simoda Ltd

Wasabi Hot Cloud Storage: Compliant, High Performing, Cost Effective Data Storage

Wasabi Hot Cloud Storage, cost-effective, secure cloud object storage. Offering single-tier of high-performance storage, simplifying management, eliminating multiple tiers. Suitable for various applications; active archives, remote backups, hybrid-cloud storage, providing transparent, predictable pricing. No hidden egress/API request fees. Ensures data security with data centre redundancy, bucket replication, adjustable immutability.

Features

• No egress charges
• No charges for API calls
• Fixed costs
• Single storage tier
• Highly secure, low latency
• Single, fast & affordable

Benefits

• No egress charges
• Ability to make data immutable
• Ability to cross charge departments with Wasabi Account Control Software
• Adheres to industry compliance standards
• Supports companies sustainability goals and objectives

£4.42 to £5.10 a terabyte a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@simoda.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

818487239051997

Contact

David Cook
0114 553 3600
publicsector@simoda.co.uk

Service scope

• Service constraints: None
• System requirements: N/A. Wasabi is cloud object storage IaaS

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Wasabi offers a support matrix depending on the severity of the incoming ticket. Severity 1 incidents will be responded to within 15 minutes. Severity 2 within 30 minutes, severity 3 within 4 hours and severity 4 within 10 business days. All severities have a sliding scale of resolution times.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: Wasabi offers Basic (free) & Premium (paid) support plans as shown below:; • Basic Support: Business day support via email only; • Premium Support hours = 7 x 24 x 365 via email & phone. Premium support is 7% of the purchase price for Reserved Capacity Storage customers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: N/a
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At the end of a contract, stored data will be available for 30 days, with the ability to extend if necessary. This will enable the customer to either retrieve their data or renew their contract without service interruption. Users will usually extract their data via the same application they used to push data to Wasabi.
• End-of-contract process: Pursuant to section 1.5 Your Content, of the Customer Agreement, Your Content' means content that you or any Authorized User transfers to us for storage or hosting by the Wasabi Service in connection with your Customer Account. Your Content does not include your Customer Account information. You will ensure that Your Content does not violate any terms of this Agreement, the Documentation, or any applicable law. You are solely responsible for the development, content, operation, maintenance, and use of Your Content. You represent and warrant to us that: (a) you or your licensors own all right, title, and interest in and to Your Content and Feedback; (b) you have all rights in Your Content and Feedback necessary to grant the rights contemplated by this Agreement.; ; At the end of a contract, stored data will be available for 30 days, with the ability to extend if necessary. This will enable the customer to either retrieve their data or renew their contract without service interruption.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can create/edit/delete buckets, users, groups and policies using the Wasabi web console.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Wasabi provides 3 distinct APIs:; • Wasabi S3 API - Wasabi’s object storage service is built to be 100% bit-compatible with the Amazon Web Services’ Simple Storage Service (AWS S3) and Identity and Access Management (AWS IAM) APIs. ; • Wasabi Account Control API - At a high level, WACA allows for the following functions:; o Create a new sub-account that is linked to the Wasabi Control Account; o Generate AWS key sets for sub-accounts; o Manage sub-account trial parameters, such as extending the sub-account trial period and change subaccount trial quotas; o Convert a sub-account trial period into a full (paying) account; o Query utilization of sub-accounts both at the summary account level and bucket level; o Query invoices of sub-accounts; o Delete sub-accounts; o Manage account “profile” information, such as email address; • WACM Connect API - At a high level, the WACM Connect allows for the following functions:; o Query utilization of sub-accounts at the account level and bucket level; o Query invoices of sub-accounts; o Query current utilization of control accounts; o Filter the responses with a wide range of parameters
• API automation tools:
  • Ansible
  • Terraform
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Customer data is encrypted on upload and can only be access by authorized customer users with valid access keys. Customers are responsible for creating and managing their users and access keys, as Wasabi is not able to access the customer account to configure these settings. Please refer to: THE SERVICE DEFINITION DOCUMENT; ; https://docs.wasabi.com/docs/access-keys-1; https://docs.wasabi.com/docs/users-1"
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics:
  • Storage consumption (active and deleted) utilisation
  • API calls
  • Utilisation
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Wasabi

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.999999999% data durability
• Approach to resilience: Wasabi provides 11 9's of data durability. Please see the attached "data durability" whitepaper. Other information can be made available on request.
• Outage reporting: A realtime dashboard is available on the Wasabi website

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Wasabi is a cloud storage IaaS. User authentication is the same across the platform.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Please refer to provided "All Wasabi Policy Summaries.ZIP" for all information regarding Wasabi's Security Policy.; ; Service definition document
• Information security policies and processes: Authentication is managed using Okta and 2-Factor Authentication.; No access to the customer’s network is required.; Application access is managed by the customer’s local administrator/root user in the Wasabi Console.; Wasabi is unable to access the customer’s account.; Third party compliance and regulatory notices undertaken following the steps below@; Evidence Request Phase; Evidence Gathering Phase; Evidence Validation Phase; Report Phase – Draft; Report Phase – Final; Internal Risk Assessments carried out at least annually by a third-party; Documented formal risk management program.; Integrity and availability monitoring of hosting environments.; All security controls are reviewed annually.; In a litigation event, all disposal of documents is suspended and placed in “Litigation Hold”.; Customer data is retained so long as the account remains active and in good standing.; Customer data cannot be retrieved once the account is terminated or expired.; Customer data requires destruction is sanitized as per the current version of NIST Special Publication 800-88.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Maintenance is undertaken as needed and transparent to customers. Customer will be notified if there is an outage.; Customers can monitor service status online and can subscribe to a service update notification service.; Wasabi uses JIRA for change management with GitHub integration to manage the SDLC.; Quality Assurance is based on industry best practices.; QA process includes functional testing, regression testing and manages the defect process throughout the lifecycle.; Separate development and production environments are maintained.; Only DevOps can deploy software to Wasabi’s production servers
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Wasabi maintains a continuous version releases, which are completed without interruption to customers.; established procedures for the identification, response, reporting, assessment, and follow-up of suspected or various actual security incidents that meets the requirements of the HIPAA Security Rule, HITECH provisions of American Recovery and Reinvestment Act (“ARRA”) FBI CJIS Security Policy, and process recommended by NIST and SANS.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Wasabi utilizes Carbon Black as its EDR/AV, which is continuously monitored and action is taken when there is an update. Furthermore, Wasabi has implemented a process where upon stakeholders are notified via, text, email or Slack in the event of unauthorized access. At which point action is taken to block said IP from unauthorized access.
• Incident management type: Supplier-defined controls
• Incident management approach: Anyone outside the of the Wasabi IT department contact the 24/7 emergency number to reach wasabi support.; Support representatives notify wasabi network administrators and log the call. Management, HIPPAA Security Office and/or Privacy Office are also informed.; If the event is a security incident, the Cybersecurity Response Team (CIRT) is activated.; Through incident documentation is maintained.; CIRT members recommend changes, that are implemented upon approval.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Wasabi is colocated in Equinix facilities in Europe. Equinix is committed to leading the way regarding the EU Code of Conduct for Energy Efficient datacentres. More info can be found here: https://www.equinix.co.uk/data-centers/design/standards-compliance

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At Simoda, we are deeply committed to the Social Value objective of combating climate change. Simoda, an SME, is committed to fighting climate change and achieving Net Zero by 2040. We work with green IT solution providers like HPE and promote energy-efficient hardware, virtualisation, and renewable energy in data centres https://www.hpe.com/uk/en/living-progress/sustainable-it.html. We believe that every action, no matter how small, contributes to a larger impact. ; ; Our sustainability strategy includes establishing a baseline of our greenhouse gas emissions (5.49 metric tonnes for Scope 1 and 2.90 metric tonnes for Scope 2) and pursuing reduction strategies. We’re actively pursuing reduction strategies around travel and energy usage and leveraging analytics, technology, and AI to drive our operations towards our Net Zero target. We’re preparing to submit our emissions data and targets to the SME Climate Hub. Our overall emissions, which include partly gathered Scope 3 emissions that we’ve managed to calculate using available data, equate to 11.81 metric tonnes of CO2 annually. ; ; Our Sustainability Strategy can be requested. ; ; Offsetting Carbon Footprint: At Simoda, we have pledged to plant a tree for every new customer and employee as part of our carbon offset initiative, in partnership with Evertreen: Home - Evertreen We will be announcing this in May 2024. This initiative not only offsets our carbon emissions but also supports biodiversity and helps restore natural habitats across countries that have suffered from many years of deforestation and destruction. ; ; Landfill Waste Reduction: Simoda has implemented an effective office recycling scheme that plays a crucial role in our waste management on and off-side. Our team receive recycling training and we have appointed a recycling champion.

  Covid-19 recovery

  Simoda is supporting Covid-19 recovery by providing robust IT solutions that enable remote working, thereby helping businesses maintain continuity during and after the pandemic. They can also offer cloud services and cybersecurity solutions to ensure secure and efficient remote operations. ; ; Simoda Limited played a crucial role in supporting local Covid-19 recovery efforts, particularly in South Yorkshire’s NHS Clinical Commissioning Groups (CCGs) Nightingale Centre. Here’s how we contributed: ; ; Rapid Deployment of network services, routers and switches as part of the IT Infrastructure: Simoda responded swiftly to the urgent need for IT infrastructure in the newly established Covid-19 test centres. We provided the necessary connectivity and networking solutions, enabling these centres to become operational in a short space of time. This rapid deployment was critical in the early stages of the pandemic when testing was paramount. ; ; Customised IT Solutions: Understanding that each test centre had unique requirements, Simoda offered customised IT solutions. This included setting up secure and reliable internet connections, installing necessary hardware such as switches and routers. ; ; Technical Support and Maintenance: Beyond the initial setup, Simoda offered ongoing technical support and maintenance to ensure the smooth operation of these test centres. ; ; Impact: The impact of Simoda’s support was significant. The test centres were able to operate efficiently and effectively, contributing to the region’s Covid-19 recovery efforts. ; ; Simoda continues to support businesses, charities and the public sector with essential IT infrastructure and consultancy services, working with partners to ensure the best prices are achieved and projects can be delivered within required turnaround times.

  Tackling economic inequality

  Simoda is actively addressing economic inequality by fostering a diverse supply chain that includes SMEs, VCSEs, and charities. We are committed to providing affordable IT solutions to SMEs, thereby supporting their growth. We have also donated spare laptops and equipment to those in need. ; ; We are creating local employment opportunities and offering apprenticeships or internships to individuals from diverse and low socioeconomic backgrounds. Our commitment to social value is particularly focused on the South Yorkshire region, where our office is based. This is in response to the South Yorkshire Combined Authority’s report that identified Sheffield’s unemployment rate as 7.5%, approximately double the national average. https://www.southyorkshire-ca.gov.uk/SheffieldCityRegion/media/PDF-library/KADA-South-Yorkshire-Skills-and-Employment-Evidence-Base-v1-1-(002)-(2).pdf ; ; We are also aware of the significant increase in the number of Trussel Trust food parcels distributed in South Yorkshire between 2018-2019 and 2022-2023. In response, our team commits to an annual Christmas Foodbank appeal. We purchase items most needed and encourage our employees, suppliers and local businesses to contribute. ; ; At Simoda, we have a stringent anti-slavery statement in place. Despite being under the £36m threshold, we believe it is crucial to ensure our supply chain is free from slavery practices and human trafficking. https://www.simoda.co.uk/_files/ugd/d0d92b_503430dcd27641a7b98e7e08d14a35f2.pdf ; ; We are collaborating with local apprenticeship providers such as Baltic Apprenticeships and hosted our annual apprenticeship open day in March 2024. From this, we selected one full-time employee as an IT Support Technician and plan to recruit others throughout the year. ; ; We have established strong relationships with educational providers such as Sheffield Hallam University and Sheffield College. These collaborations enable us to tap into a pool of talented individuals. ; ; We are committed to creating job opportunities that are accessible to everyone, regardless of their socio-economic background. All our staff receive training and development appropriate to their skill level and role.

  Equal opportunity

  At Simoda, we are committed to promoting equality and diversity in our workforce. We have implemented policies to ensure equal opportunities in employment, skills development, and pay. We have updated our Equality, Diversity and Inclusion policy, which can be provided on request. Our recruitment strategy is designed to attract a diverse range of candidates, including those from disadvantaged or minority groups. We also provide regular training and development opportunities to all our employees, enabling them to acquire new skills relevant to their roles and progress within the company. ; ; We understand the importance of in-work progression and are committed to helping our employees, including those from disadvantaged or minority groups, move into higher paid work. We do this by providing them with opportunities to develop new skills relevant to their contracts. We offer a variety of training programs and workshops, and we encourage our employees to take advantage of these opportunities to enhance their skills and advance their careers. ; ; In terms of managing the risks of slavery, we have a stringent anti-slavery policy in place. We are proactive in identifying and managing any risks associated with slavery and human trafficking in our supply chain. We have started to conduct audits of our suppliers to ensure they adhere to our anti-slavery policy and take immediate action if any non-compliance is identified. We believe that it is our responsibility to ensure that our business operations are free from slavery practices, and we are committed to doing everything we can to achieve this. ; ; We are dedicated to promoting social value through our commitment to equality, diversity, and ethical business practices. We believe that by doing so, we can make a positive impact on our employees, our supply chain, and the wider community.

  Wellbeing

  At Simoda, we place a high value on the well-being of our staff. We believe that a happy and healthy workforce is key to our success. We have implemented a range of initiatives to support our staff’s well-being. ; ; We ensure that all staff are paid above the minimum wage and have flexible working arrangements to accommodate their personal needs, including flexibility for parents and school runs. We also hold weekly “Thoughts and Feelings” sessions where staff can share their experiences and discuss what went well or not so well during the week. This proves vital in sharing issues and successes across the team so that everyone feels involved and positive for the next week ahead. ; ; To promote work-life balance, we organise social events such as nights out for functional teams and trips, such as golf days, which are enjoyed by all. We also have a mental health first-aider available to provide support to staff when needed. ; ; In addition, we have introduced an initiative called “Fitness Truck”. Every Wednesday, staff have the opportunity to participate in a physical well-being and fitness training session. This initiative has proven to be highly beneficial in improving staff productivity and positivity. ; ; We also provide user-friendly IT solutions that reduce stress and improve the user experience. We make any necessary adjustments for home working, such as providing blue screens, to ensure our staff can work comfortably and efficiently. ; ; Through these initiatives, Simoda is committed to creating a supportive and positive work environment that prioritises the well-being of our staff. We believe that by investing in our staff’s well-being, we can foster a more productive and positive workplace.

Pricing

• Price: £4.42 to £5.10 a terabyte a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Wasabi offers a 1TB 30 day no obligation free trial. The Trial gives access to the full functionality of the service
• Link to free trial: https://billing-service.wasabisys.com/CommunitiesSelfReg?pid=WOS

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@simoda.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.