Ebase Verj.io

Verj.io Cloud

Scalalable, cost-effective Cloud operating platform for Verj.io applications.

Features

• Cost-effective Cloud operation for Verj.io apps
• Scalalable performance
• Cloud to on-premises integration
• Comprehensive 24*7 support SLA
• Backup and recover service
• 1-click deployment from the Verj.io Studio
• Application database included (Oracle, Postgres, SQLServer, MariaDB, Mongo, Couch)
• Unlimited data storage
• FTP Server included
• Verj.io portal for Cloud management and administration

Benefits

• Rapid Verj.io application deployment
• Rapidly scale to meet processing demands
• Replace expensive on-premises devOps
• Control application access and security

£4,000 to £12,000 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at drawlins@ebasetech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

847708670127071

Contact

David Rawlins
07834 101751
drawlins@ebasetech.com

Service scope

• Service constraints: None
• System requirements: Verj.io service agreement required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24*7*365 operation, 1-hour maximum resonse to logged calls
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: Silver: 24*7*365, 4 hour maximum response to logged calls; Gold: 24*7*365, 1 hour maximum response to logged calls; Platinum: 24*7*365, 1 hour maximum response to logged calls, includes application fault resolution
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Comprehensive documentation and knowledgebase; Training curriculum; Resource hub for self-learning; Community forum
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The Verj.io portal provides facilities for users to extract/backup their application data to a location of their choice.
• End-of-contract process: Users may terminate their Service agreement by giving 3 months notice in advance the annual renewal date. Ebase will retain user application data for a period of 10 days following termination of Service.

Using the service

• Web browser interface: Yes
• Using the web interface: Comprehensive Verj.io Portal includes:; Deployement management; Service configuration and administration; View log and error output; Log faults; Administer local databases and FTP servers; Configure domains and SSL certificates; Performance reporting
• Web interface accessibility standard: WCAG 2.1 AAA
• Web interface accessibility testing: Routine OWASP and penetration testing
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: All applications operate within a Service Plan, which is configured with its own memory allocation, IO bandwith and private network. ; Overall Cloud processing load is automatically balanced across multiple servers.; All services are subject to a fair usage policy.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • SMS
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics:
  • Concurrent users
  • API calls made/received
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Data stored in application databases
  • Application-related files and documents
• Backup controls: Full application database are performed automatically each night.; User may also backup/extract their data via the Verj.io portal
• Datacentre setup: Multiple datacentres
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Minimum 99.99% uptime guaranteed via Service SLA.
• Approach to resilience: Multiple fail-over nodes providing load balancing, perofmance scaling and node availability. Details available on request.
• Outage reporting: Service users are notified by email.

Identity and authentication

• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Comprehensive user roles and access rights are controlled via the Verj.io portal.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SNR Certification
• ISO/IEC 27001 accreditation date: 30/7/2019
• What the ISO/IEC 27001 doesn’t cover: The ISO 27001 certification relates to he information security of providing cloud-based SaaS including development,hosting and support services in relation tothe Verj.io platform.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Ebase is ISO27001 certified.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Verj.io server software is comprehensively regression tested as part of release preparations.; Software releases are made available to users for application testing before the Verj.io Cloud is upgraded. The following schedule applies:; Landmark release: 60 days; Major release: 30 days; Maintenance release: 7 days
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Sofware vulnerabilities are continuously assessed and managed by the Verj.io development team. Threat information is accessed from a varierty of sources. Critical patches are normally resolved and deployed within 3 working days.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The Verj.io Cloud has comprehensive performance and avilability monitoring processes in operation. All incidents are reported to services users by email.
• Incident management type: Undisclosed
• Incident management approach: The Verj.io Cloud has comprehensive performance and avilability monitoring processes in operation. All incidents are reported to services users by email.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: AWS
• How shared infrastructure is kept separate: Each user environment operates within its own private network.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: The Verj.io Cloud operate with the AWS network of data centers. AWS are commited to EU Code of Conduct for Energy Efficient datacentres.

Social Value

• Fighting climate change:

  Fighting climate change

  We support Climate policies that:; ; · Achieve net GHG reductions through sustainable science and innovation practices to maintain energy affordability through improved efficiencies, while also developing solutions for low-carbon and circular economies.; ; · Engage global stakeholders from all sectors of society to encourage integration of national and regional climate and energy policies while still providing adequate flexibility to fit local, national or regional circumstances.; ; · Maximize impact by addressing the largest GHG reduction opportunities first, using the most cost-effective alternatives.; ; · Establish transparent and predictable economic incentives that facilitate the transition to a low-carbon economy.; ; · Acknowledge the role renewable and bio-based feedstocks can play in creating essential products and solutions while minimizing carbon emissions.; ; · Encourage the recovery, reuse and recycle of materials in a reduced-emissions circular economy.; ; · Support both mitigation and adaptation strategies that include life-cycle considerations.; ; · Include transparent monitoring, reporting and verification systems (MRV).; ; We agree with the principle that an economywide price on carbon is the best way to use the power of the market to achieve carbon reduction goals, in a simple, coherent and efficient manner. Markets will also spur innovation and create and preserve quality jobs in a growing low-carbon economy.
• Covid-19 recovery:

  Covid-19 recovery

  Not available
• Tackling economic inequality:

  Tackling economic inequality

  Social purpose is woven into Ebase’s fabric. From creating new businesses and new employment opportunities, to improving education and training, Ebase is committed to tackling economic inequality at root. Our overriding vision is to help lower the unequal distribution of income and opportunity between different groups in society.
• Equal opportunity:

  Equal opportunity

  Ebase operates an Equal Opportunities policy. Available on request.
• Wellbeing:

  Wellbeing

  Not available

Pricing

• Price: £4,000 to £12,000 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Service Plan free trial for 30 days.
• Link to free trial: http://portal.ver.io

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at drawlins@ebasetech.com. Tell them what format you need. It will help if you say what assistive technology you use.