IT SYSTEMS & SUPPORT LIMITED

Platform As A Service

IT Systems Cloud Services provides a single platform to connect your network to the cloud and when used with our Multi-Site Platform, enables seamless connection to all sites across a school campus or Academy Trust. All equipment, hardware, infrastructure and software requirements are provided to run the service.

Features

• A single pane of glass for access to systems
• Includes secure remote access as standard
• Integrates into key education applications (MIS etc)
• Integrates into market leading cloud communication systems

Benefits

• No financial capital outlay for the client
• Service is naturally updated as wireless standards progress
• Includes all required hardware, infrastructure and software
• Formalised response and break/fix timescales
• Continually updated, patched and upgraded.

£24.00 to £24.00 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tcoad@itsystems.uk.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

763723969629060

Contact

Tristen Coad
0343 8868660
tcoad@itsystems.uk.net

Service scope

• Service constraints: Service is dependent on establishments broadband solution
• System requirements: A broadband connection of a minimum of 100mbps

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Mon-Fri 08:30 - 16:30
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Response to Platform service issue (proactive alarm / customer) = 45 minutes
• Support available to third parties: No

Onboarding and offboarding

• Getting started: IT Systems provision out Platform as a Service by commissioning a private/hybrid cloud environment for the school with all data, systems and services held off site. On site we provision a small footprint server to undertake local DHCP, print and DNS services. IT Systems install a core layer three switch environment into the school utilising VLAN's for separating services such as management, VOIP, wireless etc. All edge nodes come back to the core switch stack via a minimum of a 4GB trunked connection (ideally 10GB under DFE requirements). IT Systems deploys its distributed Wireless as a Service provision giving the school high bandwidth wireless connectivity throughout their site to the latest standards. IT Systems deploys its Remote Desktop as a Service as part of the Platform solution giving staff full access to a desktop environment remotely to securely work without the need for downloading data or encrypted drives. Full on-site training is undertaken via group sessions for staff to gain knowledge and understanding of the system and how its on-premise and offsite elements operate.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data is extracted by IT Systems and presented in the format customer requires it
• End-of-contract process: Any on-premise hardware supplied under contract is removed System is held in hiatus whilst all data is extracted Data is handed to customer in format requested System is then held in offline storage for 30 days grace System is then wiped

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: The platform service is upscaled and forward-filled to always leave additional capacity on the service and is monitored via system metrics as provided centrally and to the establishment directly. The system is load balanced.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: Via formal communication (email / telephone)

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • Disk
  • HTTP request and response status
  • Network
  • Number of active instances
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Encapsulates all data held in on-premise servers
  • Encapsulates all data held in cloud platform service
  • On premise server and cloud platform system state
  • Any logical networking
  • Microsoft 365 email, calendar, contacts, sharepoint
• Backup controls: Undertaken by IT Systems.
• Datacentre setup: Single datacentre with multiple copies
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.8% uptime subject to planned maintenance
• Approach to resilience: The platform as a service has internal provisioned resilience in terms of: - load balancing - data spread across multiple physical disks - intelligent routing and logical networking
• Outage reporting: Outages are reported to customers within five working days explaining the outage circumstances and mitigation

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Tenants are able to access the management interfaces of their defined tenancy only due to each tenant being on their own logically separate system. IT Systems platform team have sole use of the platform management interfaces.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Dedicated device over multiple services or networks

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institute
• ISO/IEC 27001 accreditation date: 24/08/2018
• What the ISO/IEC 27001 doesn’t cover: Customer facing systems
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: IT Systems operates an InfoSec Management Team responsible for the delivery, dissemination and rollout of Information Security policies and procedures within IT Systems. Staff have full access to all relevant policies and procedures with regular training including "toolbox talks" as well as "chalk and talk" sessions. All aspects involving Information Security are reported to the InfoSec Management Team. The team regularly meets to review the Information Security calendar for IT Systems in terms of audits, reviews, training, non-conformances and corrective actions.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change management is initiated by a change request form from either a client or the internal team. This is logged onto our support desk and processed as a support ticket and implemented upon the client’s confirmation. Internal change requests are logged and raised in the company weekly service meeting. A formal risk assessment is undertaken to assess the need for the change in relation to any potential risks associated with making the change. If authorised, the change is factored into a planned maintenance schedule with all stakeholders informed. Changes are made, monitored, reviewed, rolled-back as required and then closed off.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Patching and updating of the system is undertaken in a cyclical monthly manner. Vendor releases are logged, assessed, tested and then implemented as necessary. Should an update require roll-back, this is undertaken as soon as any issues are found. Critical vendor patch release such as zero-day exploit fixes, are undertaken as unplanned maintenance windows overnight or as soon as vendors release updates to resolve.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: IT Systems utilises PRTG monitoring solution to monitor the platform service status. The infrastructure solution communicates via notification to key personnel should an issue arise.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: IT Systems defines incidents under its non-conformance umbrella. An incident log is created with a non-conformance number issued and raised onto our support desk. The incident is investigated by senior staff to undertake the nature of the incident, initial disposition to undertake immediate corrective action, define timescales and person(s) responsible. Root cause analysis is undertaken to move forward with implementing corrective and/or preventative measures which are reviewed and monitored over a defined timescale. Once this monitoring is signed off the incident is closed. All users affected by said incident are informed in writing and are involved with the incident process.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: We use the following mechanisms:; - Separate data store per customer; - Separate logical networking per customer ; - Separate logical firewall per customer ; - Separate IP strategy per customer ; - Firewall rules stopping customers seeing each other

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

  Covid-19 recovery

  IT Systems employees are its most valuable assets. They are the face of our company and instill our ethos, beliefs and practices. Our staff literally are what make IT Systems the company it is both now and in the future. In line with this our company ethos is that a person’s health and wellbeing must always come before the needs of the company. Should staff require time for mental health, physical health and/or medical needs this is given without hesitation, question or with any penalisation. We are all human. At these times where we could be potentially at our most vulnerable we should be supportive, empathetic and above all kind to what is going on with others. IT Systems staff are not penalised in any manner; be it financially or leave-based, to recover from mental health, physical health and/or medical needs and are supported throughout.

  Tackling economic inequality

  IT Systems believes in creating employment opportunities for all regardless of socio-economic background and academic qualifications. We do not factor in someone’s socio-economic background when undertaking employment but are more interested in the type of person they are. Coupled with this IT Systems offers a robust and well-rounded apprenticeship programme tailored to the individual to empower them to raise their skill set and knowledge in an ever changing and progressive industry. IT Systems proactively encourages all its employees to enhance and grow their skill set. To do this, we as a company do not believe learning should be stymied by factors such as cost or, if required, travel. Any and all barriers are removed from professional development as a matter of course to enable our staff to be the very best they can be. Further afield from our own staff, IT Systems feels duty bound to actively progress members of our own supply chains to raise standards for all. We believe in home-grown talent and excellence. As such, IT Systems actively promotes using companies in our supply chain that are local and/or reside in our region. In doing this we are not only raising the profile of our local and regional environment but also providing quality employment to people in our area. As an ISO 27001:2013 company with UK-GDPR Practitioners we provide complimentary data security and GDPR training to all members of our supply chain. In the first hand this enables us to ensure our supply chain meet our needs in terms of data protection and information security. In doing this however, companies in our supply chain are enhanced and can expand their opportunities in confirming their awareness, alignment and working to national and internationally recognised standards.

  Equal opportunity

  IT Systems prides itself in its commitment to equality and diversity in the workplace. As a company, we view competency and capability above gender-based, sexuality-based and disability-based stereotypes. In a widely male-dominated industry, IT Systems is proactive in raising the profile amongst women (including all who identify as women) of opportunities to enter the IT sector. At IT Systems we do not believe opportunities for development and progression should be dictated by ones background. Our employment process disregards people’s socio-economic background as a factor for employment and focuses on the quality person themselves. Our apprentice programme gives individuals from all socio-economic backgrounds the opportunity to gain industry recognised qualifications and experience work life in the IT sector. IT Systems is encouraged that equality is instilled in the company as: • 30% of IT Systems staff do not identify as male • Over 20% of IT Systems are members of the LGBTQ+ community • IT Systems workplaces are recognised as being DDA compliant • IT Systems staff come from a variety of socio-economic backgrounds • Over 40% of IT Systems staff have either undertaken or are currently undertaking an apprenticeship route to qualification.

Pricing

• Price: £24.00 to £24.00 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tcoad@itsystems.uk.net. Tell them what format you need. It will help if you say what assistive technology you use.