Redpalm Technology Services

Cloud Hosting

Allows clients to deploy, manage, run software by
providing virtual machines and storage or network resources.

Features

  • Hosting virtual machines
  • Platform as a Service (PaaS)
  • Infrastructure as a Service (IaaS)
  • Software as a Service (Saas)
  • Real-time monitoring
  • Remote access
  • Secure environment

Benefits

  • Centralised management
  • Publish content from multiple devices
  • Increase Scaleability
  • Provides Flexibility
  • Cost effective
  • Increase Security

Pricing

£0.00 a unit an hour

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at neal.chauhan@redpalm.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

8 8 4 4 7 5 3 2 1 5 1 7 2 0 9

Contact

Redpalm Technology Services Neal Chauhan
Telephone: 03330063368
Email: neal.chauhan@redpalm.co.uk

Service scope

Service constraints
As a business we have not encountered any constraints whilst offering these type of services.
System requirements
  • Operating systems must be supported versions
  • Applications must be supported versions
  • Configured in a secure manner

User support

Email or online ticketing support
Email or online ticketing
Support response times
Dependant on user SLA to which are tailoired to the clients requirements, e.g from a 15 min response to a NBD response.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Users can interact with our engineers in real-time to answer any questions or issues.
Web chat accessibility testing
Our webchat allows the font and contrast to be changed to make it easier for visually impaired users.
Onsite support
Onsite support
Support levels
Support levels are tailored to each clients requirements.
Every client will recieve a dedicated account manager.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide onsite training, online training and user documentation
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Dependant on the service a copy can be downloaded or Redpalm can provide this copy directly.
End-of-contract process
At the end of the contract all services and support will be terminated.
Renewal of contracts is straightforward via our automated renewals manager.

Using the service

Web browser interface
Yes
Using the web interface
Users are able to log in and easily make any changes via the web interface.
Some advanced customisations need to be done via a command line, but this is still achieved through the web interface.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
The web interface is accesible through all supported web browsers.
Web interface accessibility testing
Font and contrast changes for visually impaired users
API
Yes
What users can and can't do using the API
Our API allows applications to access data and interact with external software components, operating systems, or microservices.

They bring applications together in order to perform a designed function built around sharing data and executing pre-defined processes.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
Most things can be implemented via the command line interface. There is supporting documentation around this.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Resources pools are used to guarantee performance and that users are not affected by others.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • SMS

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft Azure and Amazon Web Services

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files
  • Virtual Machines
  • Databases
  • Configuration
  • Media
  • Data
  • User accounts
Backup controls
Users can select what they would like to be backed up and how they would like this scheduled.
The Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for the user can be customised dependant on their requirements.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We offer a 99.999% service uptime.
Approach to resilience
Available on request.
Outage reporting
Via a a public dashboard and email alerts.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
We restrict access in management interfaces and support channels by using role based access so only those users who require access will be granted it. These login's are secured via MFA
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British assessment bureau
ISO/IEC 27001 accreditation date
30/03/2022
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Available upon request.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All changes go through an ITIL aligned Change Advisory Board (CAB) Process.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
As per Cyber Essentials we patch all critical and high risk vulnerabilities within 14 days. We use a number of sources to understand and gather information on potential threats, which can be provided upon request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
.Proactive monitoring from a number of systems is used to alert potential compromises. Any potential compromise will immediately raise a ticket in our service desk system and will be assigned to an engineer to investigate almost immediately.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Major incidents can be logged by users to our service desk via email, phone or web portal. This initiates our major incident process which details a timeline of events and the root cause with remdiation on how to stop a reocurrance of this type of event. This report is provided to all customers after a major incident.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
Through the use of isolated environments.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Microsoft and AWS follow the EU code of Conduct.

Social Value

Fighting climate change

Fighting climate change

where possible we try and minimise our impact upon the climate/environment.
Covid-19 recovery

Covid-19 recovery

Part of our business continuity plan.
Tackling economic inequality

Tackling economic inequality

This falls under our CSR policy
Equal opportunity

Equal opportunity

This is covered by our staff handbook.
Wellbeing

Wellbeing

This is covered within the staff handbook.

Pricing

Price
£0.00 a unit an hour
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at neal.chauhan@redpalm.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.