Redcentric Solutions Limited

Redcentric Cloud

Redcentric Cloud is a cloud solution designed to provide a versatile and cost effective option for Public Sector customers. Delivering virtualised server, storage and network infrastructure using an Opex based consumption model. The platforms are managed by Redcentric - covering performance, capacity, patching, installation, upgrades – for data marked "official"

Features

• Fully managed cloud platform providing granular selection of resources.
• Managed by SC and Non-Police Personnel Vetted Redcentric personnel
• Patching carried out by Redcentric personnel aligned to PSN standards
• Single site availability via N+1 protection and hypervisor automation
• Performance tiering, via multiple Virtual Machine configurations
• Snapshots to provide instantaneous backups and restores
• High Availability delivered via local redundancy and remote disaster recovery
• Cloud Service Management to optimise usage and achieve cost benefits

Benefits

• Reduced TCO through improved utilisation when compared to on-premise deployments
• Reduced CAPEX through move to Opex based cloud infrastructure.
• Reduced support costs through offloading infrastructure administration activities to Redcentric
• Reduced cyber threat exposure using NCSC Cloud Security Principles
• Reduced cost and timescales for design, build, and migration activities.
• Provides customer access to advanced technical capability and vendor expertise.
• Reduced investment in commodity technology, enabling investment for innovation.
• Futureproof platform that will evolve to reflect changing customer requirements
• Provides confidence through consuming a VMware approved Sovereign Cloud platform

£0.10 a gigabyte

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@redcentricplc.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

699090942615951

Contact

Steph Heseltine
+441423850000
tenders@redcentricplc.com

Service scope

• Service constraints: The Cloud platform is a fully managed estate with all hardware supplied and supported by Redcentric. Whilst N+1 resilience provide high availability, Redcentric reserve the right to schedule changes that might cause some service disruption, typically but not exclusively when patching customer virtual machines. ; ; Customers are required to meet licensing requirements set by the software providers and must supply evidence of usage rights for all software licences not supplied by Redcentric.
• System requirements:
  • Software license reporting agent must be installed/updated when required.
  • VMware tools must be installed/updated when required.
  • Customer must provide software licenses except where provided by Redcentric.
  • Customer provided anti-virus protection must be installed and maintained
  • Redcentric Managed VMs must use anti-virus protection provided by Redcentric

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times vary according to the priority of the support request, with a minimum response time of 15 minute for a critical system incident up to 8 hours for low priority requests. There is no difference between weekdays and weekends. Further details can be found in the Serviced Definition Document.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: Redcentric provide inclusive incident and regular maintenance support for managed elements of the service at no additional charge. This includes Level 1, Level 2, and Level 3 support with access to OEM support when required. ; ; Incident response times are aligned to the severity and impact of the incident with Priority 1 (System down) services benefitting from a 15 minute response time with updates at least every hour. ; ; Additional support options such as a TAM, Architect can be subscribed to and are defined in our SFIA rate card. A Service Manager is an additional option, this role provides extra collaborative support and bespoke reporting as customer requirements demand.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Redcentric will work with customer representatives to gather and document the requirements to be delivered. Once agreed, Redcentric will deploy per those requirements and handover to the customer including credentials. ; ; Customer on-boarding includes a set of documentation on how to access the services, with assistance from Redcentric Service Management personnel where required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Customers can supply a suitable storage device for data to be copied too and then relocated to the destination. Customers are responsible for transportation including any specific custody requirements. ; ; Customers are also permitted to extract data over the network at no charge within the constraints of the network bandwidth subscribed to and network provider capacity. ; ; Where extraction requires complex deliverables, Redcentric will work with the customer to scope the project and produce a proposal to complete the deliverables with the agreed scope. Project costs will be derived from our SFIA rate card. ; ; Data is encrypted at rest; secure wipe is unnecessary but customers are permitted to do so.
• End-of-contract process: Users retain full control of their data throughout the contract period. At the contract end period they will have the option to either delete the data, extract to a compatible storage target or transfer over a suitably secured network connection. ; ; Where extraction requires complex deliverables, Redcentric will work with the customer to scope the project and produce a proposal to complete the deliverables with the agreed scope. Project costs will be derived from our SFIA rate card. ; ; Data is encrypted at rest so secure wipe is unnecessary but customers are permitted to do so.

Using the service

• Web browser interface: Yes
• Using the web interface: Users are able to raise service requests and incident tickets via Redcentric’s ticketing system. ; ; Customers can create, stop, start, and restart virtual machines using the Redcentric portal – where Redcentric provides a managed service customers are limited to view access.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Web interfaces are provided by third parties and updated with Redcentric branding. All accessibility features are as defined by the original supplier.
• Web interface accessibility testing: Web testing is carried out by the original supplier of the ITSM system. Redcentric do not amend any web constructs beyond those provided by the supplier.
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Redcentric manage performance and capacity through a number of technical and operational processes; the Cloud technology can non-disruptively move workloads between different physical machines with the cloud estate to optimise performance, if a “noisy-neighbour” scenario appears on a particular host the Dynamic Resource Scheduler (DRS) feature will move either the “noisy-neighbour” or other virtual machines to other physical machines. Redcentric continually monitor capacity and performance to ensure capacity exists to facilitate the DRS benefits.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: Service Review Meetings

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics: Performance & capacity metrics
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Optional Managed OS service includes backup of the Operating System
  • Customers schedule snapshots in self-managed environments via the cloud console
  • Customers initiate manual snapshots in self-managed environments via the console
  • Customers are permitted to deploy their own backup solution
  • Cloud storage, compute and infrastructure consumed by backups is chargeable
  • Alternatively, Redcentric Managed Backup Services can also be subscribed to
• Backup controls: Customers are free to define the schedule and retention within limitations of the data protection systems. Typically customers will chose to protect business critical data sources through multiple recovery points a day for 1 week, with older retained copies being less frequent, whilst static data sources may be backed up once or day or perhaps once a week. ; ; Schedules can be selected on a per Virtual Machine basis This enables the cost of protecting a VM and it’s data to align with it’s value.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: All virtual machines operate with high availability built in at a single site to provide 99.95% availability for production virtual machines and 99.5% for development and testing virtual machines. ; ; For High Availability all data is replicated to the second site with automated failover to support a 99.99% SLA. ; ; Service credits are issued per Virtual Machine. The principle is that credits are provided relative to performance against the SLA, so elongated unavailability will result in a larger credit. Further details are available in the Service Definition.
• Approach to resilience: Service is provided from 3 datacentres which are at least 40 miles apart with N+1 redundancy throughout. Datacentres are backed up by UPS and are on priority list for emergency fuel delivery in the event of extended power outages. ; ; Further information is confidential and available on request
• Outage reporting: Outage reporting is by email alerts.

Identity and authentication

• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Redcentric utilises a centralised RBAC (Role Based Access Control) access control system based on the concepts of Least Privilege and Segregation of Duty to manage Redcentric system administrator and Data Centre Operations access to customer data and solutions. This access control system is subject to regular audit under our ISO 27001 accreditation and ISMS. All Redcentric logical access to the customer hosted data must traverse our management environment, which provides segregation and logging controls. Management activity logs are retained in a secure (read only) manner for at least one year and are sufficient to provide individual accountability.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through:
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 30/08/2023
• What the ISO/IEC 27001 doesn’t cover: Hosting in external 3rd parties needs to be brought into scope on a per basis. This is a chargeable extra.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Gemserv Ltd
• PCI DSS accreditation date: 05/09/2023
• What the PCI DSS doesn’t cover: Requirement 1, 2, 3, 4, 5, 6, 7, 8, 10, 11. Appendix A1, A2
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Authorised to process HM Government data marked 'Official-Sensitive'
  • HSCN CN-SP Network provider
  • Certified ISO9001: 2015 - Quality Management Standard
  • Certified ISO22301: 2012 - Business Continuity Standard
  • Authorised to process and store Person Identifiable Data (PID)
  • Certified ISO14001: 2014 - Environmental Management Standard
  • Certified ISO20000-1: 2011 - IT Service Management Standard
  • PSN accredited for the provision of Infrastructure as a Service
  • Information Governance Statement of Compliance (IGSoC)
  • Data Security and Protection Toolkit Compliant

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: As a managed service provider that the delivers services into different vertical sectors (central government, NHS, legal, finance, manufacturing and so on), we take several measures to secure these assets. This requires work to implement, manage and be audited against a number of recognised security standards and frameworks. This benefits all our customers and also provides a recognised and repeatable methodology for delivering services to a higher security level, where required, for specific customer environments. Redcentric’s policy is to deploy individual customers using physical and logical segmentation appropriate to the client’s operational requirements. Segmentation techniques and technologies including MPLS IP-VPN security, firewalls and VLAN technology are used to ensure a high level of security. Testing is typically done at a service provider level so as to not impact specific customer deployments. It is the responsibility of Redcentric to provide an assured managed service infrastructure to deploy client services over. Whilst some aspects of security can be abdicated to the client’s service provider Redcentric recommend that customers perform their own assurance testing within the context of their business setting and context. Redcentric will always co-operate with customers around any testing activities and subsequent outcomes.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Redcentric maintains an ISO 27001 audited configuration and change management process for customer hosting infrastructure. Initial customer hosting deployments are initially configured by a combination of automated provisioning tools and expert system administrators. Newly deployed infrastructure is subject to a peer review prior to being put live. Customer change management is performed according to Redcentric internal ticketing processes and workflows, providing customers with the ability to request and plan changes by Redcentric system administrators, authorisation mechanisms and visibility of work performed on their hosting environment.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Redcentric proactively manages vulnerabilities within the corporate infrastructure and all infrastructure connected to or participating within 3rd party external networks such as the healthcare network, the public internet and other corporate or partner networks or customer hosting domains. Redcentric conducts quarterly or as required automated in-depth vulnerability scans of critical internal infrastructure including administrative and orchestration systems, underlying customer host servers, backup infrastructure, edge and intermediate firewalls and load balancers using Nessus. These scans are automatically parsed by our internal configuration and change management system and items requiring investigation escalated directly to DevOps.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Redcentric can provides a range of protective monitoring services including vulnerability management and auditing and assessment services (such as SIEM). Redcentric will work with the customer to put in place an approach to Proactive Monitoring which meets the requirements of the customer.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Redcentric maintains a formal incident management process for internal and customer-impacting incidents that includes triage, containment and remediation and root cause analysis. Roles are defined to provide responsibility for overall command, communications and technical authority. Workflows and related information are managed by our centralised internal ticketing system. Redcentric will inform customers of any security incident that directly impacts on their hosting solution in a timely manner once detected. Redcentric defines a customer impacting security incident as a security-related problem which may have actively impacted on the confidentiality, integrity or availability of more than one customer.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Customers are allocated one or more VDCs to run their application. VMware datastores are dedicated to a single VDC and provided from discreet Storage Virtual Machines per VDC. ; ; Inter-VDC traffic is only configured where explicitly required. Intra VDC traffic is limited by VLAN routing. ; ; Redcentric Management access is on separate VLANs. Access to other VDCs is included within the scope of Annual IT Healthchecks by CREST registered 3rd parties.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: We have a number of existing facilities which were built before 2011 in use today which have been reviewed and modified to increase their ‘Energy Saving Levels’. No new facilities have been built since this time. When new IT equipment or software is sourced and deployed, we review how we can increase our ‘Energy Saving Levels’ and factor this into designs. As well as being an operator of services from our facilities we also provide co-location and private cloud hosting. Under the EU code of conduct we endeavour whenever upgrading our facilities to review increasing our ‘Energy Saving Levels’. Where a customer is procuring their own IT equipment, we offer advice and guidance. In adhering with the EU Code of Conduct for Energy Efficient Datacentres we are committed to; • The fulfilment of relevant compliance obligations • Continually working towards improving the environmental management system to enhance environmental performance • Protection of the environment, including the prevention of pollution and sustainable use of resources • Working towards incorporating environmental factors into business decisions as standards.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Redcentric stands committed in the fight against climate change and dedicated to supporting the UK Government goal of achieving Net Zero emissions by 2050. This commitment is reflected in a meticulously crafted Environmental, Social, and Governance (ESG) strategy, aligned with the United Nations sustainable development goals, and upheld by ISO 14001:2015 certification for three consecutive years, showcasing the company's dedication to environmental stewardship. ; ; As a prominent entity listed on the AIM, Redcentric prioritise transparency and accountability, diligently adhering to regulations. Mandatory publication of carbon emissions in annual reports underscores the unwavering commitment to environmental responsibility and corporate transparency. ; ; Redcentric's dedication to sustainability extends beyond compliance, it’s ingrained in every aspect of operations. Notably, investments totalling £5million in the data centre estate focus on enhancing efficiency, evidenced by Power Usage Effectiveness (PU) reduction from 2 to an impressive 1.6. ; ; The company ensures 100% of power requirements are from sustainable sources, alongside proactive measures like converting backup diesel generators to environmentally friendly alternatives and replacing diesel vans with electric counterparts. ; ; Participation in Manage your UK Emissions Trading Scheme Reporting Service (METS) through GOV.UK and holding a greenhouse gas emissions permit underscore Redcentric's commitment to reducing its carbon footprint. Additionally, the provision of customer monthly reports detailing energy consumption metrics and procurement of all electricity from 100% carbon-neutral sources exemplify the company's dedication to transparency and sustainable practices. ; ; The Redcentric board acknowledges the evolving landscape of ESG considerations, driving greater accountability and transparency across operations. Regular updates to the website keep stakeholders informed about key corporate policies and sustainability initiatives. ; ; Redcentric's commitment to sustainability isn’t just a declaration but a deeply ingrained aspect of corporate ethos. From stringent adherence to regulatory requirements, to proactive investments in renewable energy, comprehensive reporting mechanisms, every action underscores our unwavering dedication to environmental responsibility and corporate transparency.

  Tackling economic inequality

  Redcentric actively addresses economic inequality through diverse initiatives aimed at empowering communities and fostering long-term sustainability: ; ; Community Engagement Programs & Digitally Driven Fundraising Campaigns: ; ; Utilises technology and resources to support local charities, raising over £50,000 for the Children’s Heart Surgery Fund through outreach campaigns. ; ; The Breck Foundation: Provides online safety training for pupils, parents, and teachers, promoting safety in the online world. ; ; Employment and Training Opportunities: Prioritise job creation and training programs for local residents, offering apprenticeships to rugby league players, wheelchair rugby players, and young athletes, fostering economic development and empowerment. ; ; Charitable Partnerships & Business Fundraising Programme: ; ; Raises funds for charities through sponsored events, like a Yorkshire 3 Peaks walk, involving over 30 employees and raising more than £12,000. ; ; Business Fundraising Enablement Programme: Supports charities in engaging target businesses for funding through calling data and tailored emails. ; ; Digital Transformation Programme: Facilitates digital transformation within charities, enhancing patient and family support. ; ; Transparency and Accountability: Committed to transparency by providing regular reports on the social impact of projects, ensuring stakeholders understand the positive outcomes generated through collaboration. ; ; Upskilling Workforce and Supporting Lower Paid Workers: Offers apprenticeship programs with planned career pathways into senior positions, promoting skill development and progression. ; ; Promotes training and development for all colleagues through a learning management system, investing in role-specific certifications and development programs. ; ; Implements a hybrid working model to support lower-paid workers with reduced travel costs and offers above the apprentice minimum wage, recognising the value apprenticeships bring to the company. ; ; Through these initiatives, we are dedicated to addressing economic inequality and creating a more equitable society. Redcentric believe that by providing individuals with access to opportunities for growth and advancement, we can contribute to reducing economic disparities and promoting social mobility.

  Equal opportunity

  Redcentric actively fosters an environment where individuals are valued and treated fairly, irrespective of their background, and opposes any form of discrimination prohibited by law. ; ; A key indicator of this commitment is evident in Redcentric's gender pay report, where efforts to address disparities in earnings between men and women are transparently acknowledged. By identifying imbalances in the workforce and actively working to rectify them, Redcentric demonstrates a proactive approach to promoting gender equality within the organisation. ; ; Redcentric's Diversity and Inclusion Forum serves as a platform for ongoing dialogue and action. By establishing working groups focused on specific aspects of diversity, such as gender equality and remote working, employees are empowered to drive positive change and contribute to a more inclusive workplace culture. The planned LGBTQ+ working group further exemplifies Redcentric's commitment to embracing diversity in all its forms. ; ; In terms of recruitment and talent development, Redcentric implements diverse hiring practices and apprenticeship schemes aimed at supporting individuals from various backgrounds. By partnering with outreach organisations and providing apprentices with clear career pathways, Redcentric ensures that opportunities for growth and advancement are accessible to all employees, regardless of their starting point. ; ; Redcentric's inclusive leadership and flexible work policies underscores its dedication to accommodating diverse needs and promoting work-life balance. By offering leadership training that prioritises inclusion and implementing policies such as flexible working hours and enhanced maternity packages, Redcentric creates an environment where employees can thrive professionally while maintaining personal well-being. ; ; In conclusion, Redcentric's comprehensive approach to equal opportunity extends beyond mere policies to encompass tangible actions aimed at fostering diversity, inclusion, and professional development for all employees. By prioritising these values, Redcentric not only enriches its workforce but also sets a standard for ethical and equitable business practices in the industry.

  Wellbeing

  At Redcentric, prioritising the well-being of our colleagues is paramount, and we've implemented various initiatives to support their mental and physical health. Our commitment to enhancing health and well-being extends to our contract workforce as well. Here's how we're making a difference: ; ; Hybrid Working Model: Providing flexibility to achieve a better work-life balance for our colleagues, fostering a supportive environment and preventing isolation through social networking within the company, including organized social and corporate events. Over 40% of Redcentric’s employees either work from home or on a hybrid model. ; ; MetLife Well-being Hub: Accessible to all employees, offering a comprehensive range of well-being support services, such as confidential 24/7 telephone support, structured counselling sessions, cognitive-behavioural therapy, legal advice, financial management guidance, and health risk assessments. ; ; Well-being Channel: A valuable resource offering mental and physical health support, including webinars and mental health resources for adults and children. ; ; Corporate Social Responsibility Events: Organizing events throughout the year to promote well-being across the organization, utilizing a structured well-being calendar highlighting key awareness weeks like men’s health week and stress awareness week. Additionally, training over 20 mental health first aiders across the business to provide continuous support and engagement. ; ; Leadership Commitment: Our Board sets an example by promoting a healthy corporate culture and embedding ethical values in our business operations. Through these initiatives, we aim to foster a culture where the well-being of our colleagues is prioritised, ensuring a resilient and empowered workforce poised for success.

Pricing

• Price: £0.10 a gigabyte
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@redcentricplc.com. Tell them what format you need. It will help if you say what assistive technology you use.