EPI-USE Labs Limited

Cloud Managed Services

EPI-USE Labs offers you several flexible managed service tiers (Basic, Standard and Premium) to help you to get the most out of Microsoft Azure, Amazon Web Services (AWS) or our Private Cloud. We have years of enterprise management experience and yet are surprisingly easy to work with!

Features

• Microsoft Azure resource and subscription management
• Easy access to all Microsoft Azure public cloud services
• Manage backups, patching and anti-virus deployments
• Deploy geo-redundant services and workloads across Azure regions

Benefits

• A highly personalised level of service at a competitive price
• A dedicated and experienced team to assist you
• We take care of the Azure technicalities
• Basic monitoring and visibility of your systems
• Optimise your runtime costs
• Only pay for Azure capacity you use
• We manage the billing for you
• Provide regular reporting and advice on your subscription
• Full networking integration to on-premise/private cloud workloads
• Maximise the elasticity and scalability that Microsoft Azure provides

£5.00 a virtual machine a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nikki@labs.epiuse.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

800670392758691

Contact

Nikki Cox
0161 282 7061
nikki@labs.epiuse.com

Service scope

• Service constraints: X86 based operating systems (Linux, Windows 2012+)
• System requirements:
  • IPSEC VPN over the internet
  • Microsoft Expressroute

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Customers can log support tickets in our Client Central platform, which provides world-class support, Service Level Agreement (SLA) management and ticketing. Tickets can be viewed and summarised, in progress and closed, and various reports can be run from Client Central to provide an overview of tickets and progress.; ; Support response times:; Severity 1: <= 60 minutes, updates every hour; Severity 2: <= 4 hours, updates every 6 hours; Severity 3: <= 1 business day, updates every 3 business days; Severity 4: <= 2 business days, updates weekly
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Three support levels are provided: Basic, Standard and Premium. Services are spread across all three tiers. ; ; Basic tier is for minimum and light-touch services.; Standard tier is for mainstream support services.; Premium tier is aimed at production work loads.; ; Technical support is available in all tiers and an account manager is assigned for standard and premium tiers.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Technical support is provided from the initial creation and configuration of the Azure Public subscription to getting the customer working.; ; This service does not onboard existing Azure subscriptions or migrate existing Azure services into a new Azure Public Cloud subscription.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Close and delete any Azure accounts, access controls and resources; off-boarding of instances and data is the customer’s responsibility and should be completed prior to termination.
• End-of-contract process: Off-boarding of all VMs, services and data is the customer’s responsibility and should be completed prior to contract termination. Transfer of contracted services by EPI-USE Labs to another provider can be accommodated but is out of scope and will incur additional charges.

Using the service

• Web browser interface: Yes
• Using the web interface: Client Central is the collaboration and service management website used for all EPI-USE Labs customers. Easily log and track incidents & service requests, access key documents and other solution information.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Our web interface is accessible over the internet via secure HTTPS.
• Web interface accessibility testing: None
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Active monitoring is used to balance load across the virtual infrastructure. ; ; We leverage Microsoft Azure Monitor and log analytics, within the customer's subscription, to log and analyse the customers systems.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft Azure, as a CSP Indirect Reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Never
• Protecting data at rest: Other
• Other data at rest protection approach: Microsoft Azure has, by default, encryption at rest enabled. Further encryption can be enabled at the OS level to provide encryption in-flight.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Azure Backup: Virtual Machines
  • Azure Backup: File level (restriction apply)
• Backup controls: Client can raise a ticket to make scheduling adjustments.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Firewalls are leveraged to isolate infrastructure.

Availability and resilience

• Guaranteed availability: Microsoft Azure offer SLAs for virtual machines covered by either Availability Zones, Availability Sets or with Premium storage.; ; More details are available on Microsoft's website or you can contact us for further details.
• Approach to resilience: Microsoft Azure is backed by data centres in the U.K., Europe and the rest of the world. Resilience, however, is primarily down to the design topology of the customer's Azure deployment. ; ; We can offer support and advice on your subscription, resource choices and network topology.
• Outage reporting: Service outages are reported to the client via email alerts.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Management interfaces is via the Microsoft Azure Portal
• Access restriction testing frequency: Never
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: A-lign
• ISO/IEC 27001 accreditation date: 26/06/2016
• What the ISO/IEC 27001 doesn’t cover: Our ISO 27001 covers certification for our Client Central client interaction platform and Unified Platform, which related to hosting and managed hosting services. Software and service not related to these are not covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISAE 3402 Type 2
  • SOC 2 Type 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: EPI-USE Labs has an information security management system that certifies to ISO27001 which includes an overall security policy. Adherance to the policies is audited annually by an independent external provider.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Internal change management follows an ITIL based process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The Infrastructure is regularly compared against vendor critical patch levels.; Updates are installed at scheduled maintenance windows.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Microsoft Monitor is leveraged, within the customer's subscription, to provide real-time analysis of infrastructure events.; ; Internal incident response policies are followed in the event of a compromise.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We currently have over 100 standard information security controls as part of iSMS implementation. ; Clients can use our internally developed incident and ticket management system, Client Central, to log incidents.; Clients will be notified of any incident relating to their solution.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Microsoft Azure
• How shared infrastructure is kept separate: Microsoft offer isolation at several levels:; ; Tenant isolation providing organisational wide identity management, separated from other organisation.; ; Both Compute and Storage are on shared architecture.; ; Computer is isolated at the network level so no two customers can access each others environments without explicitly configured Virtual Network peering.; ; Microsoft also offer a smaller subnet of virtual machines as isolated instances with dedicated hardware.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Fighting climate change:

  Fighting climate change

  Environmental responsibility is integral to all our delivery. Our Sustainability Policy ensures that adverse effects on the community, environment and natural resources are minimised, while safeguarding the health and safety of our clients and employees. ; Our Sustainability Policy covers practical actions including: ;  * Environmental permits and reporting ;  * Pollution prevention and resource reduction ;  * Hazardous substances ;  * Air emissions  ; * Material restrictions ;  * Stormwater management ;  * Machine safeguarding ;  * Energy consumption, greenhouse gas emissions.; ; Examples of our current sustainability initiatives include: ; ;  * Our non-profit organisation Elephants, Rhinos and People (ERP) is funded through 1% of our revenue. ;  * We support client, partner, and supplier initiatives in sustainable procurement. ; * We actively encourage employees to make mindful choices about energy use/waste creation to minimise our carbon footprint. ; * Employee engagement with environmental issues is enhanced through internal communications and training. ;  * Initiatives are in place to continuously improve recycling and eliminate single use plastic (SUP), manage our buildings more efficiently, and improve our travel footprint. ;  * We focus on reducing our impact on the environment by preventing pollution, encouraging recycling and using natural resources efficiently. This includes our sales and marketing activities: we use QR codes or links to promote online collateral rather than printed, and promotional items are environmentally sourced/reusable.;  * At events, we encourage delegates to have a tree planted in their name by The National Trust.;  * Where possible, home-working is encouraged. We provide eco-friendly and ergonomic equipment solutions for home or office working. ;  * We provide an online resource to employees and clients to facilitate meetings, workshops, and feedback sessions, reducing unnecessary travel, meeting room and hotel accommodation. Where face-to-face meetings are required, we encourage employees to use public transport or ride-share.
• Equal opportunity:

  Equal opportunity

  EPI-USE Labs is committed to equal opportunities, including challenging and eliminating discrimination, and encouraging, valuing and promoting diversity and fairness. Our aim is that our employees will be representative of all sections of society, and that each employee feels respected and able to give their best. We value our diversity, and actively promote equality and inclusion in our company.; We would ensure awareness of equal opportunities for those managing G-Cloud contracts by highlighting the importance to all involved of adhering to our Equality and Diversity policy, at the start of and throughout the contract period. ; Our Equality and Diversity policy is endorsed by senior executives and upheld throughout the company. The purpose of our policy is to provide equality and fairness for all in our employment regardless of age, disability, gender identity or expression, marital or civil partner status, pregnancy or maternity, race, colour, nationality, ethnic or national origin, religion or religious observances, or sexual orientation. We comply with the requirements of the Equality Act 2010.; Our policy is communicated to all leaders, employees and sub-contractors, as follows:;  *Our ‘Client Central’ platform ensures knowledge-sharing internally for all employees, including our policies. ;  *Our in-house training system deploys mandatory training of our policies. ;  *For recruitment, our global HR team works with our regional directors to ensure this policy is upheld.;  *Processes are followed to ensure that new employees receive onboarding on all EPI-USE Labs standards and policies, including this policy.;  *We select and screen sub-contractors carefully to make sure they adhere to our values and policies.; ; We are committed to creating an environment which is supportive, fair, just and free from unlawful discrimination, in which individual differences and the contributions of all our employees are recognised and valued.

Pricing

• Price: £5.00 a virtual machine a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nikki@labs.epiuse.com. Tell them what format you need. It will help if you say what assistive technology you use.