Claranet Limited

Database as a Service (DBaaS)

The DbaaS Service provides the Customer access to immediate expert resource to manage the Customer’s database. The Customer’s estate will be managed by professional Database Administrators (DBA’s), who perform specific activities that underpin the Customer’s applications and data to allow the Customer to focus on core business activity.

Features

• Performance monitoring
• Service pack/patch upgrades
• Database version upgrades
• AWS, Azure, Claranet Cloud, and on-premise support
• Outage prevention and resolution in relation to the database
• 24x7 monitoring and alerting of the databases and Operating System
• Configuration changes
• Daily updates of database statistics
• Database Consistency Check (DBCC) integrity checks
• Database repairs (where required)

Benefits

• Removing the administrative overhead of database management
• Improved database performance
• Cost effective database management
• Consistent delivery across database technologies
• Fast access to expertise with depth and breadth of experience
• Improved focus on core business activity

£3,500 to £5,000 a server a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UK-bidteam@claranet.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

693563705457340

Contact

Claranet UK Bid Team
020 7685 8000
UK-bidteam@claranet.com

Service scope

• Service constraints: The service is available for Informix, Microsoft SQL, MySQL, and Postgres. The service cannot be performed on the Google Cloud Platform.
• System requirements:
  • Database errors are remediated before onboarding
  • Database versions aren't out of support by the vendor
  • Claranet is provided administrator access
  • The infrastructure must have enough resource to support tooling

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Tickets and emails are typically responded to within an hour.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The support for the service is standard across all tiers with standard support being available from the hours of 800 to 1800 Mon-Fri. Claranet offers out-of-hours 24x7 support for resolving incidents or issues in production systems.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: An initial consultation is provided to the customer to understand how many instances need to come onto contract, what technologies, location of the database, and any existing licenses. Claranet will also perform a database health check after being provided administrator level access in order to uncover the condition of the databases coming into contract and to provide actionable recommendations of which Claranet can provide remediation on under Professional Services.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The Customer maintains ownership of the system and its data that is under contract and maintains ownership after the contract has ended. Therefore, the Customer doesn't need to perform any data extraction.
• End-of-contract process: Claranet will revoke Claranet access to the system and hand this back to the Customer and hand-off any documentation agreed as part of the contract.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: The workloads under management by Claranet are spread across our Database Administrator team(s) with additional bandwidth being accounted for in our teams capacity. The service is also standard across all customers with additional Managed and Professional Services only being taken on provided we can continue to provide the same level of support to our existing managed customers. Every users system is designed to be isolated from others by either logical or physical isolation and therefore the Customers resource pool is not at risk.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: If the monitoring software alerts Claranet to memory running low, for example, we will contact and ask the Customer for permission to increase resource whether via email or slack.

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Never
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• Backup controls: Claranet will perform backup and recovery in line with the stated contract requirements. There is typically no involvement from the Customer as Claranet will manage this process, however the Customer can continue to manage backups in line with their own needs.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The service cannot guarantee availability if the service is deployed within either AWS, Azure, or on-premise where Claranet has no control over the uptime. However, our Claranet Cloud has 99.5% availability across tenant portal, network components, and hosted hardware.
• Approach to resilience: Information available on request.
• Outage reporting: Monitoring is set up as part of the standard Database service and will alert the Claranet Database Administrator team if a problem has occurred. Claranet also provide access to a customer dashboard, and send out email alerts when network issues have been identified.

Identity and authentication

• User authentication: Other
• Other user authentication: The Customer can define how Claranet accesses the system in line with their own security policies.
• Access restrictions in management interfaces and support channels: Only users with access to the system are the Database Administrators. No other Claranet staff has access to the database.
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: The customer can define how they want Claranet to access their system and we will conform to their security policies.
• Devices users manage the service through:
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DAS
• ISO/IEC 27001 accreditation date: 06/06/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: 7Safe Limited
• PCI DSS accreditation date: 01/2019
• What the PCI DSS doesn’t cover: Our PCI-DSS only covers physical security requirements 1 to 8. 10 and 11 are not covered.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO22301

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO27001:2013, ISO22301:2012

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Claranet have an embedded ITIL aligned configuration and change management process. All Claranet and customer specific changes are reviewed and evaluated for threats and risk before being deployed in a specific change window. Claranet use service management tools that support the ITIL process. All changes are tracked and audited. Customers are required to make all requests for change through the customer portal and only portal users with the correct privileges can request a change.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Claranet assesses on a regular basis security patches and updates and applies them after the Customers approval.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: The Database team monitors for whether a security patch is available and hasn't been applied to the managed database instance. Claranet has a response process and plan in the scenario a breach has been detected for breaches and incidents on managed infrastructure. A fully managed security service (Managed Detection and Response) is offered by Claranet if the customer does not want to manage it themselves.
• Incident management type: Undisclosed
• Incident management approach: Claranet have an embedded ITIL aligned process for Incident Management with description, instruction, and visual guides on how to raise an incident. All incidents are allocated a priority between 1-5 and have associated response times. As part of our service management offering we can evaluate incidents logged with a view to looking at trends and improving time to resolve. This data is typically combined in service management reports that are issued as per agreed schedule with the customer. Customers can report incidents to our services desk using either a telephone call or by raising the request through our online portal.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: AWS and Azure. For our Cloud, we use VMware.
• How shared infrastructure is kept separate: Every users system is designed to be isolated from others by either logical or physical isolation. If Claranet is in charge of the private cloud or EC2 instances, Claranet implements the virtualisation technology.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Claranet work with compliant datacentre providers.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Sustainability is a core element of our CSR strategy. At Claranet, we recognise the significance of our environmental footprint, even if it’s small, and are dedicated to perpetual improvements in energy conservation and waste minimisation throughout our operations. Our Senior Management Team has defined environmental and energy policies with a structure for setting and revising environmental objectives and goals.; • Our approach to environmental management includes:; • Committing to lessen our environmental impact.; • Integrating environmental performance and management into our business practice.; • Encouraging recycling and eco-awareness across our workforce, clientele, and suppliers.; • Reducing eco-toxic emissions from company vehicles.; • Reducing our energy use.; • Aligning with stakeholders to meet or excel in environmental standards.; • Adhering to applicable environmental laws and regulations.; • Conducting regular audits to measure and report on environmental metrics and establish goals.; Our energy management is focused on:; • Complying with legal standards for energy use.; • Implementing and, where possible, exceeding best practices for energy management.; • Allocating resources to meet our energy objectives and improve our management system continuously.; • Procuring energy-efficient solutions and services when feasible.; • Using data to monitor significant energy use and set targets for reducing consumption across the enterprise.; Our commitment to sustainability is reinforced by certifications such as ISO14001 for Environmental Management, ISO50001 for Energy Management, and the Cisco Environmental Sustainability Specialisation.; Aiming for net zero by 2050, we are proactively seeking ways to achieve this sooner. Our efforts are transparent, with an external Carbon Reduction Plan available upon request.

  Equal opportunity

  Offering the opportunity to advance our people’s professional development is one thing, however, ensuring that everyone, no matter who they are, has that opportunity is something that we pride ourselves on. Diversity and Inclusion is a highly regarded topic at Claranet and one that we strive to work towards. We are committed to driving diversity and inclusion in a measurable way. ; Our HR and Management teams are working closely on diversity and inclusion initiatives to support the reduction in the gap in pay between men and women. We have a group of employees who have volunteered themselves to work together the ensure some of the most meaningful diversity and inclusion dates throughout the calendar year are acknowledged and/or celebrated with the goal of ensuring all of our employees feel a sense of belonging at Claranet. We are a signatory with the Tech Talent Charter (TTC) who pride themselves on bringing organisations together to drive greater diversity and inclusion within the Technology sector. Not only does this support women getting into technology, but those from multi-ethnic and lower socio-economic backgrounds as well. We are excited to be a part of this movement and hope to contribute to making the UK technology sector truly inclusive. We are also one of the founding members of the Technology Community for Racial Equality (T4CRE). We are proud to support this organisation that is focused on promoting diversity, equity, and inclusion in the technology industry (https://tc4re.org/who-we-are/). ; Our recruitment strategy and policy also heavily supports this. The makeup of our Senior Management Team further evidences our commitment to inclusivity, as it continues to represent an equal split between men and women, which is essential to leading a diverse workforce and promoting equality.

  Wellbeing

  Claranet are passionate about people and fostering a healthy and nurturing work environment.; Our dedicated Wellbeing and Engagement team, work in partnership with external providers to deliver our health and wellbeing scheme: Health is Wealth. The scheme is comprised of talks led by professionals, access to exercise classes, discounted gym memberships and access to a fully trained Mental Health First Aiders team. Some of our notable events include, a Stress Awareness seminar, Disability Awareness talk delivered by Lee Spencer, Employee led activity to celebrate Neurodiversity Week, Women in technology celebrations, Happiness in the Workplace celebration week and Imposters Syndrome webinar. Our in-house team plan employee activity based on employee feedback and suggestions, enabling us to deliver a very diverse programme and support network within the workplace.; In conjunction with this we also provide all employees with access to the Employee Assistance Program (EAP). This facility provides an independent, confidential, and unlimited service available 24 hours a day, 365 days a year. It provides access to specialist professionals who offer advice on stress and anxiety as well as a range of other issues such as bereavement support, legal guidance, and health related issues.; Our employees also benefit from core and voluntary benefits including dental cover and private medical that covers pre-existing conditions with a range of options to cover partners or families. Voluntary Critical Illness Cover of up to £150,000 also gives our employees and their families financial and practical support at times of need.

Pricing

• Price: £3,500 to £5,000 a server a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UK-bidteam@claranet.com. Tell them what format you need. It will help if you say what assistive technology you use.