ATOS IT SERVICES UK LIMITED

Atos Secure UK Cloud Hosting (IRIS)

The IRIS UK Cloud platform provides you with a secure, UK Sovereign, OFFICIAL cloud hosting service, delivered from ISO-27001 certified data centres. Our service is ideal for hosting production business applications, development systems, or testing services in a highly available cloud environment, and is available in “managed” or “unmanaged” variants.

Features

• A choice of unmanaged or fully managed OS VM/Physical server
• Delivered from UK based ISO-27001 data-centres
• Supported by UK SC cleared personnel,PSN Assured,CE+ certified
• Built on flexible, scalable & continuously refreshed infrastructure
• Capable of supporting dual UK site with synchronous replication
• Zero data loss capable infrastructure to protect your service
• High availability architecture to ensure service continuity
• Connectivity options of PSN, Private WAN, Public Cloud, and Internet
• Service Availability of 99.95%
• Service Management processes follow ITILv4

Benefits

• Simple pricing for IaaS services based on server/data volumes
• Fast and flexible scale up/down hosting platform deployment
• Atos do all the complex platform setup for you
• Pre-configured Virtual Machines with options ready to use
• Flexible user access and management capabilities
• Built on a shared, secure, multi-tenanted platform supporting many customers
• Deep feature set including strong security controls & service protection
• UK supported by SC cleared personnel
• Flexible self-service portal for reporting, management and provisioning
• Allows high availability application architectures across twin sites

£137.02 a virtual machine a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@atos.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

695127478484420

Contact

Louise Carr
+447733315094
opportunities@atos.net

Service scope

• Service constraints: “Planned Maintenance” means any pre-planned maintenance of any infrastructure or core platform relating to the services: ; - Scheduled at weekends between 01:00 Saturday and 23:59 Sunday ; - “Emergency Maintenance” means any emergency maintenance of any of the infrastructure relating to the services ; - Whenever possible Emergency Maintenance of Atos’ infrastructure will happen between the hours of 01:00 Saturday and 23:59 Sunday (UK local time).
• System requirements:
  • Applications/Software must operate on VMware ESX
  • PSN Code of Connection agreement and compliance (where required )
  • Agree to the Acceptable Use Policy
  • Appropriate contact details for Atos staff members
  • Must meet and agree the IRIS UK Terms and Conditions
  • Adhere to the IRIS UK Security Policies

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 'Priority 1 - 95% in 4 Support Availability Hours; 'Priority 2 - 95% in 8 Support Availability Hours; 'Priority 3 - 95% in 2 Support Availability Days (Mon-Fri 08.00–18.00 only); 'Priority 4 - 95% in 5 Support Availability Days (Mon-Fri 08.00–18.00 only); 'Service Request Handling Window - 5 days 10 hours Mon-Fri 08.00–18.00
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: Options of Standard (08:00-18:00 M-F) or Enhanced (08:00-18:00 M-F + 24x7 for P1 Incidents). Cost difference between support levels varies depending on the selected offering. Managed IaaS offerings are supported by our Cloud Support Engineers, and Platform team
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Atos works with customer to assist the onboarding of services. The level of assistance will be dependent upon the commercial arrangements. On boarding can, where include:; 1) Workshops; 2) Solution reviews; 3) Ad hoc guidance and support; 4) Assistance with migration plans and activities; ; The workshops may be at Atos premises or at customer defined locations.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Microsoft Word
  • Microsoft Visio
  • Mircosoft PowerPoint
• End-of-contract data extraction: All customer supplied hosted data will be made available for migration, or deleted, at the end of the service or (for backups / archives) at the end of the backup / archive retention cycle (or at the point when off-boarding occurs, or if the appropriate data protection plan lapses). All commercial customer information will be held until the end of the reporting cycle (monthly), until all payments have been received, and then held as required for reporting / regulatory purposes (including log files).
• End-of-contract process: Off-boarding is based on a common approach with the following activities included within the standard Atos IRIS UK Cloud Hosting monthly charges, although we understand each client off-board may be different and we work with our customers to ensure a successful outcome.; -Server decommissioning will be undertaken in a manner compliant with security best practices; -Storage decommissioning will be undertaken in a manner compliant with security best practices; -All customers supplied physical media or appliances will be returned or securely disposed of before or at the end of the service as required; -Certifying that the Off-boarding process has successfully completed the actions required, in accordance with the agreed Information Assurance controls.; -Final invoicing and account closure.

Using the service

• Web browser interface: Yes
• Using the web interface: • Provisioning of new services including new servers, network functions and storage services. ; • Day 2 operations - including modification, deprovision, storage additions; • Dashboard view of provisioned servers including provisioned specification and near real time operational monitoring information across virtual and physical platforms; • Network visualisation view, showing how servers have been provisioned across networks, zones, and datacentres; • Capacity snapshot of customer servers, updated every 15 minutes; • Access to view/download your latest monthly billing summary report; • Customisable shopping basket to enable environments to be designed, planned, and priced before being provisioned; • Standard Service Requests (SSR)
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Our web-based facilities are delivered to be compatible with all major, in support, web browsers, and as such can be used with external accessibility tools if required.
• Web interface accessibility testing: Our web-based facilities are delivered to be compatible with all major, in support, web browsers, and as such can be used with external accessibility tools if required.
• API: No
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • Other
• Using the command line interface: For un-managed IaaS, the customer has full CLI access and privileges. For managed IaaS, the customer has delegated access to CLI with sufficient privileges to manage their software deployments

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Guaranteed CPU / Memory Commitments; Guaranteed Bandwidth Commitments; Dedicated hosts are optionally available for physical segregation
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Physical access control, complying with CSA CCM v3.0, ISO 27001 and requirements from the SPF for Official. Data at rest is encrypted at the Storage Layer . All disc storage is encrypted.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Foundation Recovery: Backup media based with pooled passive standby compute
  • VMAutoRecovery: Auto Recovery SAN based replication of Virtual Machine
  • Hot Standby Recovery: Server in Secondary Data Center
  • Backup: File Storage
  • Backup: Block Storage
  • Backup: Databases
  • Backup: Applications
  • Snapshots: File Storage
• Backup controls: Users schedule backups through our Self-Service Portal.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Other
• Other protection within supplier network: Bonded Fibre Connection between core data centres.

Availability and resilience

• Guaranteed availability: Service Availability SLA of 99.95%
• Approach to resilience: The IRIS UK Platform employs the following architecture to deliver a highly available architecture:; 1. Twin Tier 3 Data Centers; 2. Bonded Fibre Connectivity between Data Centers over two diverse routes ; 3. Redundant Power Supplies ; 4. N+1 Redundancy of all hardware components ; 5. Enterprise Class Storage ; 6. Replicated Storage and Backup; 7. Annual Disaster Recovery Exercises; 8. Business Continuity Plans
• Outage reporting: Text and email alerts, contact through Account representative.

Identity and authentication

• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Management is via dedicated virtual management LAN via Bastion Hosts. Access to these LANs is governed by strict network controls and 2-Factor Authentication. Only required ports are permitted for management traffic, secure protocols are mandated. All Administrators are UK Nationals and SC Cleared.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication
• Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: PWC
• ISO/IEC 27001 accreditation date: 01/11/2023
• What the ISO/IEC 27001 doesn’t cover: Scope may be provided upon request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Blackfoot UK Ltd
• PCI DSS accreditation date: 11/12/2023
• What the PCI DSS doesn’t cover: No non-covered scope. Scope may be provided upon request.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Atos has security governance in place that is aligned with the National Cyber Centre Guidance and the PSN guidance, and CE+.; ; Atos has security standards that follows NCSC Guidance and Center for Internet Security Standards, and other industry recognised standards bodies.
• Information security policies and processes: Atos has in place a full set of security policies and procedures. Atos staffs are required to follow the procedures, this requirement is covered in the Security Operating Procedures (SyOps) that administrators are required to sign.; ; Security Governance is overseen by the IRIS UK Security Working Group who meet monthly. Platform Tenant Security representatives are invited to attend.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Atos has processes and procedures in place covering operational security. Changes that impact security are covered at the Security Working Group. Atos processes are ITIL compliant.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Atos has processes and procedures in place covering operational security. Changes that impact security are reviewed at our Security Working Group. Vulnerabilities are identified using vulnerabilities feeds and the UK Government NCSC (CISP). Applicable vulnerabilities are assessed by impact and formally reported at our monthly Security Working Group.; ; Patching performed to the following standards:; ; Crisis - Immediate action required Follow instructions of CSIRT and/or CISO; ; P1 Mandatory 2 weeks maximum (including system reboot) for critical systems; ; P2 Strongly Recommended 4 weeks maximum for critical systems; ; P3 Recommended 8 weeks maximum for critical systems; ; P4 Discretionary Next Patch Cycle (2–4 months)
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Service logs are fed into an Atos provided and managed protective monitoring solution (SIEM). Atos has implemented a set of correlation rules to detect and alert upon activities that are deemed to be suspicious. Any alert will be investigated and where appropriate remedial action will be undertaken. Alerts are investigated depending upon their priority, with high priority alerts being actioned within 60 mins.; ; Where customers are impacted, they will be informed in a timely manner
• Incident management type: Supplier-defined controls
• Incident management approach: Formal incident management processes are in place to cover security incidents. These are based around best practice, including the NIST guidance.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Dedicated Network Zones with segregated firewalls. Separation is achieved at a number of different layers depending on the services consumed. Within the cloud separation is achieved using different Software Defined Networks (SDN)per customer at the network layer, ESXi hosts provide separation at the compute layer and at the storage layer (or LUNs if separate physical hosts). Ingress and egress to the cloud SDN can be via shared networks (e.g. PSN) or via dedicated networks, e.g. customer WAN with a firewall context providing separation. Segregation tests are undertaken as part of the annual ITHC.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Objective of EU Code of Conduct for Energy Efficient data centres is to reduce energy consumption at data centres, and thus their environmental impact, without compromising their performance and capacity. Atos is fully supportive of the principles enshrined in the EU Code of Conduct for Energy Efficient data centres towards more innovative, sustainable and secure data centre facilities. We demonstrate this commitment through continuous development of our data centres, particularly with respect to energy usage. ; ; The EU Code of Conduct for Data Centres utilises Power Utilisation Effectiveness (PUE) as a key metric to assess the overall efficiency of a data centre. Please find below PUE of our UK data centres in Longbridge and Birmingham along with other key attributes: ; ; Longbridge: PUE value 1,16 - indirect free cooling, efficient A/C and UPS upgrades, cold aisle containment implementation, using renewable energy.; Birmingham: PUE value 1,58 – efficient A/C and UPS upgrades, cold aisle containment implementation, using renewable energy.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Atos is a global leader in decarbonised digital services incorporating sustainable practices into our IT services to mitigate against the impact of climate change. This is evidenced by our EcoVadis Platinum Award. We are committed to an SBTi endorsed Science Based Target and are on track to reduce all emissions by 50% between 2019-25 and achieve Net Zero by 2039. Activities to achieve this include: IT Products and Services: We place a 20% sustainability weighting during procurement and use EcoVadis to assess supplier environmental performance. We were awarded “Platinum” status by EcoVadis for the fourth year running in October 2023. Renewable Energy Sources: Since 2018, the electricity purchased for our IT equipment, lighting and some space heating in mainland Great Britain has been from 100% renewable sources. Reduce Energy Consumption: Initiatives include the adoption of remote/hybrid working for employees, leading to a 10% drop in Atos UK&I energy usage between H1 2022 and H1 2023 through the rationalisation of 15 offices. In 2020, we signed up to a group-wide car-fleet agreement to source only electric vehicles with the aim to switch our entire fleet to electric or hybrid by 2025 (70% achievement in 2022). Minimise Electronic Waste: Atos has a circular economy approach to minimise electronic waste and extend the lifespan of its IT equipment ensuring that 100% of our obsolete IT assets are collected, reused, or recycled in a responsible way. The policy approach is based on the ISO14001 certified management system. In the UK we partner with Tier1, an SME specialising in hardware recycling. We will assess each call-off contract from G-Cloud 14 and make commitments that will drive sustainability such as: • Selecting sustainable partners and hosting joint decarbonisation workshops • Delivering environmental volunteering opportunities • Delivering training/education on sustainability

  Tackling economic inequality

  Atos recognises that the IT sector faces employment and skills shortages whilst under-represented groups still face barriers to accessing jobs. According to Prospects.ac.uk (December 2023), less than 8.5% of senior leaders in UK tech are from ethnic minority groups, only 16% of IT professionals are female and less than 9% of all IT specialists have a disability. We have implemented initiatives to tackle economic inequality: Early Career Talent Activities Atos provides work experience placements and STEM outreach to schools/universities to inspire students from different backgrounds across the UK into technology careers. Our Graduate and Apprenticeship programmes are over 18 months and provide experience in project delivery, operations and technical areas. The Atos Graduate Internship and Apprenticeship Community supports members in building up a network across the organisation and provides extra-curricular opportunities. Recruitment Activities We have embedded a fully inclusive and accessible end-to-end recruitment process. Actions include: Our Recruitment professionals to complete ‘Diversity, Equality and Inclusion (DEI) training for HR and Talent Professionals’ to attract a diverse talent pool We use Textio, a writing-enhancement service, to remove gender bias from job adverts We use video and flexible/adjusted interviews to provide support if wanted by people with disabilities including neurodiversity, such as assistive technology and schedule flexibility We organise tech career events and partner with organisations such as Bright Network to target candidates from under-represented groups. Career Development Activities All Atos employees are encouraged to set an Individual Development Plan with access to in-house learning and development resources such as Atos University. We will assess each call-off contract from G-Cloud 14 and make commitments that will tackle economic inequality such as: Creating employment opportunities Collaborating with our partners such as Next Tech Girls and SmartSTEMs to deliver training schemes/programmes to address any identified skills gaps and support skills growth.

  Equal opportunity

  Atos has been recognised as a leading employer in supporting an inclusive workplace through its inclusion in the Times Top 50 Employers for Gender Equality 2023 and our Level 3 Disability Confident Leader status. We continually review and improve our DEI initiatives to ensure we advance our goal. Inclusive/accessible recruitment activities We have embedded a fully inclusive and accessible end-to-end recruitment process. To achieve this, we engaged external partners to provide training to managers/HR to ensure fair recruitment by removing barriers and attracting diverse talent. Inclusive working conditions We create an inclusive working environment where all individuals can thrive and enable Atos to retain diverse talent: Policies: Our policies ensure we support all our employees regardless of their characteristics, enabling everyone to access and pursue opportunities available in Atos. DEI Networks: Our employee-led networks are advocates for equality and change in the workplace and wider society. Business Initiatives: We have initiatives to support under-represented groups’ progress in our workplace such as talent programmes and embedding cultural events into our calendar including International Woman’s Day and Black History Month. Fair Pay Our Diversity Pay Gap Report aligned to the Equality Act 2010 (Gender Pay Gap Information) Regulations 2017, is published annually and provides transparent reporting on our progress to create gender and ethnicity balance. Flexible Working Atos is proud to actively support remote/hybrid and flexible working to assist all employees achieve a good work life balance. Beyond this, our Flexible Working Policy outlines the support available to employees and candidates with fluctuating health conditions or care/personal responsibilities. We will assess each call-off contract from G-Cloud 14 and make commitments that will promote equal opportunity such as: Creating employment opportunities for under-represented groups by working with inclusive recruitment partners such as Bright Network Delivering training schemes and programmes for under-represented groups

  Wellbeing

  We are signatories of the Six Standards of Mental Health and invest significantly in the mental health of our employees: Prioritising mental health We provide a comprehensive Employee Assistance Programme (EAP) to all staff including an online GP service, wellbeing toolkits and a free, anonymous 24/7 helpline where employees can get counselling and advice on a wide range of topics including family, financial and legal matters. Promoting positive mental health Our senior leadership team and Mental Health First Aiders act as positive role models, endorsing initiatives like World Mental Health Week. Open culture We drive an open culture where conversations about mental health are supported. Line Managers promote employee wellbeing through monthly 1-2-1s and workload assessment. Should an employee raise a concern over their workload, their Line Manager conducts Individual Stress Risk Assessments and encourages EAP and Stronger Minds helpline use when needed. Holding regular 1-2-1s is a metric Atos Line Managers are appraised on as part of our Performance Management system, ensuring nurturing connections between our managers and employees are embedded as a culture. Increasing organisational capability We partner with third-party specialists in wellbeing and mental health, such as Genius Within, to provide training to our employees. Providing tools and support We provide annual training on subjects such as anxiety and depression, and signpost mental health tools available on our Wellbeing Hub. Tools include links to NHS Mental Health helplines, AXA PPP Wellbeing articles and a Mental Health Toolkit with 19 tips/tools breathing exercises and sleep techniques. Increasing transparency We measure wellbeing in surveys and publish action plans to address employee feedback gathered from the survey. We will assess each call-off contract from G-Cloud 14 and make commitments that will promote equal opportunity such as funding Mental Health First Aiders for the contract delivery team.

Pricing

• Price: £137.02 a virtual machine a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: The free trial will consist of a small number (typically less than 5) of virtual machines and associated storage to enable a trial to be conducted for 30 days.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@atos.net. Tell them what format you need. It will help if you say what assistive technology you use.