RAZOR THORN SECURITY LTD

SaaS Solution - Redstor

Redstor is a disruptive SaaS technology, providing backup and recovery capability for data spanning infrastructure, cloud-native and SaaS environments. AI and machine-learning built into the fabric of the Redstor service automates repetitive tasks, while protecting against the growing risk of ransomware, making backup simpler, safer, and smarter.

Features

• AI malware scanning.
• Data tagging.
• Multiple daily backups.
• InstantData.
• RedApp.

Benefits

• Smart cloud backup, no hardware required.
• Wide coverage of data sources.
• Management through a single app.
• Quick recovery of any files on demand.
• 24/7 Support for severity 1 issues.

£7 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sophia.durham@razorthorn.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

875031487899024

Contact

Sophia Durham
+447470334993
sophia.durham@razorthorn.com

Service scope

• Service constraints: None.
• System requirements:
  • Windows
  • Mac
  • Linux

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to respond within our SLA's as documented here: https://www.redstor.com/support-and-service-level-agreement/. The response times depend on the severity. On weekends our on-call agent only deals with the highest severity issues.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Reseller is responsible for all End User assistance on technical issues such as installation and activation, setup, etc. (Tier 1 support), as well as assistance resulting from an escalation based on a need for more technical expertise based on features and functionality of the Services (Tier 2 support).; Please see our Service level agreement for more information: https://www.redstor.com/support-and-service-level-agreement/; REDSTOR will provide support upon escalation from Tier 2 where the Reseller requires deeper technical or product assistance to resolve an End User issue (Tier 3 Support). Typically support is provided to Reseller, although may be provided directly to End User upon request.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training and user documentation.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The customer has the option whilst in contract to perform recoveries of their data using the service (restore functionality) to fulfil such requirements.
• End-of-contract process: Data protected using Redstor pertaining to a given customer will be deleted at the end of contract without undue delay. ; Our standard process at end of contract once the termination period has been observed is to provide the customer with 24hrs notice that their data will be deleted subject to a final confirmation from the customer after that 24hour period has elapsed. This is known as the “cooling off” period.

Using the service

• Web browser interface: Yes
• Using the web interface: N/A
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: N/A
• Web interface accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Get My Company Details; Get Specific Company Details; List Customers; List Customers (Transitive); Search Customers; Create Customer; Disable Customer; Enable Customer; Delete Company; Reassign Customer; List Users; List Available Products; Get Specific Product Details; List Company Subscriptions; Create Subscription; Delete Subscription; Create Trial Subscription; Convert Trial Subscription; Get Company Backup Statuses; Get Customers Backup Statuses; Get Accounts Backup Statuses; Get Backup Status Summary; Get Company Restore Statuses; Get Customers Restore Statuses; Get Accounts Restore Statuses; Get Restore Status Summary; Get Consumption Summary; Get Company Consumption Details; Get Customers Consumption Details (Direct); Get Customers Consumption Details (Transitive)
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
• Using the command line interface: Display the Agent version, brand ID and Java version.; Initiate a backup from the command-line (from v18.9).; Configure the Full System Backup feature (from v20.5).; Check for updates.; Create a new Account.; Display current Account details.; Configure remote access.; Show current remote access configuration.; Reconnect the current Agent to an existing Account. From v18.9, also restores the workspace (See example below.).; Restore workspace Set to "true" will restore, set to "false" will skip the restore.; JSON file containing responses to prompts.; Quiet option. Used in conjunction with -r when you want to fail on missing values instead of prompting the user. Useful when invoking cli from a non-interactive script.; Show additional command-line arguments -h.; Increase verbosity.

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Our infrastructure team monitor our networks from a security and performance perspective using network analysis tools. Our application monitors and tracks data flows across our facilities. Our application and platform team monitor telemetry to ensure the platform is operating optimally.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Redstor

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Data is stored within the Redstor cloud environment in its encrypted form (AES-256). The data maintains end to end encryption throughout its journey from the customer environment to the Redstor cloud environment.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Server and Endpoint.
  • M365.
  • GWS.
  • Azure Kubernetes Service.
  • Azure VM.
  • Salesforce.
  • Xero.
  • Quickbooks.
• Backup controls: Users can deploy products, set backup selections and schedules.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Through segregation of networks (DMZs).

Availability and resilience

• Guaranteed availability: REDSTOR will use reasonable endeavours to ensure that the Services are available (“Services Availability”) at a minimum of 99.5% per month. In calculating availability no account shall be taken of time the Services is unavailable due to any installation work or due to any maintenance in relation to the Services.
• Approach to resilience: The systems feature redundant components to help ensure high availability and continuity of service. Redstor maintains two UK data centres, Equinix, Slough, UK (Primary site) and Amito, Reading, UK (Secondary site). If a hardware component fails, or a site becomes unavailable Redstor can achieve continuity of service via its secondary site as Redstor maintains two copies of customer data. Both UK data centres utilised by Redstor feature redundant connectivity, power, UPS, backup generators, fire suppression, multiple layers of access control and physical security.
• Outage reporting: We make notifications on our Support portal regarding outages. In order to provide more effective communication to our partners and customers, we have introduced a Service Status board on our Support Portal. This is where we will post details about outages or issues that may affect the performance of Redstor's software, as well as important announcements. https://support.redstor.com/hc/en-gb/articles/8005064284829-Stay-up-to-date-by-following-our-Service-Status-board

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: SSO.
• Access restrictions in management interfaces and support channels: The Redstor service is accessible through the RedApp web portal. Each staff member can be granted access to securely access the environment. Through the use of UAM (User Access Management) it is only possible to have access to the environment you have been granted access to. You can use the RedApp to create and manage users for your own organisation and for partner/customer organisations. A user can be assigned customised and permissions. User access to the RedApp, as well as certain data-related actions, are secured with two-factor authentication (2FA).
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: SSO.
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau.
• ISO/IEC 27001 accreditation date: 12/02/2024
• What the ISO/IEC 27001 doesn’t cover: From the Statement of Applicability on calibration is not covered as it not applicable to Redstor.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • HIPPA
  • SOC 2 - Type One
  • SOC 2 - Type Two

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Redstor maintains a number of information security policies including but not limited to:; * Acceptable Use Policy; * Access Control Policy; * Anti-Bribery and Corruption Policy; * Asset Management Policy; * Audit and Logging Policy; * Back up Policy; * Bring Your Own Device Policy; * Capacity and Storage Management Policy; * Change Management Policy; * Clean Desk and Clear Screen Policy; * Communications Policy; * Corporate Social and Responsibility Policy; * Data Protection Policy; * Document and Data Control Policy; * Email Acceptable Usage Policy; * Encryption Policy; * Exchange of Information Policy; * Forensic Readiness Policy; * HIPAA Breach Notification Policy and Procedure; * Information classification Policy; * Information Security Incident Policy; * Internet Acceptable Usage Policy; * Lifecycle of Employment Policy; * Logging and Auditing Policy; * Malware Protection Policy; * Management of Technical Vulnerabilities Policy; * Management Review Policy; * Mobile Equipment Policy; * Network Management Policy; * Password Policy; * Physical Security Policy; * Remote Working Policy; * Secure Disposal Policy; * Secure System Development Policy; * Security Breach Disciplinary Policy; * Social Media Policy; * Supplier Control Policy; * Transportation of Media Policy; * Visitors Policy; * Work Environment Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Redstor maintains a Change Management Policy. Change management helps ensure and protect our customers’ data. By carefully considering and assessing changes within Redstor it is possible to identify changes that have an impact on customer data directly or indirectly. Changes are managed as per the policy and consider a risk analysis of the proposed change(s). Changes are reviewed prior to being accepted. Changes are reviewed having been implemented. Any items or stakeholders associated with change, such as related documentation, will be updated in the case of personnel, will be communicated with. Further information regarding change management can be provided.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Redstor conducts monthly vulnerability and penetration tests, overseen by a CREST-approved third party, to minimise data breach risks. Security by design measures are implemented to comply with data protection laws and protect individuals' rights. To address availability and data loss concerns, Redstor maintains two offsite customer data copies in primary and secondary data centers, equipped with redundancy across infrastructure stacks. All systems, including internal and public production services, are patched monthly per information security compliance requirements. Critical updates are prioritised for immediate application, ensuring continuous protection of Redstor's systems and data in accordance with industry standards.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Redstor uses a number of monitoring tools to monitor, detect, alert and respond to potential compromises. This feeds into our incident response policy. See incident management approach.
• Incident management type: Supplier-defined controls
• Incident management approach: Redstor maintains and Information Security Incident Policy detailing how security incidents are categorised, the reporting mechanisms and the actions to be taken should an event occur.; ; In order to effectively maintain the confidentiality, integrity and availability of information assets within Redstor security incidents are identified and handled in a timely and effective manner, as per the Improvement Process; All staff are required to remain vigilant , required to report near misses to the security team and are required to follow processes at all times.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: N/A

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  "Razorthorn is dedicated to combating climate change and has set a bold target of achieving Net Zero emissions by 2025. To fulfil this commitment, we prioritise tangible reductions in emissions through collaborative efforts with key suppliers and empowering our team to make climate-conscious travel decisions.; ; As a socially responsible business, Razorthorn upholds the highest standards of ethics and professionalism. Our efforts fall into two main categories: compliance and proactiveness. Compliance entails adhering to legal obligations and community values, while proactiveness involves initiatives to promote human rights, support communities, and safeguard the environment.; In addition to meeting legal requirements, we actively engage in environmental protection initiatives such as recycling, energy conservation, and adoption of eco-friendly technologies. We are in the process of aligning our operations with ISO 14001 standards for Environmental Management to continually improve our environmental performance.; Razorthorn is committed to delivering further environmental benefits, including striving towards net zero greenhouse gas emissions, as part of our ongoing contract performance."

  Covid-19 recovery

  Razorthorn's mission is to enhance workplace conditions for COVID-19 recovery, emphasising social distancing, remote work, and sustainable travel. Our G Cloud 14 services aid organisations in managing and rebounding from COVID-19 impacts, promoting remote service delivery to mitigate transmission risks. We support remote work and enforce social distancing in offices, with travel following the most recent COVID-19 guidelines.

  Tackling economic inequality

  Razorthorn actively tackles economic inequality by strengthening supply chains and managing cyber security risks in contracts. We promote innovation in supply chains for cost-effective, high-quality goods. Our social responsibility drives us to support local charities, nurture future security professionals, and address regional inequality through inclusive recruitment and skill development initiatives.

  Equal opportunity

  Razorthorn is dedicated to detecting, managing, and mitigating modern slavery risks within contract delivery and supply chains. We actively combat employment, skills, and pay disparities within our workforce. Our firm adheres to rigorous 'Equal Opportunity' and 'Equality and Diversity' policies, ensuring fair treatment across all engagements.

  Wellbeing

  Razorthorn is deeply committed to safeguarding and promoting the physical and mental health and well-being of our workforce. Our support begins with the initial recruitment process and extends throughout every working day within the organisation. For team members facing challenges such as disabilities, mental health conditions, or caring responsibilities, we have an established network that offers a supportive environment to connect with peers, seek advice, and share experiences.

Pricing

• Price: £7 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Ask Razorthorn for more information.
• Link to free trial: Ask Razorthorn for more information.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sophia.durham@razorthorn.com. Tell them what format you need. It will help if you say what assistive technology you use.