M-TECH SYSTEMS LIMITED

Back-Up As A Service

Immutable server and virtual machine backup. A comprehensive and resilient data protection solution meticulously designed to cater to your unique needs. We bridge the gap between your local infrastructure and our secure ecosystem. By harmoniously integrating backup agents, we establish a fail-safe conduit from onsite environments to our repository.

Features

• Automated
• Resilient
• Hypervisor & Server Level
• Restore To Alternative Locations
• Managed
• Monitored
• Fixed Price

Benefits

• Improved security
• Highest standards of compliance
• Cost-Effective
• Policy-Based Access Improves Flexibility
• Flexible Opex Costs
• Scalable Incrementally

£45.00 to £45.00 a terabyte a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Stuart.Taylor@mtechsystems.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

834324326139447

Contact

Stuart Taylor
01323 404040
Stuart.Taylor@mtechsystems.co.uk

Service scope

• Service constraints: Planned maintenance bi-annually.
• System requirements:
  • Windows
  • Linux
  • Hyper V
  • VMware
  • Nutanix AHV

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Automated receipt confirmation and then 4 Hours response time for tickets. Response times are the same for weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Scaled SLA based on service type and severity. Service delivery management. Online access to our portal for incident/change management and reporting. 24/7 Service desk that follows ITIL methodology ; Quarterly reviews with a dedicated Service Delivery Manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide migration support services as well as online and onsite training.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Via Secure FTP or can be seeded to a client provided NAS
• End-of-contract process: At the end of the contract, M-Tech Systems delivers all documentation, data and any other IP to the client.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can make changes on the web interface, depending on their hierarchical access permissions. Change controls can be tailored to client requests.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: We have not performed any specific testing with assistive technology users.
• API: Yes
• What users can and can't do using the API: Veeam Backup Enterprise Manager exposes its objects with the Web Service API based on the REST (Representational State Transfer) framework. ; ; Veeam Backup Enterprise Manager REST API lets developers communicate with Veeam Backup Enterprise Manager to query information about Veeam Backup Enterprise Manager objects and perform basic operations with them using the HTTPS protocol and the principles of REST. ; ; Since the HTTPS protocol is very popular and widespread, REST API is platform-agnostic and can be used with practically any programming language.
• API automation tools: OpenStack
• API documentation: Yes
• API documentation formats: PDF
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: We guarantee each client the resource that is contracted. We use predictable, scalable architecture to ensure they can grow independently of other users.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics:
  • Data Protection
  • Disaster Recovery
  • Performed Activities
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Veeam

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Servers
  • Virtual Machines
  • Databases
• Backup controls: Clients can define back-up requirements
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.9% availability SLA, with refund of service charges applicable for under-performance against these targets.
• Approach to resilience: Our service is designed for resilience by using highly available architecture, connectivity, and carriers across multiple datacentres.
• Outage reporting: We report any outages via status page, email alerts & a monitoring platform.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
• Access restrictions in management interfaces and support channels: We restrict access via hierarchical channels
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: UKAS
• ISO/IEC 27001 accreditation date: 25/08/2021
• What the ISO/IEC 27001 doesn’t cover: No exclusions
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: IASME Gold

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO27001, ISO9001, Cyber Essentials Plus and IASME Gold

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We have full integrated management system which combines the requirements of ISO 9001 and ISO 27001. We have defined security policies that are rigorously managed and checked
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability management approach is based on ensuring all platforms are patched and maintained according to vendor best practice. All configuration changes are subject to strict change control and are reviewed, logged, and audited on a regular basis.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Intrusion detection from tier one vendors with analytics that is managed and monitored by our service desk and escalated via documented ISO procedures.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Pre-defined, ITIL and ISO27001 based processes are in place for common events and event management processes are followed so that incidents are automatically logged and handed over to the required technical contact for diagnosis, triage, and resolution. All incidents are included in formal quarterly service review reporting processes.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Veeam Cloud Connect
• How shared infrastructure is kept separate: M-Tech's BaaS, powered by Veeam Cloud is segregated by design and provides secure client portal access

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Through our radical fresh-air cooling system, which won us Green Data Centre of the Year in its first year of operation, and evaporative cooling systems, our PUE (Power Usage Effectiveness) regularly drops below 1.2, meaning that for every 1kW used to power equipment hosted in the data centre, we use 0.2kW of power to operate all related areas of infrastructure, such as cooling, lighting etc.

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Back-up as a Service (BaaS) in the UK can significantly enhance social value by fostering well-being in various ways. Social value refers to the broader impact of organisational activities on the community's well-being and the overall economy, environment, and social fabric.; ; 1. Data Security and Peace of Mind: BaaS offers robust data protection solutions for businesses, ensuring that critical data is safely stored and easily recoverable in the event of data loss incidents. This service reduces anxiety and stress for business owners and individuals about potential data breaches or losses, thereby improving their mental well-being.; ; 2. Employment Opportunities: The growth of the BaaS sector creates jobs, including high-skilled positions in IT, customer service, and management. Employment is a significant factor in social well-being, contributing to financial stability, personal development, and social inclusion.; ; 3. Business Continuity and Resilience: By providing reliable data backup solutions, BaaS helps businesses maintain operations during adverse situations, such as cyberattacks or natural disasters. This continuity supports the local economy and protects jobs, which are crucial for community well-being.; ; 4. Innovation and Efficiency: BaaS encourages technological adoption and innovation among its users. Companies that utilise BaaS can focus more on their core operations and innovation activities rather than worrying about data management. This leads to more efficient business processes, better services, and products that benefit society at large.; ; 5. Environmental Sustainability: By utilising cloud-based backup solutions, BaaS reduces the need for physical data storage solutions, which often consume significant energy. The shift to cloud services can lead to lower carbon footprints and reduced electronic waste, promoting environmental health and sustainability.; ; By enhancing data security, creating employment, supporting business resilience, driving innovation, and promoting environmental sustainability, BaaS providers in the UK substantially contribute to societal well-being and social value creation.

Pricing

• Price: £45.00 to £45.00 a terabyte a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 30 day limited to 1TB per month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Stuart.Taylor@mtechsystems.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.