iomart Managed Services Limited

Microsoft 365 backup

Flexible, easy to use Microsoft 365 protection.
Back up your Teams, Exchange, SharePoint, and OneDrive data, and find and recover the exact data you want quickly and easily with advanced search.
Barracuda Cloud-to-Cloud backup is cloud native and features RBAC, emcryption, and inherent ransomware protection.

Features

• Flexible full/granular restore of Teams, Exchange, SharePoint, OneDrive, and OneNote
• SaaS platform which is automatically updated
• Notification functionality for security alerts
• Assisted setup and configuration of backup service
• Per user license model with unlimited retention
• Flexible full or granular restore of Teams/Exchange/SharePoint/OneDrive/OneNote
• Point-in-time recovery
• Fast and easy to find and recover data
• Multi-factor authentication
• Five levels of role-based access control

Benefits

• Provides unlimited storage and retention for data in 365
• Allows for granular or full restore of 365 data
• Provides granular reporting and customisable email reporting
• Secure storage with data encrypted in transit/rest using AES256

£2.80 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@iomart.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

793827067662061

Contact

Seema Griffiths
0800 040 7228
gcloud@iomart.com

Service scope

• Service constraints: None
• System requirements:
  • Active office 365 service
  • Minimum users - 10x

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: As per Barracuda's terms and conditions
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: N/A
• Web chat accessibility testing: N/A
• Onsite support: No
• Support levels: Iomart offer initial guided deployment and configuration of Barracuda's Cloud-to-Cloud backup service. ; Ongoing support for the service is provided by Barracuda, with a 2-hour response time for critical issues. 24x7 technical support is available via phone, live chat, online portal and e-mail.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Iomart provide a full onboarding service with supported online training and supporting user documentation.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data can be extracted through multiple means as defined by the client.
• End-of-contract process: In the event that you wish to transition to an alternative supplier, iomart will work with you and the new supplier to ensure an efficient and seamless transition. Similar to our implementation process, our exit process will ensure that all stakeholders are engaged, risks are identified and mitigated, and that a clear programme of works is documented and communicated.; ; Upon confirmation of transition, iomart will engage with you to create a scope of works and present a Services package that will ensure a successful move.; ; The topics to be discussed include:; Data migration, Simultaneous use (if needed), Handover of projects in progress (if applicable), Final period report(s), Final period invoice(s).; ; You can be assured of minimal disruption during the transition, therefore allowing you to focus on business-as-usual activities.

Using the service

• Web browser interface: Yes
• Using the web interface: Barracuda provide a web portal to view and administer Microsoft 365 backup services. The portal features role based access control, allowing authorised administrators to undertake restore activities, manage existing backups, to view service reporting, and to raise support requests to Barracuda's support team.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: The web interface is compatible with standard Windows accessibility options
• Web interface accessibility testing: None
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: The Cloud-to-Cloud backup service is a cloud-native and mult-tenant solution, designed to scale as required.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Number of active instances
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Barracuda

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Teams
  • Exchange Online
  • Sharepoint Online
  • OneDrive for Business
• Backup controls: Backups may be scheduled, or taken on demand
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Barracuda agrees that you will be able to access the management console for Barracuda Cloud-to-Cloud Backup at least 99.9% of the time each calendar month, provided however that downtime or outages related to any server on the Internet, customer premise equipment, transportation of data across the Internet, or any periods during scheduled or emergency maintenance windows or customer-requested service interruptions are not included within the scope of, and are excluded from, this availability commitment (“Web Uptime Commitment”).
• Approach to resilience: Data protected by Barracuda Cloud-to-Cloud backup is stored in multiple datacentres, with users able to define the geographic location in which data resides.
• Outage reporting: Service interruption notifications by email or via SMS, or via Barracuda's online status page.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: You can access your customer data at any time and for any reason without assistance from Barracuda. Barracuda restricts access to Barracuda personnel and subcontractors.; ; Barracuda Personnel: Barracuda personnel are granted access only when necessary under management oversight. Barracuda personnel will use customer data only for purposes compatible with providing you the services, which can include customer support and troubleshooting services.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Available on request
• ISO/IEC 27001 accreditation date: Available on request
• What the ISO/IEC 27001 doesn’t cover: Available on request
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: Available on request
• ISO 28000:2007 accreditation date: Available on request
• What the ISO 28000:2007 doesn’t cover: Available on request
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO and/or SOC II certified
• Information security policies and processes: Barracuda's security policies may be viewed here; https://www.barracuda.com/company/legal/security-compliance#paranav-navbar

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Available upon request during procurement
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Available upon request during procurement
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Available upon request during procurement
• Incident management type: Supplier-defined controls
• Incident management approach: If Barracuda becomes aware of any unlawful access to any Customer Data stored on Barracuda’s equipment or in Barracuda’s facilities that results in the loss, disclosure or alteration of Customer Data (each a “Security Incident”), Barracuda will promptly (1) notify Customer of the Security Incident; (2) investigate the Security Incident; and (3) take reasonable steps to mitigate the effects of, and minimize any damage resulting from, the Security Incident.; Security Incidents Notification(s) will be delivered to one or more Customer administrator by a means selected by Barracuda, including via email.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Microsoft Azure
• How shared infrastructure is kept separate: Barracuda takes strong measures to protect customer data from inappropriate use/loss and to prevent customers from gaining access to one another’s data. ; ; Barracuda cloud services are multi-tenant services, meaning that data, deployments, and virtual machines may be stored on the same physical hardware as that of other customers. When data from many customers is stored at a shared physical location, Barracuda logically segregates storage and processing for different customers through specialized technology engineered specifically for that purpose. We take careful measures to logically separate customer data to help prevent one customer’s data from leaking into the data of another customer.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  iomart recognises the environmental impacts of our business operations and continually seeks to minimise this impact with a commitment to achieving Net Zero by 2050, or earlier. To control and reduce our environmental footprint, iomart implemented a sustainability and energy efficiency programme aligned with a number of the UN Sustainable Development Goals, specifically #13 – Climate Action, which aims to take urgent action to combat climate change. This programme complies with the requirements of ISO 14001:2015 and ISO 50001:2018, which form the basis of iomart’s Energy Management and Environmental Management Systems, respectively. As part of this programme, iomart: • Partners with Schneider Electric to establish carbon reduction targets and implement a roadmap to reduce our overall emissions in alignment with UK Government targets • Purchases Renewable Energy Guarantees of Origin (REGO) certified renewable energy across our entire UK data centre estate, resulting in a 99% decrease in total carbon emissions under the market-based reporting approach since our benchmark year of FY21 • Continues to meet the UK Government Streamlined Energy and Carbon Reporting (SECR) requirements, including energy use and carbon emissions information in its annual report • Carries out assessments under the Energy Savings Opportunity Scheme (ESOS), administrated by the Environment Agency to identify tailored measures to save energy and achieve carbon savings • Operates an ongoing programme of energy efficiencies across its data centre estate, including the installation of LED lighting and the upgrade of UPS battery power systems • Has relocated its headquarters to a more sustainable premises with green commuting encouraged • Maintains responsible business operations including recycling/segregation of waste, considering environmental factors during the procurement process and encouraging employee involvement in energy efficiency improvement initiatives • Is rolling out new initiatives to reduce environmental impact, including the installation of solar panels at its flagship data centre

  Covid-19 recovery

  iomart recognises the continued impact of Covid-19 on communities, businesses and staff. Having implemented a Business Continuity Plan aligned with ISO 22301 best-practice guidelines, iomart was able to seamlessly transition to a remote working policy for the majority of employees at the start of the global pandemic. Safe working practices were introduced for those working at our data centre sites to support Critical National Infrastructure during this time. Reflecting on this era, iomart recognised that many employees value the ability to work from home. In response, iomart introduced a hybrid working policy in order to balance the needs of the business with the flexibility for employees to work both from the office and remotely. As a managed services provider, iomart continues to provide the necessary infrastructure and support to many customers which allow them to offer their staff remote and hybrid working, enjoying the same benefits as many iomart employees. Having provided many customers with financial initiatives to delay invoice payments during the pandemic to help with their cashflow, iomart played a pivotal role in ensuring that a significant number of small and medium business continue trading today and continues to work closely with them to provide business-critical services. iomart continues to partner with the organisation Business Volunteers to support various charities within the local communities in which it operates. Through numerous volunteering engagements, iomart employees have supported a food-growing charity to encourage families to get outdoors, exercise and grow healthy food. They have contributed towards the rejuvenation of the site with a new seating space and raised beds, repairing compost bins and digging up areas that had overgrown. Our teams have also volunteered at a food bank warehouse, taking in food and household items and distributing parcels to local organisations that provide essential support to families, post Covid-19.

  Tackling economic inequality

  iomart takes its responsibility in this areas very seriously and is committed to acting ethically and with integrity in all of our business relationships. This commitment and subsequent efforts to operate responsibly are fulfilled through the operation of corporate governance processes and ISO-certified business procedures. iomart has implemented robust controls and checks, including continual monitoring, to ensure that there is no modern slavery or human trafficking in its supply chain or in any part of the business. We conduct internal risk and material assessments within our supply chain, requiring suppliers to undergo a due diligence process prior to product or service provision. Employees are paid fairly, with salaries paid directly into their own bank accounts. Cyber security risks are identified and managed via iomart’s Information Security Management System which is based on the requirements of ISO 27001, an internationally-recognised standard governing the protection of personal records and sensitive information. Conformity with this rigorous security standard is monitored continuously and assessed by iomart’s UKAS-accredited certification body, providing external assurance of the controls validated. iomart operates an Equality, Diversity and Inclusion programme which is aligned with the United Nations Sustainable Development Goal #8 - Decent Work and Economic Growth – which promotes sustained, inclusive and sustainable economic growth, full and productive employment and decent work for all. Actions and initiatives to support this goal include: • Mentoring partnerships with MCR Pathways, supporting equality of education outcomes, career opportunities and life chances • Regular engagements with SmartSTEMs, a charity which aims to provide equity of access and opportunity for all young people to STEM education and career opportunities • Partnership with and recruitment via Generation, a non-profit organisation transforming education to employment systems to prepare, place and support people into life-changing careers that would otherwise be inaccessible

  Equal opportunity

  iomart is committed tackling workforce inequality. Closely aligned with the United Nations Sustainable Development Goal #5 - Gender Equality, which aims to achieve gender equality and empower all women and girls, iomart’s approach aims to shine a spotlight on diversity, inclusion, belonging and talent whilst ensuring our policies, recruitment and frameworks are free from bias. To achieve this, iomart: • Operates a diversity and inclusion strategy devised to reduce any real pay gap in the longer term, with an annual Gender Pay Gap report published annually • Has implemented measures to monitor key demographic data, which allows us to set targets to improve representation in key areas • Continues to refresh and expand our employee networks, working towards a gender balance of 30% female representation by 2030 whilst tracking diversity statistics to ensure informed decision making across the business. • Partners with Empowering You, an organisation aiming to build an empowered community of diverse, authentic and confident leaders who can inspire a meaningful and sustainable cultural shift that benefits their organisation, wider industry and society at large • Has implemented an Equal Opportunities Policy in accordance with the Equality Act (2010) • Provides training for managers to better understand neurodivergent and disabled employees’ needs • Publishes a statement on Modern Slavery in accordance with section 54(1) of the Modern Slavery Act 2015, reflecting iomart’s commitment and efforts to operate responsibly • Redacts demographic information from CVs to reduce unconscious bias during the recruitment process • Operates a flexible working policy to promote a healthy work-life balance whilst allowing staff to fulfil other duties outside the workplace such as childcare and supports them working to their individual strengths

  Wellbeing

  iomart promotes the wellbeing of our people though a number of employee benefits and initiatives that impact physical and mental health. These include: • An Employee Assistance Programme with 24/7 support • A cycle to work scheme, with Head Office facilities designed to encourage green commuting • Enhanced benefits with length of service, such as medical and dental cover • Neurodiversity training • Flexible and hybrid working policies to promote a healthy work-life balance This commitment to wellbeing is extended throughout our local communities whereby iomart actively participates in charity engagement and volunteerism. Through our partnership with Business Volunteers, iomart works with local charities to support strong, integrated communities. We began hosting Volunteer Days at our Glasgow and Manchester sites in 2021. We have cooked and served Christmas dinners vulnerable people in Manchester and volunteered at the Glasgow Community Garden Trust to support a food-growing charity in encouraging families to get outdoors, exercise and grow healthy food. Employees helped to rejuvenate the site with a new seating space and raised beds, repairing compost bins and digging up areas that had overgrown. Additionally, iomart worked with FareShare UK to help deliver food that would prepare 40,000 meals for people in need. To further promote the physical health and wellbeing of staff and the wider community, iomart seeks to develop more sustainable business operations intended to reduce its environmental footprint.

Pricing

• Price: £2.80 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Barracuda offer a free trial, providing full access to the service for up to 14-days
• Link to free trial: https://www.barracuda.com/cloud-service/signup/ccb

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@iomart.com. Tell them what format you need. It will help if you say what assistive technology you use.