Proact IT UK Limited

Infrastructure-as-a-Service (IaaS)

The Proact Hybrid Cloud (PHC) platform provides an Infrastructure as a Service including scalable compute, storage and network resources. The PHC platform is hosted within Proact’s data centre. The service includes 24x7x365 remote monitoring, support and management of the PHC platform.

Features

• Full managed compute service
• Dedicated or shared options available
• Built on enterprise storage technology
• Flexible service to scale up and down
• Available hosted or on-premise
• 24x7x365 Proact Service desk
• 24x7x365 automated monitoring of devices
• Incident management and resolution
• UK datacentres

Benefits

• Align storage costs with organisational demand
• Focus your IT team on managing applications not servers
• Avoid up-front capital costs for storage
• Deliver a 24x7 service without the cost
• Remove the risk of key staff not being available

£10.58 to £186.58 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@proact.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

747055436351527

Contact

Proact IT UK Sales
01246266300
bids@proact.co.uk

Service scope

• Service constraints: If the vendor OS license is end of support life, this will impact our ability to provide service management
• System requirements:
  • One VM is required for monitoring
  • Sufficient internet bandwidth
  • Jump box or logmein - one VM may be required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email and online ticketing support availability; ; 24 hours, 7 days a week
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: A single point of contact will quickly allocate specialised experts to resolve incidents up to 24/7, while coordinating with multiple vendors to minimize business impact. We take ownership of the issue and work with your team to secure a resolution.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All of Proact's managed cloud service contracts are started with an initiation meeting, it is as this point that the design and delivery are agreed. Formalisation training is provided as part of the project. This will take the form of either remote or onsite dependent on the customer's preference. Documentation is also provided.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Prior to contract end, the Service Delivery Manager at Proact will approach the customer to agree a contract exit strategy, this includes data extraction. In addition the customer can add change or remove their data at any time with or without Proact's technical input.
• End-of-contract process: Once the contract has reached its term, the customer can either terminate or renew their contract. In this situation, there are no additional costs to the customer to exit the agreement or to renew. However, If the contract is terminated early, or the customer wishes to make significant changes to the contract before renewing, charges may be applicable. Please refer to our T&Cs for further information.

Using the service

• Web browser interface: Yes
• Using the web interface: Service can be set up through ServiceNow as a change request. There is no limit to the number of contacts that can have access to ServiceNow, however all users must be authorised prior to access being granted.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Users can read all content online. The present version of ServiceNow does not provide diverse accessibility, however it is a priority to improve support for visually impaired operators within Call Management (hotkeys + keyboard navigation)
• Web interface accessibility testing: This will be factored into the newer iteration of ServiceNow
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Our environment is monitored 24x7x365. We work closely with our users to plan for increase demand. We always have a minimum of 20% overhead for capacity, and where appropriate we encourage our customers to do the same.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Not Applicable
• Approach to resilience: Our default methodology for all cloud services is to operate a platform with no single point of failure. This maximises the resilience of the solution up to, but not including the customer's application layer
• Outage reporting: Outages are reported to the customer via:; - Dashboard; - LogicMonitor; ; In addition to this regular reviews are scheduled between the customer and the Service Delivery Manager, where additional information can be provided surrounding any outages that may have occurred.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Proact restricts access in management interfaces and support channels through Role Based Access Control. Traffic is segregated onto dedicated VLANs, there is no routing between VLANs that is not via a firewall.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance UK Limited
• ISO/IEC 27001 accreditation date: 27/04/2022
• What the ISO/IEC 27001 doesn’t cover: Any products or services that fall outside of the managed cloud portfolio
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: IG-SOC

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Proact's high level “Information Security Policy” describes the considerations to achieve the company information security objectives and is separated in to the key Tier 2 detailed security policies:; ; - Technical Security Policy; - Physical Security Policy; - Business Continuity Policy; - Data Handling; - 3rd Party Supplier Management Policy; - Network and Infrastructure Management Policy; ; All of these policies are condensed to form the Acceptable Use Policy, which is trained to all new Proact starters during their induction and included in annual security awareness training. These policies are reviewed at least annually prior to security retraining and after changes to compliance requirements. Staff are invited to comment on this policy and suggest ways in which it might be improved by contacting the Chief Security Officer.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All change requests are logged by the customer via our web interface. They are then reviewed and categorised as Emergency (initiate within 4hrs), Normal (initiate within 8hrs) or Standard (response within 8hrs). Proact adheres to ITIL standards across:; ; - Incident management; - Problem management; - Change management; - Configuration management; - Release management; - Operations management
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Managed public IP addresses are vulnerability scanned on a weekly basis. The Proact Cloud infrastructure is also vulnerability scanned weekly. ; ; Penetration test are carried out at 6 monthly intervals.; ; There is continual monitor of vendor security notifications and bulletins. ; ; Vulnerability remediation is typically between seven days to one month and is dependent on critical nature and OS/application type.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Proact’s SOC monitors customer’s logs watching for IoC, to alert customers in accordance with predetermined processes. The Investigation Team perform in-depth analysis, looking for further evidence, or most often to eliminate false positives. Customers are included in Investigations, as an IoC could be a benign activity known by the customer; authorised change or penetration test in progress. If a compromise is suspected or confirmed then the response team will work with the customer to follow established response procedures to cover Containment, Eradication, Recovery and advice on strengthening security controls to prevent similar occurrences.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents can be reported over the phone to the support team or via the web interface. The Service Delivery Manager can also be contacted, but will be included in communications in any case. Incident reports are made available in the dashboard and as part of the regular review meeting with the Service Delivery Manager.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Proact use the following methods to keep organisations sharing the same infrastructure are kept apart:; ; - Microsegementation ; - Logical separation; - Web application firewalls

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: The data centres used for the service are certified for the ISO50001 Energy Management Standard and the ISO14001 Environmental Management Standard. Our chosen provider for data centre, Equinix has a strong focus on sustainability, for example meeting 56% of their global electricity requirements in 2016 through renewable energy purchases. ; Equinix are guided by strong renewable energy principles including:; • Equinix prefer to utilise renewable and low-carbon energy; • Equinix prefer local sources of energy; • Equinix prefer new or recently built energy sources; • Equinix seek favourable renewable energy policies when locating new data centres

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Proact’s environmental sustainability strategy is founded on a whole-of-lifecycle, circular supply chain approach. Our Carbon Reduction Plan (CRP) commits to achieving ‘Net Zero’ carbon emissions by 2050, through maintaining annual records of our Scope 1, 2 and a subset of 3 emissions. ; • We have implemented monitoring across all our services, to identify improvement initiatives for power consumption and CO2 emissions. ; • We are transitioning our managed storage platforms to solid-state systems technology to deliver substantial power and reduce emissions.; We are committed to protecting the climate, having recently installed solar roof panels at our head office, installed EV charge points, converted to LED lighting. ; We encourage our employees to be environmentally conscious through our environmental training, cycle to work and electric car schemes, providing video conferencing tools and work from home programs to avoid unnecessary travel, source only 100% renewable electric. ; Contract specific Social Value additionality is provided using the National Themes, Outcomes, and Measures (TOMs) Framework and is available on request.

  Covid-19 recovery

  Proact acknowledge that the COVID-19 pandemic has exacerbated existing economic and social challenges and created many new ones. As a responsible organisation we have continued to develop social values that provides additional benefits which can aid the recovery of local communities and economies, especially through employment, re-training and return to work opportunities, utilisation of employee volunteering days in community support opportunities, developing new ways of working and supporting the physical and mental health of those affected by the virus.; During the pandemic Proact launched a Loneliness guide Part 1 to support the impact of isolation, and the need to understanding loneliness and how to support themselves and others. ; Following the lift of lock down, home working has become a permanent fixture in peoples lives, as such we decided to launch Loneliness guide Part 2, as we felt an obligation to continue to support and protect all our employees. Part 2 includes, Relationships and Interactions, talking about feelings, our connections online and media, and how to look out for the signs of loneliness. ; Contract specific Social Value additionality is provided using the National Themes, Outcomes, and Measures (TOMs) Framework and is available on request.

  Tackling economic inequality

  Proact are committed to tackling economic inequality, including creating new opportunities, jobs, and skills, as well as increasing supply chain resilience Support innovation and disruptive technologies throughout the supply chain to deliver lower cost and/or higher quality goods and services. ; We influence staff, suppliers, and customers in support of Proact’s development of scalable and future-proofed new methods to modernise delivery and increase productivity.; Proact continue to identify skills-gap to ensure we can provide all the necessary training to individuals, in 2023 Proact expanded its Apprenticeship scheme, which has enabled 20 more employees’ access to achieving recognised technology skills. Throughout 2023 and into 2024 Proact continued recruiting women-in-tech across the business to tackle the gender inequality. ; Contract specific Social Value additionality is provided using the National Themes, Outcomes, and Measures (TOMs) Framework and is available on request.

  Equal opportunity

  Proact continues to drive equal opportunity, including reducing the disability employment gap and tackling workforce inequality, Improving health.; Support in-work progression to help people, including those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant and recognised qualifications. ; Our policy is to protect all job applicants, employees, and those within our supply chain are not discriminated against either directly or indirectly on the grounds of race, colour, ethnic or national origin, religious belief, political opinion or affiliation, sex, marital status, sexual orientation, gender reassignment, age, or disability. ; Contract specific Social Value additionality is provided using the National Themes, Outcomes, and Measures (TOMs) Framework and is available on request.

  Wellbeing

  Influencing staff is our key objective and through the delivery to provide ongoing support in wellbeing, and the physical and mental health of every member of staff. We provide regular workshops, offering relevant media and access to private professional advice via several social media channels including 24/7 telephone support lines. ; Within our Proact community support framework, we have developed a Wellbeing Hub, accessible by all staff, giving them an abundance of information including, Private healthcare, mental health first aiders, employee assistance programme that offers a confidential telephone services 24 hours a day, a Financial Wellbeing Money Centre offering an interactive budgeting course, debt related mental health counselling, and a dedicated recession-proofing health check.; Proact’s wellbeing hub continues to evolve as we listen to our employee needs, having recently introduced the Perkbox incentive that provides multiple savings on everyday purchase helping with the increased living costs, in conjunction with annual reviews and appraisals, Proact has rolled out a real living wage initiative for 2024.; Contract specific Social Value additionality is provided using the National Themes, Outcomes, and Measures (TOMs) Framework and is available on request.

Pricing

• Price: £10.58 to £186.58 a unit a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@proact.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.