RLI Application & Website Hosting
BMT provide secure hosting of classified UK MOD systems via the Restricted LAN Interconnect (RLI). We provide first and third line helpdesk support and off/on-site training packages. Our service includes hosting support, high system availability and daily backups of all data and documentation stored within websites and back-end databases.
Features
- Secure RLI hosting
- Classified data storage and hosting
- First and third line software service desk support
- Email, phone and on-site helpdesk support
- Incident and Problem management and resolution
- Provision of off-site and on-site training courses
- Service Level Agreements
- System administration
- Backup & Recovery, including secure off-site back storage
- ISO27001 accredited security
Benefits
- Robust and secure hosting/support infrastructure underpinned by ITIL principles
- Excellent 24/7/365 hosting uptime statistics
- Proven, scalable hosting service which accommodates large-scale data/user expansions
- Responsive and friendly helpdesk/support staff putting users at ease
- Rapid response to support requests with quick resolution times
- Proven support experience with high levels of user satisfaction
- Customised training courses to meet needs of specific user groups
- Confidence in hosting service regularly audited under ISO9001/27001 certification
- Service Level Agreements to meet user needs
- Pay for what you use pricing model
Pricing
£845 to £2,360 a unit a day
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
7 6 9 1 8 2 1 7 3 8 3 0 7 7 5
Contact
BMT LIMITED
Edyta Redfern
Telephone: 07717705919
Email: Bidding.UK-Europe@uk.bmt.org
Service scope
- Service constraints
- Service Desk support available within office hours Mon-Fri 08:00-17:30 (not including English Bank Holidays)
- System requirements
- No specific system requirements
User support
- Email or online ticketing support
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
BMT provide different Service Level Agreement options, dependent on the criticality of the hosted system and the customer needs. All of our hosting options are backed up by a Service Team which is comprised of a number of experienced first line support technicians and second/third line software analysts, developers and test analysts.
Our helpdesk support service is available between 08:00 – 17:00 (UK hours) Monday to Friday excluding Public Holidays. Users can call our helpdesk directly (on a Bath, UK fixed line) or email the helpdesk with any issues.
Our support levels include different Service Level Agreement (SLA) options. Our SLAs have defined Severity Categories with associated reporting procedures and response/resolution timescales against all support requests.
The support options we provide include training packages comprising on-site classroom training sessions, administrable on-line training/guidance tools and web-enabled, interactive, training systems. Please refer to the Pricing Document for costs. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
In addition to our standard support package, we are also able to provide training packages comprising on-site classroom training sessions, administrable on-line training/guidance tools and web-enabled, interactive, SCORM-compliant training systems.
We can also provide technical guidance and on-site visits to help capture and understand your requirements and map your requirements to a suitable hosting service. - Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- Other
- Other documentation formats
- Microsoft Word
- End-of-contract data extraction
-
At the end of the contract, BMT provide the customer with a copy of all software files and databases for potential migration to a new hosting service. Where applicable, BMT also provide the relevant supporting documentation including:
- Technical specifications;
- Help/User Guides;
- Functional documentation;
- Technical proposals;
- Data models;
- Architectural diagrams;
- System Deployment Guides;
- Technology stack/licensing requirements. - End-of-contract process
-
Included with the contract price are initial discussions with the customer to define end of contract services and any data off-boarding activities that may be required. These may include liaison with the new hosting provider if required.
Once the requirements have been defined a proposal, including any additional costs to cover all solution off-boarding activities will be made and will be dependent on the scope and scale of the services required.
Additional services could include, but not be limited to, liaison with the new hosting provider throughout the off-boarding process, data extraction services and system architecture and technical briefings to ensure the new supplier is ready upon switchover to the new hosting service.
Using the service
- Web browser interface
- No
- API
- No
- Command line interface
- No
Scaling
- Scaling available
- No
- Independence of resources
- BMT's hosting environment allows for individual services to have resources throttled and / or dedicated per service. This includes storage capacity, processing capacity and bandwidth.
- Usage notifications
- No
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- Memory
- Network
- Other
- Other metrics
-
- System Performance Metrics
- Uptime statistics
- Helpdesk Logs
- Incident Logs, including resolution times
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Other
- Other data at rest protection approach
- All data resides on systems that are accredited by Defence Assurance Information Security (DAIS) to hold information up to Official-Sensitive. BMT holds ISO27001:2013 certification. The ICT systems comply with the Defence Cyber Protection Partnership (DCCP) Medium level risk profile including Cyber Essentials Plus certification.
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Hardware containing data is completely destroyed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Virtual Machines
- Logs
- Application Files
- Databases
- Uploaded Document Files
- Backup controls
- BMT control the backup service. The web hosting servers are backed-up at 12pm and 7pm daily and the Microsoft SQL Server databases are backed up at 7pm daily. These backup files are transported via an encrypted fibre link to a separate BMT office, so there is no risk in physical transportation of MOD files. We provide the customer with a Backup & Recovery Schedule to demonstrate the process that is in place, including mitigation against loss of data and maintenance of data integrity.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users contact the support team to schedule backups
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- Other
- Other protection between networks
- A Firewall is used. The majority of ports are closed except those specifically used for NET use and SSH when required. Only authorised support staff are granted access to the servers, applications or associated data. All information stored within the systems is handled and managed in accordance with GDPR.
- Data protection within supplier network
-
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection within supplier network
- All data resides on systems that are accredited by Defence Assurance Information Security (DAIS) to hold information up to Official-Sensitive. BMT holds ISO27001:2013 certification. The ICT systems comply with the Defence Cyber Protection Partnership (DCCP) Medium level risk profile including Cyber Essentials Plus certification.
Availability and resilience
- Guaranteed availability
-
Under our ISO 27001:2013 accreditation, BMT has implemented a number of controls to ensure that we mitigate any risks associated with the integrity, confidentiality and availability of our systems. We typically provide a contractual agreement to a minimum of 99.5% uptime.
BMT agrees a Service Level Agreement (SLA) with each buyer for our cloud hosting service. In addition to uptime levels, our SLAs have defined reporting procedures, incident categories and priorities (determined by impact and urgency) that drive response/resolution timescales against all support requests. - Approach to resilience
- A warm standby site is maintained. Further details available on request.
- Outage reporting
- Services are provided through virtualised infrastructure which is monitored through the VMWare service provision. Alerts are raised to the internal service desk and escalated through the integrated support and infrastructure team on premises.
Identity and authentication
- User authentication
-
- Limited access network (for example PSN)
- Username or password
- Access restrictions in management interfaces and support channels
-
Under our ISO 27001:2013 accreditation, BMT has implemented a number of controls to ensure that we mitigate any risks associated with the integrity, confidentiality and availability of our systems.
We develop our services with secure programming principles in mind to ensure that the risk of any malicious activity is mitigated. The data architecture and security model within the websites/applications themselves provide the necessary confidentiality of information as authenticated users can only access areas that they have been granted access to and users without a valid username and password cannot access the application or data at all. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Limited access network (for example PSN)
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
- Dedicated device over multiple services or networks
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Lloyds Register
- ISO/IEC 27001 accreditation date
- 11/01/2023
- What the ISO/IEC 27001 doesn’t cover
- All services are covered by ISO27001:2013
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- Accredited by Defence Assurance Information Security to hold Official-Sensitive information
- Comply with the Defence Cyber Protection Partnership Medium level risk
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
The BMT Hosting Support Team is constructed from a number of members of staff from the Information Systems Department within BMT. It is the company’s policy to put every member of staff through the security clearance process and, as such, every staff member working on any hosting-related task has SC level clearance.
Under our ISO 27001:2013 accreditation, BMT has implemented a number of controls to ensure that we mitigate any risks associated with the integrity, confidentiality and availability of our systems.
Our hosting and data centres are protected through anti-virus, software patching, EAL4 firewalls and regular testing by our IT Department. This is demonstrated as a number of our systems are subjected to almost weekly penetration tests which confirm the appropriate controls we have in place.
BMT’s IT Department has a thorough patching policy that is subject to external audits every 6 months as part of our ISO 27001:2013 accreditation. The accredited controls that are in place protect against malicious attacks, viruses, Trojan horses, Denial of Service (DOS) attacks, SQL injections and a range of other threats.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Our Change Management process is initiated from a number sources which include ICT Strategy, Capacity Management, Incident/Problem Management (which include security incidents) and Service Requests. All Change Requests (RFCs) are recorded in our Service Desk system. Changes are assessed (including security impact assessment) and either approved/scheduled for planning or are rejected. Minor, Major and Significant changes must be approved by the BMT ICT Change Assessment Board (CAB). Changes are implemented as a series of tasks which are recorded and actioned within the BMT Service Desk. Changes are reviewed and closed during weekly management review s and quarterly strategic reviews.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
BMT has staff who are members of CISP. Additionally, the SIEM solution used within the infrastructure (Alienvault) provides real-time threat updates and analysis of internal traffic for signatures.
BMT regularly upgrade Operating System and installed software and the Firewall to ensure that the latest security patches are applied so that both the server and website/application are secure. All updates are fully regression tested accordingly with our system testing processes, which will include full impact analysis.
Further information is available on request. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- The SIEM solution used within the infrastructure (Alienvault) provides real-time threat updates and analysis internal traffic for signatures. Incidents are managed by the integrated service team and escalated to third –parties (including HMG) if outside of internal skill profile.
- Incident management type
- Supplier-defined controls
- Incident management approach
-
Incidents are raised by email, phone or personal contact (site visit). The impact and urgency are selected using the appropriate matrix as a guide. Priority is automatically assigned and SLA targets set.
Initial analysis of an incident identifies the timescales for resolution and the requester is notified.
The incident passed to the appropriate management process, if required.
Once the incident has been resolved, the Requester is notified and prompted to mark the incident as closed or respond to reinstate the incident.
A user or analyst can reinstate a resolved incident if necessary.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- VMware
- How shared infrastructure is kept separate
- All applications and services are provided through segmented virtualised servers. Each application can be self-contained with its own virtual server.
Energy efficiency
- Energy-efficient datacentres
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
BMT is a socially responsible company, aware of the need for change and is committed to reducing negative environmental impacts. We actively address climate change through a comprehensive approach, that focuses on reducing our internal carbon footprint and promoting sustainability across our operations. Having been ISO14001:2015 accredited since June 2018, BMT is committed to being an organisation that improves its environmental performance through the internationally recognised standard.
Remote Work and Telecommuting: The company encourages remote work to cut down on employee commuting, significantly reducing transportation-related emissions.
Responsible Business Travel: BMT leverages virtual meeting technologies to reduce the necessity for travel. When travel is inevitable, employees are guided to use public transport and environmentally friendly options, while the company offsets the carbon emissions produced.
Green Office Initiatives: BMT has implemented energy-saving measures within our offices and any upgrades are made with a focus on sustainability, to minimize energy consumption and emissions.
Energy Management: Energy usage is meticulously monitored and analyzed through energy management systems, ensuring operational efficiency, and identifying opportunities for further energy savings.
Supplier Engagement: BMT demands eco-friendly practices from its suppliers, aiming for sustainability throughout the supply chain.
Employee Engagement and Training: Staff members receive training on environmental practices and are encouraged to participate in the company’s sustainability efforts.
Sustainability Policy and Reporting: The firm adheres to a robust Sustainability Policy and engages in transparent reporting to track its environmental performance, setting targets for continuous improvement.
Sustainable Technology Investment: Internally, BMT invests in sustainable technologies that benefit its operational practices, such as software to enhance project efficiency and energy-conserving IT equipment.
Through these focused internal strategies, BMT lessens its environmental impact and demonstrates industry leadership in sustainability, fundamentally contributing to the global fight against climate change.Tackling economic inequality
Innovation: BMT is proud to be a founding member of the South-West Regional Defence and Security Cluster (SWRDSC), the first pan-Defence and Security Cluster in the UK. It forms a collaboration led by industry and academia, supported by government. The aim of the cluster is to raise the profile of regional Defence and Security capability to stimulate greater sector knowledge, business, economic growth, and productivity across the South-West region. The South-West is home to many innovative businesses and the cluster aims to strengthen investment and partnerships, to help build capabilities and attract and compete for talent. Its purpose is to enable the sector to collaborate, overcome barriers to entry and help supply chains to complete and realise new technologies.
Apprenticeships: BMT has an established, sustainable, valued, and recognised apprenticeship scheme, which demonstrates our commitment to our professions and underpins our passion for STEM. Our aim is to support young people with work experience and placements. Our apprentices form a critical part of our talent pipeline, bringing fresh ideas and innovative ways of working. BMT’s programme offers renumeration to market pay rates, a choice of inspiring roles working alongside experience staff, and support to achieve recognized qualifications. We include an apprenticeship levy to sponsor the student’s academic studies and leave days to attend college.
Recruitment: We take an ‘outside the box’ approach to recruitment, ensuring opportunities are accessible, regardless of background or circumstance. We actively engage with local employment agencies who support the recruitment of specialist and hard to recruit employees. Our ‘Returners Programme’ taps back into people with skills at the core of BMT’s business, but who have fallen outside of normal career pathways due to challenging circumstances. We have employee networks in place to ensure these individuals have the support they need to thrive in our business.Equal opportunity
Social values are at the core of our commitment to Diversity, Equity and Inclusion (DE&I). We believe a proactive, strategic approach to DE&I is essential to sustaining a successful and progressive business. This is why DE&I did not begin with just a policy, but a strategy, which actively promotes DE&I activity and is embedded as part of our strategic planning with set business objectives, supported by funding and resource to deliver.
Our objective is to provide a safe, fair, supportive and sustainable working environment where employees enjoy work, grow, develop and benefit from the collective success of BMT. We review formal measures such as the Good Work Plan to ensure we are constantly working to best practice. As an EBT (Employee Benefit Trust), we are a business that promotes and thrives on communicating with our employees and doing what is best for them, always.
BMT is committed to providing equal opportunities, which is supported by the following undertakings at BMT:
1. Apprentices, Graduates, Year in Industry and Summer Placements - We advertise at a broad range of universities across the UK to ensure we reach as many parts of society as possible.
2. Recruitment Passport Training – to ensure our processes are free from bias
3. STEM events across universities and schools in diverse areas to attract young people into STEM careers.
4. A commitment to providing fair and equal pay to all our employees.
5. Regional DE&I forums which allow representatives from across BMT to recognise challenges we may face in this space and define action plans to resolve them.
6. STEM returners programme - facilitating the return of skilled professionals to the STEM industry after a career break.
7. Supporting employee wellbeing
This is a sample of what BMT do every day, to ensure equal opportunities for all.Wellbeing
BMT is an Employee Benefit Trust, and we truly value the health and wellbeing of all our staff, this is demonstrated through our global wellbeing strategy that seeks to improve physical, financial and mental health. BMT believes that a proactive approach to health and wellbeing of our employees is fundamental to the success of our business. This means that we adopt a positive mindset and total commitment to understand and address health and wellbeing inside our organisation.
At BMT we aim to integrate wellbeing into all work activities and practices, creating a positive environment that is compatible with promoting staff engagement, performance, and achievement. Active measures in place at BMT to support health and wellbeing, including physical and mental health include:
Regular conversations with line managers and wellbeing champions
A £300 per year Wellbeing Fund for each employee to help fund activities that support personal development and/or wellbeing.
Employee wellbeing events such as facilitated sessions with MIND on mental health in the workplace.
Mental Health First Aiders and Champions in place across the organisation.
A “Wellness Zone” on our internal intranet with a range of resources and tips that are regularly updated.
Wellness Rooms in offices – providing a quiet and relaxing space for employees to access when required.
Flexible working practices to enable employees to have a good work/life balance.
Ensuring all employees have access to resources such as: Private Medical Insurance, Employee Assistance.
Programme (EAP), Eye Tests and Glasses, Flu Jabs, Health and Wellbeing Events and a Cycle to Work Scheme
Pricing
- Price
- £845 to £2,360 a unit a day
- Discount for educational organisations
- No
- Free trial available
- No