KERV DIGITAL LIMITED

Microsoft Azure Cloud Hosting - Fully Managed and Hybrid Support

Microsoft Azure Cloud services provided by an accredited Microsoft Solutions, ISO compliant Partner. Options include full Azure portfolio, configuration, customisation, development, data migration, AI implementation and live-operations/TSS. We support discovery activities, business architecture, governance set-up, DevOps/SecOps tooling, service design, experience research/design, technical architecture, predictive science and all related services.

Features

• Flexible Infrastructure-as-a-service (IaaS) supported by an Award Winning DevOps Team
• UK based hosting available
• Create geographically resilient architectures
• Build automatically scaling infrastructures that are response to user demand
• Azure templates provide easy deployment of OFFICIAL-SENSITIVE capable infrastructure
• Easy integration with existing Active Directory security services
• Connect Azure VMs D365, Office 365, Azure serverless and more
• Extensive catalogue of security controls including SIEM
• Deliver ADO connected infrastructure build tools for automated environment progression
• Complete end-to-end infrastructure from discovery to production deployment

Benefits

• Maximise value and ROI, through opex-based infrastructure deployment
• Microsoft’s security management and operations protect Azure cloud services
• Easily implement digital solutions replacing physical, or virtual on-premise infrastructure
• Build unique, optimised, full-stack application experiences, including web access
• Reduce manual effort and improve efficiency with automated scaling
• Manage huge datasets and improve results using data-based decision making
• Connect multiple Azure services through a single management user interface
• Gain knowledge transfer to empower teams to directly utilise Azure
• Get exactly what’s needed through an agile, open design, approach
• Solution certainty through our deep technical experience in the platform

£0.01 a virtual machine an hour

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@kerv.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

880896563197107

Contact

Mike Wrout
01212815309
frameworks@kerv.com

Service scope

• Service constraints: Please review the service description for relevant service constraints, and https://docs.microsoft.com/en-gb/azure/ to determine applicable technical constraints.
• System requirements: See https://docs.microsoft.com/en-gb/azure/

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1: Critical - Response Time: 2hr ; ; P2: Major - Response Time: 4hr ; ; P3: Important - Response Time: 8hr ; ; P4: Minor - Response Time: Varies on request
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Our third party chat platform experience meets disability accessibility requirements and follows stringent industry standards, including ADA and WCAG 2.0 AA compliance. This applies to the Engagement Window, engagements and surveys for both the desktop and mobile web (iOS and Android). Detailed documentation can be found here: https://support.liveassistfor365.com/hc/en-us/articles/360006117234-Creating-Accessible-Engagements
• Onsite support: Yes, at extra cost
• Support levels: Kerv offers predefined support packages & governance services with a range of services scope and coverage hours. Services scope provides options including: ; ; Platform Support ; ; Continuous Improvement ; ; Technical Design Authority ; ; Service Management Services ; ; In addition to our packaged support services (which cover core service disciplines such as Incident, Problem and Continuous Service Improvement), Kerv Service Management Services enable integration between Kerv operations and Buyer’s service organisation e.g. Change Management, Release & Deployment Management etc. ; ; Incident Management service levels: ; ; Core (9am – 5pm), Core+ (8am–6pm), Extended (6am–10pm) with 24/7 available. ; ; Incidents are classified as P1 (Production System Down), P2 (Production System Impaired), P3 (System Impaired), P4 (General Guidance & Service Requests) with associated SLA’s for response times. Response times are as follows: ; ; P1: 1 Hour Response ; ; P2: 2 Hour Response ; ; P3: 4 Hour Response ; ; P4: 2 Day Response ; ; Support is provided directly via a team of dedicated DevSecOps engineers Technical support options come in various costs, depending on the needs of the Buyer.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We will send some questions to enable our DevOps engineers, to prepare and schedule your services for delivery. Our engineer(s) will identify other any specific requirements for you as part of the on-boarding process for the type of service (s) being purchased. All relevant technical documentation will be provided (technical diagrams, licence plans etc) at service delivery time, and we can provide on-site or remote training as required. For more information please read the Service Definition document and refer to https://azure.microsoft.com/en-us/resources/ plus comprehensive online documentation for more information about Azure services we deliver through the Microsoft Cloud.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Customers are able to remove their data at any time through the same means they uploaded. Either over their network (internet or express route) or via the Azure Import/Export services. Also see https://www.microsoft.com/en-us/trustcenter/privacy
• End-of-contract process: Please see https://www.microsoft.com/en-us/trustcenter/privacy/you-own-your-data. Microsoft's Online Services Terms commit to specific processes when a customer leaves a cloud service or the subscription expires. This includes deleting customer data from systems under our control. If you terminate a cloud subscription or it expires (except for free trials), Microsoft will store your customer data in a limited-function account for 90 days (the “retention period”) to give you time to extract the data or renew your subscription. During this period, Microsoft provides multiple notices so you will be forewarned of the upcoming deletion of data. After this 90-day retention period, Microsoft will disable the account and delete the customer data, including any cached or backup copies. For in-scope services, that deletion will occur within 90 days after the end of the retention period. (In-scope services are defined in the Data Processing Terms section of our Online Services Terms.) ; ; See:http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=13655

Using the service

• Web browser interface: Yes
• Using the web interface: Manage and deploy services via the Azure Portal. See https://azure.microsoft.com/en-gb/
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: See https://www.microsoft.com/en-us/accessibility/
• API: Yes
• What users can and can't do using the API: Users are able to utilise the Azure API Management service to create their own APIs for the solutions they deploy on to the platform. Additionally, Azure Service Management API which provides programmatic access to much of the functionality available through the Management Portal. Available here https://msdn.microsoft.com/en-us/library/azure/ee460799.aspx
• API automation tools:
  • Ansible
  • Chef
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Azure CLI 2.0 is optimized for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager. See https://docs.microsoft.com/en-us/cli/azure/install-azure-cli

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Azure represents a hyper-scale public cloud service.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: See https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest and https://docs.microsoft.com/en-us/azure/storage/storage-service-encryption
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Under user control
• Backup controls: The service automatically creates full backups, differential backups and transaction log backups. Full database backups are created weekly, and differential database backups are generally created every 12 hours. Transaction log backups are generally created every 5 to 10 minutes. The exact timing of all database backups is determined by SQL Database or SQL Managed Instance as it balances the overall system workload. You can't change or disable the backup jobs.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: For data in transit, Azure uses industry-standard secure transport protocols, such as TLS/SSL, between user devices and Microsoft datacenters. You can enable encryption for traffic between your own virtual machines (VMs) and your users. With Azure Virtual Networks, you can use the industry-standard IPsec protocol to encrypt traffic between your corporate VPN gateway and Azure as well as between the VMs located on your Virtual Network.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: ACL Based Network Security Groups are also used. See https://azure.microsoft.com/en-us/blog/network-security-groups/

Availability and resilience

• Guaranteed availability: See Microsoft's Online Service Terms at http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=13655
• Approach to resilience: Please see https://www.microsoft.com/en-us/cloud-platform/global-datacenters and https://www.microsoft.com/en-us/TrustCenter/
• Outage reporting: Please see https://azure.microsoft.com/en-us/status/ and https://portal.azure.com/#blade/HubsExtension/ServicesHealthBlade

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Customer identity and access management will depend on customer licencing and policy. All Kerv users are strongly authenticated during any management or support channel interaction. Authentication occurs within AAD utilising a principle of least privilege across the organisation. Users are separated into logical groups with groups having associated permissions. All support requests are authenticated to ensure they are the correct user and originate from a user who can authorise any change. Robust granular role and user based permissions are implemented using Active Directory. Senior Administrators are forced to use 2 factor authentication at all times.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 19/10/2021
• What the ISO/IEC 27001 doesn’t cover: All cloudThing (Kerv Digital) services and locations are within the scope of our certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Kerv is committed to pursuing excellence while delivering services within the secure Microsoft Azure environment, protecting our customers and our own information assets and continually improving information security within our organisation to minimise exposure to risks. In addition to the array of certifications held by Microsoft, we have implemented all required policies and processes in-line with ISO 27001:2017 such as personnel vetting, maintenance of asset registers, business risk register, implementation of Information Classification Scheme, clearly defined Access Control Policy, Secure System Engineering Policy, Acceptable Use Policy, BYOD Policy, Information Transfer, Data Security, etc. to support our Information Management System. All information security policies are available on our internal governance site, which is controlled and accessed with log-in credentials. Policies are approved using an approval workflow on SharePoint by the nominated individuals and all information security policies are approved by the Information Security Officer. All new policies, changes and updates are communicated to staff via company newsletter and where required through email and supporting training.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Kerv uses ISO 27001 certified processes to track changes to the Azure cloud using Visual Studio Team System and Microsoft Azure DevOps. User 'story' requirements are tracked through a controlled workflow to completion using an agile methodology. Code changes are submitted through strict version control that includes peer review by Solution Architects. Security & Privacy by design are core principles adhered to and reviewed as part of our development process. Any changes planned to production environments are documented/reviewed by the change control management team on a bi-weekly basis to minimise customer risk. Production-releases are restricted to Kerv DevOps engineers.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We utilise best practice tools provided by Microsoft Azure, with tailored configurations to client requirements. P1 vulnerabilities are patched immediately or within 2 hours. We provide wrapping additional services to out of the box Azure services, including customised reporting, additional security monitoring types & auditing, and custom SLA’s. We are Cyber Essentials Plus, ISO:9001/27001 compliant.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We utilise best practice tools provided by Microsoft Azure, with tailored configurations to client requirements. P1 vulnerabilities are patched immediately or within 2 hours. We provide wrapping additional services to out of the box azure services, including customised reporting, additional security monitoring types & auditing, and custom SLA’s. We are Cyber Essentials Plus, ISO:9001/27001 compliant.
• Incident management type: Supplier-defined controls
• Incident management approach: Kerv has a predefined process for incident management, to ensure all incidents identified within our network are assessed and addressed. All users are instructed to report any security event, incident, security or data breach etc to our support team. The requests sent to our support team are recorded using a case-management system. All incidents are reviewed by our Incident Manager to take appropriate actions and issue incident report for all major incidents. These reports are then reviewed by the relevant forum to take any preventative measures or close the incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: Please see https://www.microsoft.com/en-us/TrustCenter/Security/default.aspx

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: UK Government solutions are hosted in UK or EU datacentres. Microsoft achieved carbon neutrality in 2012 and averages 1.125 power usage effectiveness (PUE) for any new data centre.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Kerv Digital will identify opportunities to remove/reduce environmental impacts through the contract. Initially, we conduct discoveries, either as pre-sales or as part of detailed analysis/design work, during which we look at ways of incorporating energy efficiencies by: • Designing low-carbon cloud-first services by migrating away from energy inefficient on-premise services. • Designing energy efficient services (e.g. Remote Network Testing systems) for clients with measurable carbon reductions e.g. eliminating hardware, paper, printing toners and printers. • Plan and agree energy efficient ways of working e.g. reducing the need for onsite meetings through collaboration tools. These measures are captured in the solution design and project plans and reviewed with clients through project governance. Through our Environmental policy and management system, we review operational activities to ensure compliance with legislation and identify opportunities to reduce emissions, waste, pollution and promote energy efficiency. This is reviewed bi-weekly. Our Carbon Reduction Plan details our objectives and associated actions over the next 5 years.

  Covid-19 recovery

  Kerv did not furlough any staff during the crisis and have continued to recruit throughout. We’re actively looking at ways to support the recovery through adaptation of existing practices and introduction of new ones, such as applying for the Government Kickstart programme via a Kickstart Gateway and supporting the employment of veterans of the British Armed Forces as we have committed to do for other frameworks and partnerships. ; ; To support re-employment, Kerv will work with Buyers to understand local and national priorities. Where appropriate Kerv will support practices that identify recruitment and training opportunities, prioritising those that had become unemployed as a result of the crisis and re-training where appropriate. This may include the extension of our Academy Programme in India which supports the recruitment and training of staff who do not possess the specific skills required for the delivery of our services, This has supported over 60 staff entering the business and undertaking 6 months of training, supporting our wider Continuous Professional Development (CPD) company programme. ; ; Where possible, we will support developing supply chains in areas that align with the Buyers requirements whether locally or nationally. Kerv will continue and increase its support for SMEs and social enterprises and provide flexibility in its supply chain, where appropriate, to ensure that buyers’ requirements can be met using providers who are supporting re-employment. ; ; We have an externally audited governance function that is represented at Board Level and provides a framework for our processes and procedures, and it is aware of relevant government legislation and contractual commitments we make. Targets will be agreed as appropriate with Buyer’s and our ISO:9001 QMS and supporting policies will be used to ensure employment and supply chain opportunities are managed and measured affectively against targets.

  Tackling economic inequality

  Kerv was founded to be an ethical business with the aim of achieving positive social impact through its commercial activity in the provision of software development, digital transformation and DevOps support services. ; ; The ambition was encapsulated in our ‘Build Future’ mission statement to support the long term success of our clients, employees and community. We’re dedicated to a small number of vertical markets, of which NonProfit and Government are core sectors, and actively invest to give back to our customers, an example of which is our NonProfit and Government ‘powerUps’. This IP is donated free to NonProfit and Public Sector clients to solve the ‘common but hard’ problems, reducing costs and delivery times for projects utilising the Microsoft Power Platform. ; ; We actively engage in such practices with Microsoft and have located our Birmingham office in Longbridge, which is ranked 1857 of 32,844 on the Index of Multiple Deprivation and is in the most challenged 5% nationally. We will continue to provide employment/training opportunities locally. ; ; We operate in a high-growth sector, where skills are at a premium. We will continue to invest in initiatives to provide access to digital skills. For example: ; ; • Generation UK offers fast-track training for young people from deprived areas, leading to apprenticeships. We have taken on 4 apprentices and are seeking to expand this. ; ; • Power Platform school – a partnership with Microsoft to provide learning opportunities to adults from the BAME community. Activities include a charity Hackathon and mentoring programme, sharing lessons and skills from industry leaders. ; ; • We target and develop opportunities through ongoing engagement with Microsoft’s Not for Profit community and clients such as Learnlight and the Scouts Association.

  Equal opportunity

  We support equal opportunities, encouraging employees to gain industry-recognised qualifications. We provide all staff fully funded Microsoft qualifications, vocational skills, leadership development, staff development and formal appraisals. Kerv celebrates Anglo/Indian heritage, encouraging all aspects of diversity. ; ; In Kerv Digital India, women are represented above the national average. Whilst the gender pay-gap in both countries is far better than the national average we are targeting greater female representation through gender neutral job adverts and gender balanced interview panels. ; ; To promote diversity and motivate teams, staff can work flexibly to promote a better work/life balance. Leave arrangements support religious festivals, maternity and sick leave requirements. Social channels via Teams ensure regular contact between UK and India staff, including a book club, cooking challenges, team games and a weekly ‘Icebreaker’ to introduce new staff. Benefits include an employee assistance programme, private healthcare, performance-related pay and share options. A Golden Globes-style ceremony recognises staff achievements.

  Wellbeing

  Kerv is a socially conscious business, which services clients and projects that have a positive social impact on society. ; ; We’ve a strong cultural identity and mission statement that is ‘Build Future’, which means we always take the long-term view and invest in the success of our employees, local community and customers across our chosen markets of Non-profit/ membership & UK Public Sector. ; ; We strive to operate to the highest standard and are committed to providing a positive workplace for staff and their physical and mental wellbeing. ; ; As a plan of action: Our policies, processes and procedures are set-out in our Business Management System and Staff Handbook that provide guidance for day-to day activities, clearly upholding best practice and employee interests as part of our conformity to our ISO:9001, ISO27001:2017 and ISO27701:2019 standards. ; ; Progress and output is reviewed by the Governance Team on a monthly basis and escalated to the Executive Board, as necessary. ; ; Additionally, we’ve launched a Staff Wellness and Employee Assistance Programme, a staff driven and company funded initiative specifically focused on promoting mental and physical wellbeing. We have a dedicated Teams Channel and a dedicated section in the Company Newsletter to share numerous and various activities and events arranged for staff. Our success is measured by our Employee Satisfaction Survey results and our success is demonstrated by our employees voting us in 11th best place to work in the UK 2023/24 (Best Place to Work).

Pricing

• Price: £0.01 a virtual machine an hour
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@kerv.com. Tell them what format you need. It will help if you say what assistive technology you use.