S3 Ltd

Keepit - Cloud Backup & Recovery (M365, Salesforce, Google, Azure AD, Zendesk, PowerBI, MS Dynamics)

SaaS Cloud Backup Solution
Keepit provides data protection for all your key SaaS applications in one single, vendor-independent platform. We protect your crucial cloud data created in Microsoft 365, Entra ID (formerly Azure AD), Salesforce, Google Workspace, Azure DevOps, Power Platform, Dynamics 365, and Zendesk.

Features

• Backup & Recovery: Quick recovery of important SaaS data
• Disaster Recovery/Business Continuity: Instant, easy, fast, granular restore
• Governance/Compliance: Security & Privacy controls and Audit Logs
• Ransomware Protection: Data monitoring & insights
• Ransomware Protection from attacks with Immutable/Unalterable Data & Encryption
• Immutable Merkle, Blockchain technology & Encryption
• Vendor Independent Cloud Backup: 321 backup rule . 4 copies
• Cost Effectiveness: predictable costs, per user & unlimited storage/retention
• Outstanding Simplicity: simple and intuitive software with API first architecture
• 24/7 Global Support

Benefits

• Business Continuity: Instant recovery of important SaaS data. Hot Storage
• Time saving: instant, easy, fast, granular restore of files
• Governance/Compliance: Security, Retention & Privacy controls and Audit Logs
• Easy Audits: quickly locating data across applications with enhanced search
• Ransomware Protection: Data monitoring & insights highlighting outliers & anomalies
• Ransomware Protection from attacks: Immutable/Unalterable Data & Encryption
• Ransomware Protection with Immutable/Unalterable Data
• Ransomware Protection: independent, offsite, backup with 321 rule (4 copies)
• Easy to budget: predictable pricing, per user & unlimited storage/retention

£16.05 a unit a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.mason@s3-uk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

740253940686247

Contact

Tony Mason
01628 362784
tony.mason@s3-uk.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • M365: Dedicated Service User, Temporary Global Admin permissions, M365 License
  • Entra ID: Dedicated Service User, Temporary Global Admin permissions, M365License
  • Dynamics365(CE): Dedicated Service User, Temporary Global Admin permissions, M365License,
  • Dynamics365(CE): Dynamics Subscription, Dynamics System Admin permission
  • Power BI: Dedicated Service User, Temporary Global Admin permissions
  • Power BI Mircosoft Power BI license, Fabrik Admin permission
  • Power BI Mircosoft Power BI license, Fabrik Admin permission
  • Azure Devops :Organisation Owner Permission, Devops License
  • Salesforce - Salesforce Admin Permissions needed for installation
  • Zendesk - Zendesk Admin permissions needed for installation

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Different SLAs in place
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Keepit is not working to any accessibility standards at this point in time. ; Through the Keepit platform or via the Keepit Help site.
• Web chat accessibility testing: Keepit is not working to any accessibility standards at this point in time
• Onsite support: No
• Support levels: "3 Levels of Support - Level 1, Level 2, Development/Engineering Team; Support is free; ; All Customers are given a Customer Success Manager & a Cloud Support Engineer, with the possibility to involve our Solution Engineering team."
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding and Implementation session can be arranged via online meetings. Sessions take approximately 45-60 mins to have the full implementation complete - though depends on the Customer's readiness.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At end of contract, unless agreed otherwise, Customers can download all their data from the platform within 30 days of termination of contract.; All data can be exported from the platform. Customers can download as much content they like. All content is downloaded in the same format it was backed up from, for example, a PDF file existing in Microsoft Office 365 will be downloaded in the same format.
• End-of-contract process: At end of contract, unless agreed otherwise, Customers can download all their data from the platform within 30 days of termination of contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Since Keepit is meant to be accessed through the web interface any browser on any mobile device would suffice.; ; Keepit provides access through the web-UI. However, we also provide a mobile app where Android 6.0 or higher is required. For iPhone/iPad/iPod it requires iOS 12.4 or later.; ; Keepit also provides a mobile app - Keepit Admin App
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Users can access their Company's backup sets, restore singular or items in bulk with ease. Keepit provides access through the web-UI.
• Accessibility standards: None or don’t know
• Description of accessibility: Keepit is not working to any accessibility standards at this point in time.; Keepit provides access through the web-UI. However, we also provide a mobile app where Android 6.0 or higher is required. For iPhone/iPad/iPod it requires iOS 12.4 or later.
• Accessibility testing: Keepit is not working to any accessibility standards at this point in time
• API: Yes
• What users can and can't do using the API: Keepit has a public API which Customers can connect with third-party tooling.; To set up the service through API, customer can generate a token as that is required; To make changes, customers define the endpoints and content they want exported from the Keepit platfrom and manipulate the endpoint to suit their needs.; - No there are no limitations to how users can set up or make changes through the API.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: All Keepit's infrastructure is loadbalanced and will handle customer demand. There are 2 data centres in each region and should one data centre receive a higher load, Customers will be switched to the other data centre.

Analytics

• Service usage metrics: Yes
• Metrics types: All metrics are available on the platform's Dashboard and Job Monitor.; ; Keepit provides information on backup speeds, number of items, size of backups, size of snapshots, growth compared to previous snapshots, storage changes, number of item changes.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Keepit

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customer Content is recorded and stored in the same format as delivered from the chosen SaaS Workload(s), e.g., the Customers M365 account.
• Data export formats: Other
• Other data export formats: Same format it was delivered from their chosen SaaS Workload
• Data import formats: Other
• Other data import formats:
  • Keepit connects directly to Customer's workload. Captures data from tenant.
  • No data can be directly uploaded to Keepit.

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: "The Services availability goal for Keepit is to deliver 99.9% uptime over any calendar quarter. Keepit will notify any significant outage in availability known to Keepit, including scheduled maintenance, on its website at https://status.keepit.com/; ; If Keepit does not meet such an availability goal during a calendar quarter falling within the term of an Order Form, the Customer will be eligible for receiving Service Credits as defined in Terms of Service"
• Approach to resilience: Once backup data reaches the Keepit platform, it is immediately copied (mirrored) into systems in two separate data centres within the designated region. Each DC is segregated from one another with no linkage to each other. This practice provides resilience in case a facility is permanently lost (e.g., to fire or a natural disaster), provides protection against alteration or changing of data and ensures continuous availability of data in case of more benign facility problem (e.g., temporary failure of power or cooling systems). Plus, datacentre providers operate datacentres according to “Tier 3” standards meaning power, cooling and other subsystems have very significant redundancy designed in. Keepit is able to review DC providers audit results.; Keepit operates active-active from two separate physical locations allowing continued service to customers even in event of full site loss (or any single system loss). ; ; System and data centre performance is continuously compared to baseline thresholds, while Keepit's health monitoring system monitors the physical equipment (e.g. environmental, network, hardware, operating systems, and services) with 30-second granularity, alerting on a range of unwanted situations (e.g. high temperatures in Keepit's data centres, failing disks in storage systems, congested network connections that threaten to impede ingress and egress, etc.).
• Outage reporting: Keepit will notify any significant outage in availability known to Keepit, including scheduled maintenance, on its website at https://status.keepit.com/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: The Keepit Web console can be reached from anywhere in the world. However, access to the console can be restricted but IP whitelists and created user accounts can be protected by MFA or SSO. Additionally Rolebased Access controls govern the level of access and features users have access to.; The principle of least privilege is followed within Keepit where if an employee requires access to particular systems a formal procedure is in place. Please note that access to customer's data is restricted only to the customer. No employees from Keepit have access to customer data.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 08/04/2022
• What the ISO/IEC 27001 doesn’t cover: Keepit Statement of Applicability is available under NDA.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Annual independent third-party ISAE 3402 Type II audit report
  • ISAE3402TypeII audit report covers organisational procedures, security, and assets.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Keepit has a dedicated Information Security department with a SOC team which is responsible for all security related issues and processes. Currently the CTO is acting as CISO.; ; Keepit obtains on a yearly basis an independent third-party ISAE 3402 Type II audit report concerning Keepit’s organisational procedures, security, and assets; ; Keepit implements and maintains appropriate organisational and technical measures to protect the Customer Content processed under the Agreement pursuant to GDPR Articles 28(3)(c) and 32. ; ; These measures are based on industry best practices such as ISO 27001, ISO27002, NIST SP800-30, NIST SP800-39 and FEMA guidelines.; ; Information Security management system was established in Keepit based on ISO27001 requirements. All internal processes are in scope of the ISMS, according to the Statement of Applicability. Keepit undergoes annual internal and external audits that ensure Keepit continues to meet the requirements of the ISO/IEC 27001.; ; Information Security management system was documented and implemented in Keepit based on ISO27001 requirements. Internal information security policies cover all ISO27001 Annexes.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Information Security management was documented and implemented based on ISO27001. A Change Management policy is in place, reviewed by certification body during ISO27001 audit. System changes/updates are tracked on Confluence/Jira. QA/Operations teams are responsible for maintenance of changes. ; ; All changes are entered by operations management into ITSM system for execution by operations staff. Execution of standard procedures by operations staff in response to events is documented in ITSM system. For software changes Keepit employs extensive SDLC process covering everything from initial Value Proposition of a change to Solution Design, Implementation, automatic/manual explorative testing, final QA. Then deployment to production.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Keepit has a formal vulnerability management process in place. Keepit's Operations team monitors all network/server activity in shifts, 24/7. The information security team and Operations team are working on the security-related issues and communicate to affected parties. All security related patches are installed as recommended as soon as possible with the highest priority.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We use an advanced logging system to track all activity. Keepit's Operations team monitors all network/server activity 24/7. In addition, Keepit has a SOC (Secuirty Operations Center) team. The customer facing user interface provides an Audit Log interface which exposes security events relevant to the customer account in question.; ; Keepit has a formal Incident Management Policy in place. It defines criteria for incident urgency, impact classification, incident priority and recommended timeframes for incident response and resolution. All incidents assessed according to this policy and process.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management process was established based on ISO 27001 and GDPR requirements.; ; Keepit has a formal Incident Management Policy in place, plus Data Breach Policy - defining criteria for incident urgency, impact classification, incident priority, recommended timeframes for incident response and resolution. All incidents assessed according to this policy and process. An advanced logging system tracks all activity and detects potential incidents in time.; ; These determine notifications provided to Customer where data breach or other security incidents are known/suspected. Such notifications will be provided without undue delay in accordance with GDPR art. 33(2) and section 3.6. of Data Processing Agreement.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  Keepit's Datacentres adhere to the EU code of conduct for energy-efficienct datacentres. They use re-usuable energy.; ; See here for more information on their sustainability:; https://www.keepit.com/blog/sustainability/

  Equal opportunity

  Keepit are an Equal Opportunity Employer: Check out their careers page. https://www.keepit.com/careers/

Pricing

• Price: £16.05 a unit a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Yes, a 2 week trial/Proof-of-Concept is available. Contact Security Software Solutions Ltd sales@s3-uk.com
• Link to free trial: Sales@s3-uk.com

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.mason@s3-uk.com. Tell them what format you need. It will help if you say what assistive technology you use.