts of power for the local neighbourhood. The energy savings equate to boiling 3,000 kettles continuously. The disposal of waste heat from cooling systems is one of the most significant sustainability issues associated with data storage. This is the first time a heat export strategy has been introduced in the UK for this type of data centre facility.

Social Value

• Fighting climate change:

  Fighting climate change

  Dataquest operates an Environmental Management System (EMS) that has gained ISO 14001: 2015 certification. Our EMS is a continual cycle of planning, implementing, reviewing, and improving Dataquest’s processes and actions to meet environmental obligations and objectives. Energy efficiency makes a significant contribution to environmental sustainability and helps us to reduce our operating costs. We monitor our use of key sources of energy (electricity, gas,) with the aim of reducing our carbon emissions.
• Covid-19 recovery:

  Covid-19 recovery

  Dataquest continues to follow and update our business continuity plan with a focus on protecting the health and well-being of our colleagues, while keeping the business running, supporting our partners and continuing to provide the best possible service levels. In line with our ISO 27001 Standard, we have a robust disaster recovery and business continuity plan in place. This includes significant investments in technology and infrastructure to ensure we can continue to operate the business in a variety of unforeseen scenarios. We have extensive online collaboration capabilities to help ensure business continuity and we’re working tirelessly to help everyone stay safe while at the same time continuing to serve our customers.
• Tackling economic inequality:

  Tackling economic inequality

  Dataquest is committed to tackling economic inequality at root, from creating new businesses and new employment opportunities, to improving education and training, Our overriding vision is to help lower the unequal distribution of income and opportunity between different groups in society.
• Equal opportunity:

  Equal opportunity

  Dataquest is an equal opportunities employer and in general would wish to go beyond the strict legal requirements as determined by statute in order to be seen to promote sound and fair management practices and procedures at all times. ; ; It is therefore the Company’s aim to provide equality of opportunities for all employees by providing a working environment free from unlawful discrimination, harassment, bullying or victimisation on the grounds of sex, marital status, sexuality, disability, age, race, colour, ethnic origin, nationality, religious or political beliefs. This principle will equally apply to recruitment, training, promotion, dismissal, transfer and all benefits, terms and conditions of employment. ; ; The Company will not tolerate acts which breach policy and all instances of such behaviour will be taken seriously, be thoroughly investigated and in proven cases, will be subject to the Company’s disciplinary procedures. Policies for recruitment, selection, training, development and promotion are designed to ensure that individuals are selected, promoted and otherwise treated solely on the basis of their relevant aptitudes, skills and abilities.
• Wellbeing:

  Wellbeing

  We encourage vitality, a healthy quality of life, and a positive working environment in which people thrive. Our priority is to be proactive, so employees can gain awareness, education, and support to successfully function at work and at home, free from factors which may negatively impact upon their health.

Pricing

• Price: £47 a virtual machine a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@dqgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.