Cyberfort Ltd

Managed Public Cloud - (VMware on Azure)

Cyberfort’s Managed Public Cloud for VMware on Azure, offers setup and ongoing management of Microsoft’s Azure infrastructure for VMware workloads. Designed to assist customers take advantage of hyper-scale cloud and run VMware workloads natively on Azure. It incorporates cloud architecture consultancy, initial setup, ongoing administration, cost-optimization, configuration and performance tuning.

Features

• Full set-up and management of VMware on Azure
• Scale, automation, and fast provisioning for VMware workloads
• Integrates with Azure services; Active Directory, AI and Analytics
• Environment and Infrastructure automation and orchestration
• End-to-end service covering security, design, management, monitoring
• Microsoft Azure Certified engineering and support teams
• Comprehensive connectivity solutions including PSN and Azure Expressroute DirectConnect
• On-demand UK-based Service Desk and Engineering resource
• 24/7/365 monitoring and fault resolution

Benefits

• Improve time-to-market with Public Cloud infrastructure and services
• Focus on core business demands, whilst we manage your Azure-Cloud
• Seamlessly move your VMware-based workloads from your datacenter to Azure
• Manage your environments with the same tools you already know
• Low cost development environments, only pay for capacity used
• Reduce costs of specialist staff and training
• Enhance business confidence in secure, consistent delivery of IT services
• 24/7/365 monitoring by our ever-vigilant, UK-based Operations Team
• Increase the agility and flexibility of your IT operations

£100 an instance a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@cyberfortgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

906283785605609

Contact

Cyberfort Bid Team
01635 015600
bidmanagement@cyberfortgroup.com

Service scope

• Service constraints: The service does not include Public Cloud infrastructure and service charges (which may vary through the course of the contract) These can be purchased by client directly with the Public Cloud provider or billed through Cyberfort. ; As part of the service scoping stage the most appropriate method of licensing and service changes will be defined
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Cyberfort’s Service Desk operates 24 hours a day 365 days a year and is primary point of contact for any incidents, requests or escalations.; Each inbound query made by the client is captured by Cyberfort’s ticketing system and assigned a unique reference number with an appropriate priority rating. ; A ticket number will be issued with an initial response within the first 15 minutes of logging a query and resolution times will be subject to the priority rating assigned.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: In regard to assistive users, our Online Chat service provider (Microsoft) undertakes and publishes regularly and routine testing for assistive requirements: https://www.microsoft.com/en-us/accessibility/
• Onsite support: Yes, at extra cost
• Support levels: Effective service management is the key to the smooth delivery of our G-Cloud services during our engagement with clients, and as a result, they will receive secure, flexible and reliable services from Cyberfort utilising robust support and service management processes and best practice. From the Service Desk to your dedicated Account Manager, all are in place to manage the relationship across your business and ensure that you receive the right engagement to help drive and deliver a great service. ; • Cyberfort’s Service Desk operates 24 hours a day 365 days a year and is primary point of contact for any incidents, requests or escalations.; • The Cyberfort Service Desk team will proactively manage all support calls to resolution, escalating incidents and problems in line with comprehensive operational level agreements, service level agreements and any third-party underpinning contracts.; • We place significant importance on the support and service management function that is provided for each contract according to operational requirements. ; • This is integrated into contracts and built into the price. ; • Ongoing support and management will be led by a dedicated Account Manager supported by Service Delivery Manager, Technical Champion, and our team of specialists and subject matter experts.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Cyberfort applies the core principle of providing you with an assured and auditable approach to the design and delivery of our Cloud Hosting services. We take a “one team” approach, working with clients, engaging with stakeholders, and focusing on business objectives, to build relationships that are conducive to agile delivery of project outcomes. ; Service initiation and on-boarding are covered during project delivery to ensure clients maximise the value of their investment, and include the following elements: ; • Clients will receive a ‘Welcome Pack’ containing details of the service, key contacts, processes and services that they should be aware of. ; • Project Manager (PM) will lead a Project-Kick Off meeting with the client. ; • A ‘Delivery and Implementation Plan’, defining project specific deliverables, dependencies, resource requirements and timeframes. ; • Scheduled reporting, validation and agreement of all project deliverables at key milestones. ; • Full risk assessment conducted across all aspects of the project. ; • Operational Acceptance to record SLA’s that the Project, Technical Delivery, Facilities and Service Support Teams will follow to ensure services are introduced consistently and efficiently. ; Additional, focused training is available at an extra cost.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Where customers are able to extract their data through their own methods, they are free to do so. Cyberfort can assist in bulk data extraction although this may incur additional costs if specialized hardware or software is required. Cyberfort will purge and destroy customer data from it's own equipment upon contract termination in accordance with it's ISO27001 policies. Additional data destruction measures may be pre-agreed with the client in advance and may incur additional costs.
• End-of-contract process: Clients can choose to ‘off-board’ services from Cyberfort as follows: ; • Provide three months' notice in writing (to expire on or after the Initial Term), to their account manager (directly or via the Service Desk), who will assist in arranging any required off-boarding services and the deletion of client data. ; • Once the required works are agreed and the client has exported their data, Cyberfort will shut down and destroy any remaining services. ; • Fees may apply for off-boarding technical work and process management.

Using the service

• Web browser interface: Yes
• Using the web interface: Web interfaces are provided as per the Microsoft Azure's standard service.; Customers can manage all aspects of the Azure service using the Azure management portal.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Accessibility aspects of the Azure management interface is maintained by Microsoft.
• Web interface accessibility testing: Accessibility aspects of the Azure management interface is maintained by Microsoft.
• API: Yes
• What users can and can't do using the API: All aspects of the Azure service can be managed using the Microsoft Azure API.
• API automation tools:
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats: Other
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
  • Other
• Using the command line interface: All aspects of the Azure service can be managed using the Microsoft Azure CLI.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Azure customer environments are designed so that compute, storage and network resources can be dedicated for the sole use of a single customer. Additionally, The Azure hypervisor enforces memory and process separation between virtual machines.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Never
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Encryption of physical media where physical location cannot be controlled or subject to client requirements.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Infrastructure backup
  • Infrastructure config backup
  • User defined
  • VM storage
• Backup controls: Users can manage their own backups or Cyberfort can manage them as part of the managed service.; Backup schedules are agreed during customer onboarding.
• Datacentre setup: Multiple datacentres
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: Bespoke option are available depending on the client requirements. Tailored solutions can be implemented after scoping requirements
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: Bespoke option are available depending on the client requirements. Tailored solutions can be implemented after scoping requirements

Availability and resilience

• Guaranteed availability: Service availability achieved within any month shall be calculated monthly as follows: (Total online hours of availability – service downtime) x 100% Total online hours of availability. ; ; The service availability calculation above will exclude any time which occurred as a result of events outside the control of Cyberfort. In the event the target service availability level is not achieved when measured over a monthly period, the following service credits shall apply: For each full percentage point (1%) by which the availability in any month is reduced below the target availability, a service credit shall be due which is equal to 5% of the monthly charge for the affected service line subject to a maximum of 100% of the affected service line for the month.
• Approach to resilience: Cyberfort has two data centres in geographically separate locations. This enables Cyberfort to offer solutions such as infrastructure mirroring or a warm standby environment, both available should your primary environment become unavailable for any reason. Cyberfort data centres are linked to one another and to the Internet via fully redundant diverse circuits. ; Customer Environments are deployed according to the specific requirements of the customer.; ; Datacentre infrastructure is designed in a N+1 or N+N depending on requirements or infrastructure type. ; ; Network ISP services are deployed in a N+N configuration. ; ; Power & A/C ; 2×11,000 Volt HV Feeds. Primary feed direct from national grid sub-station ; Backup Generators ; Various UPS systems capable of supplying dual UPS feeds ; N+1 chilled water system, with zoned hotspot directional air provision sensors; ; Communications; Carrier Neutral Facility ; Multiple Internet Service Providers; Diverse Independent Risers from highway to data floors; Choice of ISP’s/Telecommunications providers; Satellite dish and Microwave space available
• Outage reporting: Cyberfort Managed Public cloud for Vmware on Azure service, is continuously monitored, with alerts automatically responded to by the Cyberfort technical support teams.; Customer notifications are managed via our ticketing system / Email

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Solution is tailored to customer requirements
• Access restrictions in management interfaces and support channels: Service Management networks are isolated from user and customer networks, with specific access rules and user-traceable accounts used throughout.; ; Access to the management interface is controlled and restricted using a combination of permission groups or roles. Only named individuals are able to gain authorised access to the services management functionality.; ; Multi-factor authentication (MFA) is a requirement of the service; ; SSO is strongly recommended ; ; Support tickets can only be raised by pre-identified individuals who will be authenticated by Cyberfort processes to confirm identity
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Solution is tailored to customer requirements.; Dedicated link (e.g. dedicated VPN); Username and Password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSi
• ISO/IEC 27001 accreditation date: Valid from:19/05/20 - Expires: 18/05/2023
• What the ISO/IEC 27001 doesn’t cover: A14.2.7 Outsourced Development 15.1.3 Information, Communication and technology supply chain
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: 247 CyberLabs Ltd
• PCI DSS accreditation date: Valid from: 05/09/2021 Expires:05/09/2022
• What the PCI DSS doesn’t cover: Requirement 3 Requirement 4 Appendix A1 Appendix A2
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Data Security and Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: As an ISO 27001 accredited company, Cyberfort recognize the importance of Information Technology (IT) and its impacts on Information Security and have designed our ‘IT Information Security Policy’ to ensure correct and secure operations are maintained across or organization. The policy applies to all our operations and all that we do, including 3rd parties, recruitment, IT security, and physical security amongst other subjects. ; ; To ensure that the importance of each information security area is not missed or vague, we use separate policies and procedures for each information security area and where applicable, including; business continuity, breach management, physical and environment security, HR resource security, incident management, asset management, access control, supplier relationships, and information management policies. ; ; Cyberfort’s Group Data Protection & Compliance Officer is responsible for managing and directing our Information Security efforts within this organization and that our policies are approved at board level. ; ; The IT Information Security Policy is reviewed annually as a matter of course, considering our organizational or technical infrastructure, legislation, and incident reviews. An Information governance and compliance team is in place with clear roles of responsibilities to manage and maintain the compliancy frameworks within the business

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Cyberfort's change management policy is documented and audited as part of our ISO27001 accreditation and ensures all changes are auditable and subject to the correct level of scrutiny based on the potential risk and impact.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Cyberfort use continual vulnerability monitoring to alert us to threats in real-time and in the face of constant changes to our services. An annual infrastructure assessment is commissioned to perform more detailed analysis. Critical vulnerabilities are patched or mitigated within 30 days.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Cyberfort deploy next generation endpoint security agents which constantly assess the behavior of the servers and endpoints for malicious or threatening activity. Threats are notified to out 24x7x365 Service Desk for remediation.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Cyberfort operate ISO27001 and ITIL process for Incident Management, with defined paths for escalation which are dependent on Impact and Urgency. Users can report Incidents by Email, Telephone or Self Service Portal. Incident Reports are provided via Email.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: Microsoft
• How shared infrastructure is kept separate: Each organization is housed under a dedicated Virtual private cloud. The VPC is configured with security groups and network access controls. Access is set to default deny and explicit rules have to be set to be allowed. The underlying Hypervisor infrastructure is trusted to protect against cross vm interference. They are patched to mitigate against malware and ransomware type exploits.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Fighting climate change:

  Fighting climate change

  Cyberfort are committed to fighting climate change and promoting sustainable development by reducing, as far as practical, our environmental impacts from business activities and as a result, an Environmental Management System (EMS) has been implemented which meets the requirements of BS EN ISO 14001:2015. ; For example, against MAC 4.1 we are committed to achieving Net Zero by 2050. We have policy commitments to become a net-zero and environmentally conscious company by conserving energy, minimising consumption, reducing, and preferring low pollution materials, maximising environmental efficiency, whilst ensuring waste is managed and controlled. ; Key Areas of focus; • Cyberfort to consider who we purchase goods and services from ensuring providers are targeting net-zero initiatives and consider environmental impacts.; • Assess external provider environmental policies and sustainable product and services.; • Ensure ethical, equality, human rights and employee standards are met. Preferring external providers who are firmly committed to enhancing their environmental performance.
• Covid-19 recovery:

  Covid-19 recovery

  Cyberfort commits to supporting the Covid-19 recovery, for example against MAC 1.5 we are undertaking regular Risk Assessments, implementing the following improvements in line with Risk Assessment findings and validated with our external Health & Safety partner:; • Closure of 3 offices where social distancing was not possible or appropriate, moving staff to either remote or hybrid working contracts.; • Reassessed our COVID risk assessment to ensure that appropriate controls remain.; • Allowing teams to return to remaining offices as required by managers for planning, collaboration or team-building meetings.; • Deconflicting teams on-site, continuing the ability to maintain controls where necessary.; • Provision of Lateral Flow Test kits for all remaining offices. ; • Maintaining all sanitization stations and controls.; • Maintaining effective social distancing where appropriate.
• Tackling economic inequality:

  Tackling economic inequality

  Cyberfort is committed to tackling economic inequality, through supporting new businesses, new employment opportunities and development of new skills. We are currently signatories of the Tech Talent Charter and the Armed Forces Covenant and are a Disability Confident Employer. Most recently we have become founding members of Neurodiversity in Business and we have partnered with to Lexxic help us on our journey to becoming a Neurodiversity Smart employer. ; ; Specific commitments for example are: ; Against MAC 2.2 - Cyberfort will be offering Apprenticeship placements in 2022. ; ; Against MAC 2.3 – We have long been advocates of education and sharing our knowledge and regularly interact with local schools, colleges and universities and has been involved in supporting the East Kent Colleges in the development of the Cybersecurity GNVQ qualification. We have various work experience schemes in place for school children and contribute to virtual careers fairs in the Kent Area. ; ; Against MAC 3.5 - With cyber security at the heart of Cyberfort, we have adopted the required technical standards and best practice as a basis for appropriate cyber security controls, including both our compliance and cybersecurity practices have NCSC certified services.
• Equal opportunity:

  Equal opportunity

  Cyberfort is an equal opportunities employer and commits to supporting Equal Opportunities through Social Value. We value people as individuals with diverse opinions, cultures, lifestyles and circumstances. All employees are covered by our Equality & Diversity policy and it applies to all areas of employment including recruitment, selection, training, deployment, career development, and promotion. These areas are monitored, and policies and practices are amended, to ensure that no unfair or unlawful discrimination, intentional, unintentional, direct or indirect, overt or latent exists. As part of our ambition to be a Neurodiversity Smart employer, we will be auditing all our recruitment and selection processes to ensure we are inclusive of neurodivergent individuals. ; ; Specific commitments for example are: ; Against MAC 6.2 - We provide training, development and progression opportunities to all staff to support in-work progression. We are committed to ensuring that each employee/contractor is given the opportunity to develop within the organization, in accordance with ability, ambition and opportunities available. As a commitment to people, Cyberfort encourages everyone to reach the fullest potential with opportunities available. We have recently launched an internal mentoring scheme, connecting employees with experienced professionals who can support them with their professional journeys. ; ; Against MAC 6.3 - While Cyberfort is not required under S.54 of the Modern Slavery Act 2015 to have an Anti-Slavery Policy, we feel passionately that we must act ethically and transparently in every situation and consequently have set out the steps that we have taken, and are continuing to take, to ensure that modern slavery or human trafficking is not taking place within our business or supply chain. Modern slavery encompasses slavery, servitude, human trafficking and forced labour. We have a zero–tolerance approach to any form of modern slavery.
• Wellbeing:

  Wellbeing

  Cyberfort fully supports and is committed to supporting Wellbeing, for example against MAC 7.1, we have understood the issues relating to health and wellbeing, including physical and mental health and have the delivered the following to support our workforce: ; ; Mental Health First Aiders – We have 9 fully trained Mental Health First Aiders within our workforce. They are a point of contact and reassurance for any person who may experience a mental health issue of emotional distress, offering an ear, cuppa and support and where needed signpost people to the appropriate services for further support. ; ; Awareness Days – Through awareness we can support one another. We have organised and promoted events for the workforce, for example in February we offered a Free Webinar ‘5 ways to increase your happiness in 2022’ with Dr Andy Cope (the doctor of happiness) and we will be supporting Mental Health week in May with various activities each day. ; ; Wellbeing Page - We have a Wellness Page on Cyberfort’s SharePoint that provides information on support available from Cyberfort, our Mental Health First Aiders, and links around advice from other organisations such as: ; • Working from home - a Wellness Action Plan by Mind ; • Every Mind Matters One You by the NHS; • App for meditation and relaxation by Calm; • 5 steps to mental wellbeing by the NHS

Pricing

• Price: £100 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@cyberfortgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.