EPI-USE Labs Limited

Cloud Managed Services

EPI-USE Labs offers you several flexible managed service tiers (Basic, Standard and Premium) to help you to get the most out of Microsoft Azure, Amazon Web Services (AWS) or our Private Cloud. We have years of enterprise management experience and yet are surprisingly easy to work with!

Features

  • Microsoft Azure resource and subscription management
  • Easy access to all Microsoft Azure public cloud services
  • Manage backups, patching and anti-virus deployments
  • Deploy geo-redundant services and workloads across Azure regions

Benefits

  • A highly personalised level of service at a competitive price
  • A dedicated and experienced team to assist you
  • We take care of the Azure technicalities
  • Basic monitoring and visibility of your systems
  • Optimise your runtime costs
  • Only pay for Azure capacity you use
  • We manage the billing for you
  • Provide regular reporting and advice on your subscription
  • Full networking integration to on-premise/private cloud workloads
  • Maximise the elasticity and scalability that Microsoft Azure provides

Pricing

£5.00 a virtual machine a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nikki@labs.epiuse.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

8 0 0 6 7 0 3 9 2 7 5 8 6 9 1

Contact

EPI-USE Labs Limited Nikki Cox
Telephone: 0161 282 7061
Email: nikki@labs.epiuse.com

Service scope

Service constraints
X86 based operating systems (Linux, Windows 2012+)
System requirements
  • IPSEC VPN over the internet
  • Microsoft Expressroute

User support

Email or online ticketing support
Email or online ticketing
Support response times
Customers can log support tickets in our Client Central platform, which provides world-class support, Service Level Agreement (SLA) management and ticketing. Tickets can be viewed and summarised, in progress and closed, and various reports can be run from Client Central to provide an overview of tickets and progress.

Support response times:
Severity 1: <= 60 minutes, updates every hour
Severity 2: <= 4 hours, updates every 6 hours
Severity 3: <= 1 business day, updates every 3 business days
Severity 4: <= 2 business days, updates weekly
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
No
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Three support levels are provided: Basic, Standard and Premium. Services are spread across all three tiers.

Basic tier is for minimum and light-touch services.
Standard tier is for mainstream support services.
Premium tier is aimed at production work loads.

Technical support is available in all tiers and an account manager is assigned for standard and premium tiers.
Support available to third parties
No

Onboarding and offboarding

Getting started
Technical support is provided from the initial creation and configuration of the Azure Public subscription to getting the customer working.

This service does not onboard existing Azure subscriptions or migrate existing Azure services into a new Azure Public Cloud subscription.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Close and delete any Azure accounts, access controls and resources; off-boarding of instances and data is the customer’s responsibility and should be completed prior to termination.
End-of-contract process
Off-boarding of all VMs, services and data is the customer’s responsibility and should be completed prior to contract termination. Transfer of contracted services by EPI-USE Labs to another provider can be accommodated but is out of scope and will incur additional charges.

Using the service

Web browser interface
Yes
Using the web interface
Client Central is the collaboration and service management website used for all EPI-USE Labs customers. Easily log and track incidents & service requests, access key documents and other solution information.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Our web interface is accessible over the internet via secure HTTPS.
Web interface accessibility testing
None
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
Active monitoring is used to balance load across the virtual infrastructure.

We leverage Microsoft Azure Monitor and log analytics, within the customer's subscription, to log and analyse the customers systems.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
Reporting types
Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Microsoft Azure, as a CSP Indirect Reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
Never
Protecting data at rest
Other
Other data at rest protection approach
Microsoft Azure has, by default, encryption at rest enabled. Further encryption can be enabled at the OS level to provide encryption in-flight.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Azure Backup: Virtual Machines
  • Azure Backup: File level (restriction apply)
Backup controls
Client can raise a ticket to make scheduling adjustments.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Firewalls are leveraged to isolate infrastructure.

Availability and resilience

Guaranteed availability
Microsoft Azure offer SLAs for virtual machines covered by either Availability Zones, Availability Sets or with Premium storage.

More details are available on Microsoft's website or you can contact us for further details.
Approach to resilience
Microsoft Azure is backed by data centres in the U.K., Europe and the rest of the world. Resilience, however, is primarily down to the design topology of the customer's Azure deployment.

We can offer support and advice on your subscription, resource choices and network topology.
Outage reporting
Service outages are reported to the client via email alerts.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Management interfaces is via the Microsoft Azure Portal
Access restriction testing frequency
Never
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
A-lign
ISO/IEC 27001 accreditation date
26/06/2016
What the ISO/IEC 27001 doesn’t cover
Our ISO 27001 covers certification for our Client Central client interaction platform and Unified Platform, which related to hosting and managed hosting services. Software and service not related to these are not covered.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • ISAE 3402 Type 2
  • SOC 2 Type 2

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
EPI-USE Labs has an information security management system that certifies to ISO27001 which includes an overall security policy. Adherance to the policies is audited annually by an independent external provider.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Internal change management follows an ITIL based process.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The Infrastructure is regularly compared against vendor critical patch levels.
Updates are installed at scheduled maintenance windows.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Microsoft Monitor is leveraged, within the customer's subscription, to provide real-time analysis of infrastructure events.

Internal incident response policies are followed in the event of a compromise.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We currently have over 100 standard information security controls as part of iSMS implementation.
Clients can use our internally developed incident and ticket management system, Client Central, to log incidents.
Clients will be notified of any incident relating to their solution.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Microsoft Azure
How shared infrastructure is kept separate
Microsoft offer isolation at several levels:

Tenant isolation providing organisational wide identity management, separated from other organisation.

Both Compute and Storage are on shared architecture.

Computer is isolated at the network level so no two customers can access each others environments without explicitly configured Virtual Network peering.

Microsoft also offer a smaller subnet of virtual machines as isolated instances with dedicated hardware.

Energy efficiency

Energy-efficient datacentres
No

Social Value

Fighting climate change

Fighting climate change

Environmental responsibility is integral to all our delivery. Our Sustainability Policy ensures that adverse effects on the community, environment and natural resources are minimised, while safeguarding the health and safety of our clients and employees.
Our Sustainability Policy covers practical actions including:
 * Environmental permits and reporting
 * Pollution prevention and resource reduction
 * Hazardous substances
 * Air emissions 
* Material restrictions
 * Stormwater management
 * Machine safeguarding
 * Energy consumption, greenhouse gas emissions.

Examples of our current sustainability initiatives include:

 * Our non-profit organisation Elephants, Rhinos and People (ERP) is funded through 1% of our revenue.
 * We support client, partner, and supplier initiatives in sustainable procurement.
* We actively encourage employees to make mindful choices about energy use/waste creation to minimise our carbon footprint.
* Employee engagement with environmental issues is enhanced through internal communications and training.
 * Initiatives are in place to continuously improve recycling and eliminate single use plastic (SUP), manage our buildings more efficiently, and improve our travel footprint.
 * We focus on reducing our impact on the environment by preventing pollution, encouraging recycling and using natural resources efficiently. This includes our sales and marketing activities: we use QR codes or links to promote online collateral rather than printed, and promotional items are environmentally sourced/reusable.
 * At events, we encourage delegates to have a tree planted in their name by The National Trust.
 * Where possible, home-working is encouraged. We provide eco-friendly and ergonomic equipment solutions for home or office working.
 * We provide an online resource to employees and clients to facilitate meetings, workshops, and feedback sessions, reducing unnecessary travel, meeting room and hotel accommodation. Where face-to-face meetings are required, we encourage employees to use public transport or ride-share.
Equal opportunity

Equal opportunity

EPI-USE Labs is committed to equal opportunities, including challenging and eliminating discrimination, and encouraging, valuing and promoting diversity and fairness. Our aim is that our employees will be representative of all sections of society, and that each employee feels respected and able to give their best. We value our diversity, and actively promote equality and inclusion in our company.
We would ensure awareness of equal opportunities for those managing G-Cloud contracts by highlighting the importance to all involved of adhering to our Equality and Diversity policy, at the start of and throughout the contract period.
Our Equality and Diversity policy is endorsed by senior executives and upheld throughout the company. The purpose of our policy is to provide equality and fairness for all in our employment regardless of age, disability, gender identity or expression, marital or civil partner status, pregnancy or maternity, race, colour, nationality, ethnic or national origin, religion or religious observances, or sexual orientation. We comply with the requirements of the Equality Act 2010.
Our policy is communicated to all leaders, employees and sub-contractors, as follows:
 *Our ‘Client Central’ platform ensures knowledge-sharing internally for all employees, including our policies.
 *Our in-house training system deploys mandatory training of our policies.
 *For recruitment, our global HR team works with our regional directors to ensure this policy is upheld.
 *Processes are followed to ensure that new employees receive onboarding on all EPI-USE Labs standards and policies, including this policy.
 *We select and screen sub-contractors carefully to make sure they adhere to our values and policies.

We are committed to creating an environment which is supportive, fair, just and free from unlawful discrimination, in which individual differences and the contributions of all our employees are recognised and valued.

Pricing

Price
£5.00 a virtual machine a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nikki@labs.epiuse.com. Tell them what format you need. It will help if you say what assistive technology you use.