Rocktime Ltd

Cloud Software Web Hosting

Rocktime provides a hosting infrastructure for the public sector for cloud hosting, managed server hosting, dedicated hosting. Each solution is tailored specifically to the client and the project(s) in question and can include Secure Encryption (SSL), Failover, Load Balancing with 24/7 support 365 days a year.

Features

• Cloud Hosting
• Managed Web Server Hosting
• Dedicated Web Server Hosting
• Failover Web Server Hosting
• Load Balancing Web Server Hosting
• Secure Encryption SSL
• Data Backup
• 24/7 365 days a year support
• Email/ DNS Hosting
• PCI Complaint Hosting

Benefits

• Extremely cost effective and scalable
• Fast and reliable connectivity
• Custom and flexible tailored solutions
• Effective monitoring and reporting
• Backup and Disaster Recovery
• Business Continuity Planning
• Building Resilience by Design
• Big Data and Data Management
• Adapting technology processes for agility
• Reshaping technology for digital business

£4,000 a server

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rtsales@rocktime.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

865767384744804

Contact

Alex McCreath
01202 678777
rtsales@rocktime.co.uk

Service scope

• Service constraints: All planned maintenance (infrastructure or software) is planned with a minimum of seven days’ notice for the client. Maintenance is undertaken in such a way to minimise impact to a client – e.g. performed out of hours, patch one load balanced server and then the other to prevent down time.
• System requirements:
  • IP Addresses
  • Email Hosting (on a per domain basis)
  • DNS Hosting
  • SPF and DKIM records
  • Domain Name
  • SSL Certificate

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Rocktime is committed to providing effective and timely support to the Buyer through our 24/7 online support platform, telephone and email support services during standard working hours for staff and stakeholder support. To enable the Supplier to react appropriately to incoming support issues the Supplier prioritises support work and assign resources to investigate issues within a defined timeframe (based on critical nature of issue/ support request; within the hour; same day; working week).
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Priority levels; The support types are prioritised according to potential business impact and are identified as follows:; Priority Level 1; • Critical bug fixes (errors that prevent the site from functioning); • Payment platform (errors that prevent the site from functioning); • Server Diagnosis; Priority Level 2; • Minor Bug fixes; • Validation issues; • JavaScript issues; Priority Level 3; • Simple text changes (for static content); • Graphical amendments (for static content); • Minor usability changes; • Simple programming changes; • Browser compatibility issues (for static content) for past and/or future browsers; • Minor layup alterations (for static content); Priority Level 4; • Core updates Module updates (core and control panel); • Security updates Each support issue will have a ‘ticket’ raised and the appropriate resolution/work will be scheduled within our standard work schedule and communicated to the client.; These are response times for incident notification - they are not times for incident resolution. During the process of investigation and completion of any fixes or restorations, Rocktime will keep the Buyer informed of progress and provide an estimated timeframe for the completion of the work. ; Critical updates are applied at short notice, but in full consultation with the Buyer
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Rocktime's hosting service is delivered as a 'managed service' therefore we take on all responsibility for the setup and ongoing management of the hosted environment.; Typically, a hosted environment services a Rocktime developed platform(s) therefore ongoing support is provided as part of the overall buyer Contract.; A discovery session will outline such areas as; Domain Management, DNS Management, Email Hosting with Rocktime either determining the level of Buyer capability to provide and manage such areas or a requirement for Rocktime to do so.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: As part of the Offboarding Service, Rocktime will discuss requirements for data extraction and costs associated with doing so.; Such a services forms part of the Buyer Contract for the provision of a Rocktime Web Platform and as such doesn't feature within the service provision of a Cloud Hosting Agreement.
• End-of-contract process: The Rocktime hosting environment forming part of a Buyer Contract will be remain active up until the end of the Contract term. Up to a month in advance of the termination date, Rocktime will confirm with the client the requirements for data extraction and a date and cost for undertaking the service. Additionally, Rocktime will guide (if necessary) any changes required to domain, DNS, other external service.; Upon termination and in accordance with the Web Platform Contract, Rocktime will remove from Rocktime web servers and back up servers held data within an agreed timescale.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Dedicated web server hosting utilising independent server resources.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: Dependent on necessity, Rocktime may choose to open up a dialogue with the Buyer to offer suggestions for expansion of the hosting environment based on the need for the short, medium and long-term continuity and performance of the service.

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines
  • Databases
  • Files
• Backup controls: Rocktime offers a 'managed service' for backup and recovery forming part of the Buyer Hosting Agreement.; Data Restoration / Service Migration; Verso™ is hosted using UK Cloud CoCo Data centre. Resilience within the data centre is provided using VMWare HA (High Availability). In addition, regular incremental backups of data (every 2 hours) and a VM snapshot of the servers (every 6 hours) will provide a robust DR capability.; RPO (Recovery Point Objective):; • Data failure: 2 hours; • Server failure of 12 hours.; RTO (Recovery Time Objective):; • 4 hours
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Single datacentre with multiple copies
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The Supplier warrants that supply of access to the system shall be available at a level not less than 99.9% per month - (Standard Service Level Guarantee). This excludes -; Failures of network/equipment/circuits not operated by the Company, its sub-contractors or suppliers;; Failures of circuits that are outside of the Supplier or their sub-contractors or their suppliers reasonable control;; In the event of Service suspension due to technical fault in the network or act of God or otherwise, the Supplier will use best endeavours to resume the Service with minimum delay but will not be responsible for loss suffered by the Buyer other than in accordance with this agreement or law.; The Supplier may suspend the Service from time-to-time for necessary technical reasons and network upgrades without invalidating its Service Level Guarantee provided that 1 days’ notice via email or phone call has been given to the Buyer and the period of suspension is not more than one hour. The Supplier shall at all times minimise the disruption to the Buyer and act reasonably. ; Service Credits are used to calculate the number of Service Credits due during any calendar month period as a result of non-achievement of target service levels.
• Approach to resilience: Available on Request due to sensitivity
• Outage reporting: Rocktime will communicate to the Buyer of an outage of the hosting service within the hour (of a working day) and will continue to update the client until such time as the service has been restored.; Such updates will take the form of email alerts to designated Buyer stakeholders.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Control panel utilises role based permissions, so staff and admin user functionality is defined by the users individual login permissions. Support functions are limited to named persons within the organisations who will either email or provide authentication when using telephone support
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 01/02/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Self Assessment - SAQ-D
• PCI DSS accreditation date: 25/04/2023
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Rocktime conforms to ISO 27001 & 9001 standards which require the continual monitoring and management of services provided by the company and specifically its members of staff.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Rocktime performs according to its Access Control Policy.; Availability, confidentiality and integrity are fundamental aspects of the protection of systems and information and are achieved through physical, logical and procedural controls. It is vital for the protection of systems and information authorised users who have access to Company systems and information are aware of and understand how their actions may affect security.; Availability – systems and information are physically secure and will be accessible to authorised persons when required.; Confidentiality - systems and information will only be accessible to authorised persons.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Rocktime's ISO:27001 policies and procedures support risk management to mitigate threats to its services that are continually followed as part of delivering both strategic and operational objectives.; Deployment of security patches conforms to Rocktime's Patch Management Policy available upon request.; Rocktime is supported by various 3rd party organisations (suppliers of software used by the company and industry security bodies) which are continuously monitored to identify potential threats which are then accessed to determine if they impact Rocktime and/ or Client systems managed by the company.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Rocktime approach to protective monitoring includes (but is not limited to) inspection of firewall logs, the investigation of security alerts, and monitoring of intrusion detection systems.; Any potential compromise identified is logged in accordance with ISO 27001 and referred to ICT Management whilst the compromise is investigation with appropriate action to mitigate or resolve undertaken.; Rocktime response times are in according to the level of severity of an incident.
• Incident management type: Supplier-defined controls
• Incident management approach: Rocktime performs according to ISO 27001 certification and therefore has pre-defined processes as part of logging non-conformities.; An incident record is created with a structured process of investigating, resolving and auditing the results by the ICT Management.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Resilience within the data centre is provided using VMWare HA (High Availability).

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: The policy of CloudCoCo Ltd is to attain and maintain high standards of environmental performance. CloudCoCo Ltd will ensure so far as is reasonably practicable, that we:; • Understand and comply with all necessary environment legislation and operate to the best practices of industry.; • Assess the environmental impacts of our operations. For example, from the use of Work Equipment (WE); and materials to the collection and ultimate disposal of wastes.; • Employ a consistent framework for the management of environmental issues during our operations.; • Reduce waste, conserve energy and explore opportunities to re-use and recycle.; • Endeavour to develop innovative processes that can reduce levels of environmental impact.; • Collaborate with our Suppliers and Clients to establish a greater environmental awareness.; • Remain alert and responsive to developing issues, knowledge and public concern.; • Ensure that our Employees are aware of the Environment Policy and are motivated to apply it and are given the support, information, instruction and training necessary to fulfil their duties.; • Emphasise that focus is on pollution prevention rather than abatement.; • Choose materials and resources with regard to their long-term sustainability.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Rocktime Limited aims to achieve excellence in all areas of our company with the commitment to minimising the environmental impacts of our business operations.; ; Our commitment sets out to:; • Reduce our consumption of resources and improve the efficient use of those resources.; ; • Continuously improve our environmental performance and integrate recognised environmental management best practice into our business operations.; ; • Measure and take action to reduce the carbon footprint of our business activities to meet objectives and targets. ; ; • Manage waste generated from our business operations according to the principles of reduction, re-use and recycling.; ; • Manage our business operations to prevent pollution.; ; • Give due consideration to environmental issues and energy performance in the use of our office buildings.; ; • Ensure environmental, including climate change, criteria are taken into account in the procurement of goods and services.; ; • Comply as a minimum with all relevant environmental legislation as well as other environmental requirements.; ; To meet our commitments, we will: ; ; • Set and monitor key objectives and targets for managing our environmental performance at least annually.; ; • Communicate internally and externally our environmental policy and performance on a regular basis and encourage feedback.; ; • Communicate the importance of environmental issues to our people.; ; • Work together with our people/employees, service partners, suppliers, landlords and their agents to promote improved environmental performance.; ; • Promote appropriate consideration of sustainability and environmental issues in the services we provide to our clients.; ; • Review our environmental policy regularly.

  Covid-19 recovery

  As a cloud technology company, Rocktime has been successful in implementing changes to processes and procedures to adapt to the new norm that features greater flexibility in the manner in which it conducts its business both with its staff as well as with clients. The company has actively promoted excellence through the use of technology that helps local businesses to connect and work more effectively, benefitting from collaborative working arrangements to foster positive business relationships in the local community and recovery as we exit Covid-19 and accept the current economic landscape. The company engages with local diverse market businesses to advise on the use of technology in the same manner as it does with its public sector clients with the aim to open up supply chain opportunities.

  Tackling economic inequality

  The company’s values a diverse workforce and the contribution each individual makes. We are committed to promoting inclusivity, equality and diversity in our policies, practices and procedures.; This policy applies to the company's dealings with all its people as well as others engaged by or who work with the firm including, for example, clients, job applicants and other third parties.; The company believes in treating everyone equally and with the same attention, courtesy and respect regardless of their age, disability, gender reassignment, marriage/civil partnership, pregnancy/maternity, race, religion or belief, sex and sexual orientation which is referred to within its Equality, Diversity and Inclusion Policy as the "protected characteristics".

  Equal opportunity

  The company has always believed in promoting diversity within the workplace and this forms part of its recruitment practices. Using the 5 foundational principles of quality work set out in the Good Work Plan (e.g. fair, pay, participation and progression, voice and autonomy).; Career advice with local schools offers opportunity to instil insights and confidence in potential career paths for young people whilst also providing the opportunity for a work placement.; Additionally, consideration is made for recruiting trainees and training them to perform roles whilst offering them a career path within the business or as a means to seek one elsewhere.

  Wellbeing

  The company recognises the pressures that have arisen in recent times with Covid-19 and the effects of social distancing, remote working and travel enforcements. Through constant dialogue with its team the company has sort to provide flexible working conditions whilst maintaining regular and personal engagement to reduce the impact of loneliness and isolation.; Believing in the positive nature of ‘culture’ within a company, initiatives are in place to maintain and reinforce a team mentality that aims to support individuals and foster wellbeing.

Pricing

• Price: £4,000 a server
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rtsales@rocktime.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.