Creative Networks

Backup-as-a-Service – BaaS

N-able's BaaS provides automated, secure backups for businesses, safeguarding critical data from loss or corruption. With features like continuous protection and flexible scheduling, it ensures minimal downtime and easy recovery options, offering peace of mind for businesses of all sizes.

Features

• Continuous data protection: Near-instantaneous backups for ongoing data security.
• Flexible scheduling: Tailor backup routines to specific business needs effortlessly.
• Secure encryption: Safeguard data during transmission and storage effectively.
• Automated recovery options: Streamline data restoration processes for efficiency.
• Cross-platform compatibility: Works seamlessly across operating systems and devices.
• Incremental backups: Minimise bandwidth usage and storage requirements effectively.
• Centralised management: Control and monitor backups from a single interface.
• Scalable infrastructure: Accommodate growing data volumes with ease and reliability.
• Advanced monitoring and alerts: Stay informed about backup statuses/issues.
• Multi-cloud support: Back up data across multiple cloud platforms.

Benefits

• Enhanced data security: Safeguard critical information effectively against loss/breaches.
• Streamlined operations: Simplify backup processes for increased efficiency and productivity.
• Reduced downtime: Minimise business disruptions with fast reliable data recovery.
• Cost savings: Eliminate need for expensive hardware and infrastructure investments.
• Improved compliance: Meet regulatory requirements effortlessly with robust backup solutions.
• Greater flexibility: Access and restore data from anywhere, anytime.
• Scalable solutions: Adapt to changing data needs as business grows.
• Peace of mind: Assured knowing data is safe and recoverable.
• Simplified management: Centralise backup tasks for easier monitoring and control.
• Competitive advantage: Stay ahead with reliable data protection/uninterrupted operations.

£25.00 to £75.00 a device a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aj@creative-n.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

904284388922257

Contact

Azeem Javed
03303337337
aj@creative-n.com

Service scope

• Service constraints: Our Backup service may have bandwidth and storage constraints, compatibility requirements, and scheduled maintenance. Costs might increase with additional features or storage needs. Data retention policies, compliance requirements, and limited technical support hours could impact operations. Transfer speeds and recovery times may vary based on internet speeds and service level agreements. Buyers should review agreements thoroughly and consult providers to understand potential constraints before committing.
• System requirements:
  • Compatible operating systems (e.g., Windows, Linux).
  • Sufficient network bandwidth for data transfer.
  • Adequate storage capacity for backups.
  • Supported virtualization platforms (if applicable).
  • Access to the internet for cloud-based backups.
  • Integration capabilities with existing IT infrastructure.
  • Hardware specifications for on-premises backup appliances (if used).

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support response times - 08:30 - 18:00 Weekdays, excluding Bank Holidays. Out of hours support available where necessary. 30 minutes to 8 hour response dependent on priority call, P1 - 30 mins, P2 - 1 hour, P3 - 4 hours, and P4 - 8 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: We have not conducted any testing of web chat accessibility with users employing assistive technology.
• Onsite support: Onsite support
• Support levels: End-user training can be provided at an ad hoc cost. We provide a UK based Service Desk for support. Out of hours support is available. Our helpdesk is made up of 1st, 2nd and 3rd Line technical expertise. A Technical Account Manager will be assigned as standard as a part of our standard and premium IT Support, see our pricing schedule and SFIA Rate Card for details.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We assist users in adopting our service through a variety of resources tailored to their needs. Our user documentation offers step-by-step guides, FAQs, and troubleshooting tips for independent learning. Additionally, we provide interactive online training sessions and webinars led by experienced instructors to guide users through setup and configuration processes effectively. For those preferring personalised assistance, optional onsite training sessions can be arranged to address specific organisational requirements. Our dedicated technical support team is readily available to assist users with any inquiries or challenges they may encounter, offering prompt resolution via email, phone, or online chat. With these resources and support channels in place, we aim to ensure a smooth onboarding experience and empower users to harness the full capabilities of the service for their communication needs.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Exported upon request. Contact the Support Helpdesk or Technical Account Manager.
• End-of-contract process: At the end of the contract services will continue on a rolling 30 day agreement until either party serves notice. If it is decided the client will exit, Creative Networks will assist in transitioning and migration of services ensuring continuity and a smooth handover. We will, where applicable deliver an Exit Plan which sets out the proposed methodology for achieving an orderly transition of Services on the expiry or termination of the contract. The Exit Plan will contain at minimum: Separate mechanisms for dealing with Ordinary Exit and Emergency Exit. The management structure to be employed during both transfer and cessation of the services and a detailed description of both the transfer and cessation processes, including a timetable. Document how the Services will transfer including details of the processes, documentation, data transfer, systems migration, security and the segregation of technology components. Specify the scope of the Termination Services that may be required and any charges that would be payable for the provision of such Termination Services and detail how such services would be provided. Provide a timetable and identify critical issues and set out the management structure to be put in place and employed during the Termination Assistance Period.

Using the service

• Web browser interface: Yes
• Using the web interface: The N-able BaaS web interface empowers users to efficiently set up, manage, and monitor their backup services. Within the interface, users can initiate service setup by configuring backup schedules, selecting data sources, and defining retention policies. They possess the flexibility to make changes as needed, adjusting backup schedules, modifying settings, and adding or removing data sources with ease.; ; Monitoring capabilities enable users to track backup statuses, access logs and reports, and receive timely notifications for important events or issues. Additionally, users can manage various settings related to backup policies, encryption, and access controls through the intuitive web interface.; ; However, certain limitations may apply. Advanced configurations or tasks requiring backend access may not be accessible through the web interface alone. Similarly, complex network configurations or integrations may necessitate additional tools or access beyond the web interface's capabilities. Additionally, users' permissions and roles may restrict them from performing certain administrative tasks within the interface. Despite these limitations, the web interface serves as a valuable tool for most backup management needs, offering convenience and accessibility for users across various tasks and settings.
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: Creative Networks have not conducted any web interface testing with assistive technology users.
• API: Yes
• What users can and can't do using the API: Through the N-able BaaS API, users can automate setup processes by creating backup policies, defining schedules, and specifying data sources programmatically. They can also modify existing backup policies, adjust schedules, add or remove data sources, and update configuration settings using API endpoints. Additionally, users can trigger backup and restore operations via API calls, facilitating automation and integration with other systems or workflows. Monitoring capabilities allow users to retrieve information about ongoing backup operations, check logs, and receive status updates through API responses. However, certain limitations exist. Advanced settings or configurations may not be accessible via the API, necessitating manual intervention through the web interface. Additionally, some administrative tasks, like user management, may be restricted for security reasons. The availability of features or endpoints can also depend on the API version being used, potentially limiting functionality for users of older versions. Despite these limitations, the API offers powerful capabilities for automating backup tasks, enhancing efficiency and integration possibilities for users.
• API automation tools:
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats: PDF
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Hosted on cloud scalable solution.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: N-able

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files and folders from servers, workstations, or devices.
  • Virtual machines on VMware, Hyper-V, and other platforms.
  • Databases like SQL Server, MySQL, PostgreSQL, and others.
  • Backup of critical application data.
  • Entire system images for comprehensive disaster recovery.
  • Cloud data from AWS, Azure, or Google Cloud Platform.
• Backup controls: Users manage backups through N-able's BaaS interface or API, defining policies for data selection, scheduling, retention, and incremental backups. They can specify files, folders, VMs, databases, or apps for backup, setting custom schedules for each. Retention policies determine backup lifetimes, while incremental backups capture changes since the last backup, optimising storage and bandwidth. Settings can be adjusted as needed, ensuring comprehensive data protection while accommodating evolving business requirements.
• Datacentre setup: Single datacentre with multiple copies
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The level of availability guaranteed by N-able varies depending on the specific SLA agreed upon with the customer.
• Approach to resilience: N-able's Backup as a Service (BaaS) places a strong emphasis on resilience through various design aspects. It utilises redundant infrastructure components such as servers, storage systems, and networks to mitigate single points of failure. Critical data is replicated across multiple geographic locations or data centres to ensure availability in the event of site failures or disasters. Automated failover mechanisms redirect backup operations during hardware or software failures, guaranteeing uninterrupted service. Data integrity checks and encryption mechanisms safeguard data integrity and security, both in transit and at rest. Regular backups, including scheduled and incremental backups, minimise the risk of data loss in the event of system failures. The service includes monitoring tools for proactive detection of anomalies or performance issues, enabling timely intervention and resolution. Together, these features establish a robust and resilient backup solution, providing users with confidence in the availability, integrity, and security of their data, even when faced with unforeseen challenges or disruptions.
• Outage reporting: Website Updates. Email alerts.

Identity and authentication

• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Supplier defined controls.
• Access restriction testing frequency: Less than once a year
• Management access authentication: Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Less than 1 month
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Less than 1 month
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: UKAS
• ISO/IEC 27001 accreditation date: 24/10/2022
• What the ISO/IEC 27001 doesn’t cover: Areas not covered by ISO/IEC 27001 certification include specific business processes unrelated to information security, certain third-party services or suppliers, or compliance with other industry-specific regulations.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Organisations adhering to ISO 27001 establish robust information security practices. They develop policies aligned with ISO 27001 requirements, covering areas like access control, data protection, and incident response. Through risk assessments, they identify and prioritise security risks, implementing controls to mitigate them. Employees receive training on security policies and procedures to enhance awareness and compliance. Monitoring and review processes ensure the effectiveness of security controls, with regular audits and assessments conducted. A designated individual or team oversees the implementation and maintenance of the Information Security Management System (ISMS), reporting to senior management or the board. To ensure policy adherence, organisations employ various mechanisms such as audits, reviews, and ongoing monitoring. Non-compliance issues prompt corrective actions and improvements to the ISMS. By following these practices, organisations demonstrate their commitment to information security and continuously strive to enhance their security posture in line with ISO 27001 standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Creative Network's have in place a Change Management Process that follows the ISO 20000 Standard. A change is proposed with the Change Manager and then added to the Changes-overview. The change is scheduled to be executed and a roll back plan is created (if necessary). Rollback is actioned immediately upon confirmation as per following the rollback matrix, resources are freed and announcements are published. Periodically, the overview of archived changes is checked.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Creative Network's have a Vulnerability Management process that implements the following: Receives information about zero day threats from the National Cyber Security Center; subscribe to newsletters from vendors and used products, in contact with special interest groups; Technical vulnerabilities are handled either using the Incident management process or the Change management process; Patches are tested following the Installation of software on operational systems.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All devices have a monitoring agent on them which can identify potential issues and report back to our service desk. If an issue is identified we have an internal 4 hour SLA to ensure remedial actions are carried asap, the seriousness of an incident will be assessed on discovery so that any priority issues can be responded to quickly.
• Incident management type: Supplier-defined controls
• Incident management approach: Fully developed Business Continuity and Disaster Recovery management process developed in line with ISO 22301. Creative Network's have a pre-defined Incident Management Process in place where by an incident is reported with the Incident Manager and then added to the Incidents-overview. After which, relevant log files (from all systems affected) and evidence is gathered. The incident is corrected by implementing a patch, temporary fix or workaround. It is determine whether future occurrences of the incident can be prevented, e.g. by modifying/strengthening one or more controls. Periodically, the overview of archived incidents is checked for apparent trends and effectivity of corrections.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: Each instance is virtualised using Hyper-V.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Our Data Centre follows the ISO 14001 standard. We have in place a robust environmental management system • Procuring consumed energy from sustainable energy sources wherever possible

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Wellbeing

  Fighting climate change

  By providing efficient and reliable backup solutions, N-able BaaS helps organisations optimise their data management processes, reducing unnecessary data duplication and storage. This leads to lower energy consumption and carbon emissions associated with maintaining extensive on-premises backup infrastructure. Additionally, by enabling organisations to leverage cloud-based backups, N-able BaaS promotes the adoption of environmentally friendly cloud computing, which typically operates more energy-efficiently than traditional on-premises data centers.

  Covid-19 recovery

  During the Covid-19 pandemic, remote work became essential for business continuity. N-able BaaS supports remote work by ensuring the availability and protection of critical data, regardless of employees' locations. This facilitates seamless collaboration and productivity, contributing to organisations' resilience and recovery efforts in the face of ongoing challenges posed by the pandemic.

  Wellbeing

  Effective data protection is crucial for safeguarding sensitive information, maintaining trust with customers, and complying with regulatory requirements. N-able BaaS helps organisations ensure the confidentiality, integrity, and availability of their data, reducing the risk of data breaches, financial losses, and reputational damage. By providing peace of mind and security in an increasingly digital world, N-able BaaS promotes the wellbeing of individuals, businesses, and communities.

Pricing

• Price: £25.00 to £75.00 a device a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aj@creative-n.com. Tell them what format you need. It will help if you say what assistive technology you use.