IOCO SOLUTIONS LIMITED

Hosted Cloud Platform

Hosted Cloud is an enterprise-class cloud solution serviced out of a virtualised environment that resides in the UK.
Infrastructure is provided and managed by iOCO, you have access to manage your cloud through an automated, self-service portal.
Converged and Hyper-converged Infrastructure provides fully managed server or self-service instances

Features

• Converged Cloud Infrastructure hosted in Tier 4 DCs in UK
• Logical Private Cloud - Fully Managed Software-defined DC
• Physical Private Cloud - Fully Managed Single-tenant hyper-converged Platform
• Private Cloud Plus - VMware Cloud on AWS
• Managed security as standard
• 24x7 monitored service
• Per hour billing
• Backup and archiving services available
• CMP for management of the entire cloud environment
• Full management of the hosted environment, up to Hypervisor

Benefits

• Leverage cloud expertise to build and manage your cloud environment
• Security, speed, agility and flexibility
• Pay per use on-demand infrastructure
• Immediately provision workloads - ideal for DevOps requirements
• Cost visibility and control are provided through a transparent workflow-process
• Easy-to-use web-based management interface
• Management layer, through the automated, self-service portal
• Per-hour billing model of private, hosted and public cloud

£0.04 an instance an hour

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.morey@ioco.tech. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

800191926719099

Contact

Mick Morey
0118 206 2938
michael.morey@ioco.tech

Service scope

• Service constraints: Hypervisor based on VMWare converged and hyper-converged architectures.; Customer requires internet connectivity to access the Cloud environment.
• System requirements: Modern browser to access online portal

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Severity 1 (Critical Service Incident) - Within 30 mins; ; Severity 2 (Critical Service Incident) - Within 1 hour; ; Severity 3 (Non-Critical Service Incident) - Within 4 business hours; ; Severity 4 (Minor Support Request) - Within 4 business hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide a service desk to log incidents and support requests. Calls are prioritised based on severity and assigned accordingly. 4 Levels of severity is classified. The service included 3 levels of support engineers based on skill level (i.e 1st , 2nd and 3 rd level support ) as well as a vendor escalation process.; We provide a client account manager and a cloud architect, as well as Service delivery manager where appropriate.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide initial configuration assistance, Customers are provided user guides for every aspect of the service
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customer may choose to store data on archive storage at lower cost, or extract by means of file transfer tools. Depending on the method of extraction, data charges may apply.; ; Customer has 30 days from expiry of contract to extract all required data.
• End-of-contract process: Customer requirements for the data extraction will be agreed prior to completion of the contract.

Using the service

• Web browser interface: Yes
• Using the web interface: Unified and simplified management platform that allows organisations to access automated selection and management of the right cloud services, whenever they need them. Offering the ability to create, monitor and manage all the different cloud services. Empowers businesses to provision the right cloud services, whenever they need them.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Automated, plug-and-play platform provides a single dashboard so you can access all services with a few clicks of a mouse. Delivering access to common cloud management, governance, and security services, real-time usage reports and performance evaluations,
• Web interface accessibility testing: NA
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Capacity management ensures capacity on storage and compute systems supporting this service, allowing the customer to grow without disruption to their service.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics:
  • Up-time
  • Cost information
  • Utilization
  • Logs and reports
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • System Data
  • File Data
  • Workloads / Virtual Machines
• Backup controls: Through the Web Management Portal, you can manage and monitor the entire data workflow, including backup, offsite storage, and recovery. Organizations can create customized backup policies, check status, delegate responsibilities across the enterprise, and initiate restore operations whenever needed. Role-based access control allows you to define access levels for various user classes across the enterprise.
• Datacentre setup: Multiple datacentres
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.95% - 99.99% depending on Service Level chosen
• Approach to resilience: Redundant power - Hosting facilities are chosen based on capability to provide multiple dedicated power feeds, with redundant short term and medium term power backup; Dual Network Fabric - Networking is deployed in redundant manner, utilising vendor technologies to achieve multi-chassis connectivity for north- and southbound connections; Dual Cloud Edge - Achieved by deploying high-availability pairs or clusters of unified threat management appliances.; Network Connectivity (Cloud Edge) - Utilises multiple service providers for internet and network connectivity; Network Connectivity (Compute) - each compute node is interconnected with the Dual Network Fabric allowing resilience in the event of network node failure.; Compute Layer Resilience - Utilising capacity management to confirm constant availability of 30% - 40% available resources at any point
• Outage reporting: Alerts through managed toolset. ; ; Web dashboard; Email; Text; Voice

Identity and authentication

• User authentication: Username or password
• Access restrictions in management interfaces and support channels: All management networks are isolated from user and customer networks, with specific access rules and user-traceable accounts used throughout. Restricted and vetted named users are allowed administrative access to the application management areas.; ; For online systems (e.g. Customer Portal & API interfaces), all users are required to have a unique username, password and memorable word combination.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • INFORMATION SECURITY MANAGEMENT SYSTEM ISO/IEC 27001:2013 for the Datacentre
  • PCI DSS Compliant Datacentres

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The change management processes follow ISO27001 A.12.1.2 controlled mechanism for making changes to operational environments.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The change management processes follow ISO27001 A.12.1.2 controlled mechanism for making changes to operational environments.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We subscribe to multiple vendor provided vulnerability notification services. All vulnerabilities are reviewed and applicable patches are administered through the change control process . Mitigation measures will always be considered first, with critical patches targeted for resolution within 30 days.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Denial of Service is applied on all Internet links , with Intrusion detection\protection available to customers on request. All security events are logged\notified based on severity. Any attempted platform security compromises are dealt with 24/7 by security engineers. The responsibility remains with the customer to ensure detected intrusions are re-mediated where customers have control, permission, or access to modify their service. iOCO recommends that customers follow security best practices including, but not limited to: • Maintaining effective firewall rules • Limiting the communication ports to only the necessary, for conducting business • Locking down access
• Incident management type: Supplier-defined controls
• Incident management approach: The incident response process complies with industry standards for legally admissible chain-of-custody and forensic data collection management processes and controls. Response standards, procedures, and methods are implemented based on the severity level of an incident. Incident reports are produced as part of standard post incident process and provided to customers on request.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Each customer is provided with a dedicated, virtual UTM appliance that serves as the perimeter edge device for their environment, along with private, non-routed virtual LANs to host virtual machines.; ; In the case of CloudBackup services, each customer is supplied access to the backup management platform, and customer data is stored in separate encrypted vaults.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  iOCO's hosted cloud solution is built in our Data Centre partners facilities. Our Data Centre partner acknowledges the current and emerging challenges in relation to climate change, biodiversity, and pollution. We strive to care for and protect the places and natural resources that we depend upon. As a leading digital edge infrastructure company in the UK, our partner plays a key role in helping clients cut their emissions and minimize their carbon footprint through the use of our colocation and cloud services.

Pricing

• Price: £0.04 an instance an hour
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.morey@ioco.tech. Tell them what format you need. It will help if you say what assistive technology you use.