CM Security Ltd

Acronis Cloud-to-Cloud Backup

Cloud backup for on-premise servers and Microsoft 365

Features

• Automated backups
• Incremental and differential backup
• Military-grade encryption
• Centralised backup management
• Versioning and retention policies

Benefits

• Data protection
• Business continuity
• Peace of mind

£0.15 a gigabyte

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ronald.hulme@cmsecurity.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

807159829062845

Contact

Ronald Hulme
02033070370
ronald.hulme@cmsecurity.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Cyber Protect Cloud combines backup and disaster recovery with next-generation, AI-based anti-malware and antivirus software, alongside device management services including vulnerability assessment and patching.
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: No System Requirements - Cloud-to-cloud backup solution

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to respond to all questions within 24 hours, Monday to Friday, from 09:00 to 17:00
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Email Only Support - Free of Charge ; Telephone and Remote Support - 10% of Contract Price ; Onsite Support - £1500 per day, plus expenses.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We offer a comprehensive onboarding service to help users get started with our service. This includes remote setup, configuration, and training sessions. For those who prefer onsite assistance, we offer onsite onboarding at an additional cost
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users can log in to their Acronis account and navigate to the storage section to download their backup date before the end of the contract period.
• End-of-contract process: At the conclusion of the contract period, assets that were previously protected will cease to be backed up. Any data remaining in our service will be permanently deleted. 60 days written notice is required to terminate services.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: The service interface is a web-based graphical user interface (GUI) used for configuring backup schedules, restoring files and generating reports.
• Accessibility standards: None or don’t know
• Description of accessibility: The service interface can be accessed via a web browser at https://cloud.acronis.com/login.
• Accessibility testing: As of now, we haven't conducted any interface testing specifically with users of assistive technology.
• API: No
• Customisation available: No

Scaling

• Independence of resources: The platform offers true multi-tenancy with an isolated schema for each tenant.

Analytics

• Service usage metrics: Yes
• Metrics types: Backup status report after every job, a restore statistics report following each job, and an audit log detailing administrator activity.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Acronis

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: All data is protected at source with customer-only held encryption Keys (AES 256)
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Backup data can be exported from the "storage" section on the web based portal.
• Data export formats: Other
• Other data export formats: .zip
• Data import formats: Other
• Other data import formats: Data import is not available

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: AES 256 (Quantum resistant).
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: AES 256 (Quantum resistant)

Availability and resilience

• Guaranteed availability: Acronis SLAs are 99.99% uptime.
• Approach to resilience: Acronis has meticulously crafted its high-availability and redundant infrastructure to mitigate potential risks and eradicate single points of failure. Adhering to the "need plus one" (N+1) principle, Acronis enhances redundancy across all hardware layers within its infrastructure. This strategic approach guarantees that any hardware-layer component failure does not compromise Acronis' critical infrastructure or its customers' operations. By leveraging this redundant infrastructure, Acronis can seamlessly conduct various preventive maintenance tasks without interrupting its services.
• Outage reporting: Service outages are reported via a private dashboard. https://partners.acronis.com/#datacenter

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: We employ RBAC mechanisms to restrict access to specific functionalities within our management interfaces and support channels. This ensures that users only have access to the resources and features necessary for their roles and responsibilities. We enforce MFA for all users accessing management interfaces and support channels. This adds an extra layer of security beyond traditional password-based authentication.
• Access restriction testing frequency: Never
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: Acronis information security policies and processes are based on broadly accepted international security standards such as ISO 27001 or the National Institute of Standards and Technology (NIST), and take into account the requirements of related local regulation frameworks such as European Union’s General Data Protection Regulation (GDPR) and the United States’ Health Insurance Portability and Accountability Act (HIPAA).

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Redundant infrastructure enables Acronis to conduct various preventive maintenance tasks without disrupting services. Scheduled maintenance and infrastructure changes are executed in compliance with manufacturers' specifications and internal documented procedures. All infrastructure is covered by the respective vendor's service level agreements (SLAs).; ; The team adheres to a standardized maintenance approach aimed at enhancing infrastructure availability while reducing operating and maintenance expenses.; ; Security and critical updates receive top priority and are promptly installed. Each update undergoes thorough testing before implementation.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Acronis diligently monitors all official repositories and bulletins for the latest information. Security and critical updates are given top priority and promptly applied. Each update undergoes rigorous testing before implementation. Acronis leverages the expertise of skilled technology professionals at every level of its infrastructure and actively engages with third-party vendors to address any issues.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Acronis' Network Operations Center (NOC) assumes responsibility for incident identification and response, pinpointing the root cause of issues and promptly alerting the appropriate internal incident response team to address the technology incident. Response times adhere to internal SLAs aimed at achieving 99.99 percent availability.; ; The Acronis network employs a multi-layered, zone-based architecture. Managed network equipment effectively segregates and isolates internal, external, and customer environments, while also facilitating routing and filtering of network protocols and packets.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Identification: Acronis assesses whether an event qualifies as an incident. (Information regarding incidents may originate from Acronis' monitoring system or through communication channels from various teams and customers.); ; Containment: The team evaluates the impact, scope, and affected systems and customers.; ; Eradication: The team conducts an investigation to identify the incident's origin and root cause.; ; Recovery: The team diligently monitors every environment.; ; Notification: Communications ensure all teams and customers comprehend the impact and resolution steps and receive status updates during an incident.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Fighting climate change We our proud of our record fighting climate change. We have consciously taken steps to reduce and continue to limit our carbon footprint. Business travel is approved for the private use of electric-powered cars only or the use of public transport. All staff work from home unless they are attending client sites.

  Covid-19 recovery

  All staff must be vaccinated with up-to-date boosters. All staff work from home over VPN and VOIP, thereby allowing continuity of service but isolating if infected, which provides containment. Full pay is granted to staff infected with Covid-19.

  Tackling economic inequality

  We are an equal opportunity, equal pay employer. Appointments to jobs are made on merit and commitment irrespective of race, colour, sex and social class, We provide in-house training to starters and encourage progress for all positions.

  Equal opportunity

  All staff are employed with equal opportunity and pay. All staff are equally encouraged to progress and commit to mastering emerging technology. We are contracted to support an end-user client base of registered companies that we believe are well-known to be ethical and law-abiding in their employment policy. We respectively operate with the same ethical behaviour.

  Wellbeing

  CM Security Ltd is committed to the health and well-being of its staff and those whom it engages as consultants. It is particularly committed to providing a healthy working flexible environment and encourages a work/life balance. We use the following wellbeing indicators: Physical Health, Emotional Health, Social and Financial health

Pricing

• Price: £0.15 a gigabyte
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full, unrestricted access is available upon request for 14 days

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ronald.hulme@cmsecurity.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.