Konica Minolta Business Solutions (UK) Ltd

Managed Cloud Hosting

Managed cloud hosting provides a public or private cloud that is secure and scalable. Expert support teams and system monitoring available 24/7. ISO accredited to 27001, UK datacentres provide high-availability server infrastructure, providing a resilient service. Designed specifically with the needs of education, NHS and local government in mind. http://www.konicaminolta.co.uk/en-gb/industry-verticals/technology-solutions-for-the-public-sector/g-cloud

Features

• Best-of-breed hardware and choice of Windows or Linux
• UK datacentres for data sovereignty
• Super-fast performance; No CPU ‘throttling’ with up to 24 cores
• Self-healing cluster arrangement
• High-availability server infrastructure, archiving, back up and disaster recovery
• Adaptive optimisation
• Resilient 100GB network backbone, with 100% uptime SLA
• Load-balancing, 7 days’ backup, WAFs
• Advanced security including DDOS protection, IDS, IPL, VLAN segregation
• Virtually limitless scalability, no single-point-of-failure

Benefits

• 24 × 7 × 365 remote monitoring
• 24 × 7 × 365 support (additional cost applies)
• 99.999% platform availability SLA included
• Internal cost reduction, performance improved
• Comprehensive incident support
• Priority 1 support issues with 20-minute SLA
• Full patch management available
• Dedicated Technical Account Manager
• Support down to OS level
• Full replication as standard

£286.40 a server a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidsandtenders@konicaminolta.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

929874446614770

Contact

Andy Cornish
01268 534444
bidsandtenders@konicaminolta.co.uk

Service scope

• Service constraints: There are no limitations on server configuration, but there will be a need for planned maintenance which will be communicated to the client. ; ; Our solution provides Managed Cloud Hosting service using multiple Tier III Enhanced Data Centres. All clients can benefit from the service resilience offered, ensuring minimal service downtime.
• System requirements: Internet connectivity

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Questions are responded to in an hour. Our Service Desk operates between 0900-1700 Monday to Friday. Additional support outside of these hours and at weekends are provided at an additional cost.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: The solution provides a range of IT support services for its clients. The services are client led and are delivered by our 1st Line, 2nd Line, 3rd Line Engineers with priority levels ranging from P1 to P4.; ; The service can range from our standard business hours of 0900 to 1730 to a 24x7 support contract. Please refer to the pricing schedule for further information. ; ; Technical Account Management and Cloud Support Engineers are provided as part of the initial implementation and throughout the duration of the contract.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All new customers receive a full induction to the solution that has been purchased. Alongside the induction training (onsite or online), a full knowledge-base is available for every service provided, and customers are given access to this via our online portal.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Customers are trained and encouraged to remove all of their data at the end of their contract. Konica Minolta will assist the customer, or carry out the removal on the customer’s behalf if requested, at an additional cost. ; ; If no request is made, and the customer does not remove their data, it will be held during the 30 day notice period after the contract has expired and then destroyed in accordance with ISO 27001 and ISO 27017 standards.
• End-of-contract process: At the end of a customer’s contract, it will automatically roll-over for a further 12 month period. If a customer wishes to end their contract at the end of the contracted term, 30-days prior written notice is required.

Using the service

• Web browser interface: Yes
• Using the web interface: Through the web interface, buyers are able to:; ; - Log an incident ; - Log a request ; - Log a case; - Assess status of all incidents/requests; - Access Knowledgebase and service catalogue; ; Users are unable to:; - View other users tickets; - Set own incident/request priorities
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: Web interface accessible through: Chrome, IE, Edge, Safari, Firefox, Tablet mobile browsers. The assistive technologies JAWS, NVDA, and VoiceOver are used to test ServiceNow products.
• API: Yes
• What users can and can't do using the API: The use of an API is dependent upon varying factors and customer requirements. Professional Services will be required to assess the needs and requirements, in order to confirm expected outcome and results.
• API automation tools: Other
• API documentation: Yes
• API documentation formats: Other
• Command line interface: Yes
• Command line interface compatibility: Other
• Using the command line interface: This is dependent on customer requirements. Professional Services will be required to discover the needs / requirements, and then confirm that we can or cannot deliver the expected results.

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Each user has a segregated part of the overall infrastructure and we constantly monitor to ensure sufficient resources are provided to all users. We have procedures in place to ensure that no user is affected by other users demand.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Hyve Hosting

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: The entire system can be backed up
• Backup controls: We offer a fully managed service; a 7-day backup retention service can be included as part of the contract. The rolling backup window can be extended if required, at additional cost.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: We provide SLAs on the following: ; • Network uptime of 99.999% ; • Server uptime of 100% ; • Priority 1 support tickets within a 1-hour response time
• Approach to resilience: You are investing in two Tier III Enhanced Data Centres. The solution has been set up to ensure that no single point of failure exists. The server infrastructure is self-healing and includes automatic N+1 redundancy.
• Outage reporting: The solution will immediately provide an alert to our Service Desk in the event of an outage. The Service Desk will then act to resolve the issue, which in most cases, is rectified immediately. In the event an alert requires communicating, this will be via email and telephone.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Users are authenticated via a login into the service. We will provide to the customer an administrator login to the server environment, providing Windows permission level authentication.
• Access restrictions in management interfaces and support channels: When setting up a new customer, it is ensured that all users that access your systems have restricted access using POLP (Principle of Least Permission). A user will only be able to access additional interfaces and support channels when the Service Desk receive written confirmation from an approved customer authority.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 14/11/19
• What the ISO/IEC 27001 doesn’t cover: All relevant and applicable products, services and processes are covered. Our partner also has ISO/IEC 27001 accreditation covers all their infrastructure, security and Business processes. Our Partner has been accredited by The Accreditation Group, with certification dated 05/08/2017.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Our partner was accredited by Security Metrics
• PCI DSS accreditation date: 07/04/2021
• What the PCI DSS doesn’t cover: All relevant and applicable products, services and processes are covered.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials
  • Cyber Essentials Plus
  • Common Criteria
  • ISO 15408

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 27017; ISO 9001; PCI DSS; Cyber Essentials certifications
• Information security policies and processes: • ISO 27001 • ISO 27017 • ISO 9001 • PCI DSS ; Konica Minolta is committed to operating an effective Information Security Management System that will ensure information is protected from a loss of confidentiality, integrity and availability. Given this, our basic approach to information security is to continuously make improvements by measuring and assessing risks associated with important information assets and applying effective measures to mitigate those risks. To support this, we have identified key information security principles; and to ensure these key principles are met, we have established a set of information security objectives as part of our Integrated Business Management System which are monitored and reviewed regularly. This Policy covers Konica Minolta Business Solutions (UK) Ltd and all relevant subsidiaries, including all UK regional offices. It is applicable to all colleagues, visitors, suppliers, customers and contractors related to business activities, products or services. Compliance with the Information Security Policy is mandatory. All Leaders are directly responsible for implementing this policy and ensuring colleagues’ compliance within their Business Units and Shared Functions.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The implementation of ISO 27001 and ISO 27017 govern the way in which we deal with configurations and change management. Both configuration and change management will be conducted in conjunction with the customer to ensure minimal impact. ; ; This will be managed in line with internal processes for Statement of Requirements, Statement of Work and Change Control Notifications.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We maintain an ISO 27001 and ISO 27017 certified vulnerability management set of processes. This includes regular (at least quarterly) vulnerability assessments, where any identified issues are rectified immediately. A daily check is carried out by the Operations Team. They review any new security patches, and apply them at the first possible instance.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: A continuous process is implemented for the monitoring of the entire infrastructure. This will also include detection and intrusion protection software. ; The monitoring process operates 24/7 and provides immediate alerts that are followed up and prioritised by our Service Desk team where necessary.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The solution has a pre-defined process which is documented as part of the Statement of Works/Contract for common events.; ; Users report all incidents via the ITSM tool, where incidents are handled by our Service Desk Team through to incident resolution. The customer is kept informed throughout the incident resolution process.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: VMware
• How shared infrastructure is kept separate: Dedicated servers are provisioned for each customer, zones are created for each host on the shared SAN. Each zone will include the unique worldwide name for the host bus adaptor, which has been physically installed on the dedicated server.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: The Data Centre is a corporate participant in the EU Code of Conduct for Energy Efficient datacentres programme.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As the need for data centres grows, so too do the resources required to manufacture, build, and run these facilities. Konica Minolta is committed to providing Cloud services that are as sustainable as possible and uses various data centre providers for its services to target this goal.; As an accredited Microsoft Cloud Solution Partner, we offer several Microsoft services which are hosted in Microsoft’s data centres - four of which are LEED Gold certified, with 74 other projects going through certification. By 2025, Microsoft expects to power its data centres with 100% new renewable energy generation that matches its electricity consumption on an annual basis. Microsoft has also pledged to put more water back into the environment than they consume as well as to produce zero waste for its direct operations by 2030.; Konica Minolta’s Cloud Print Solution Workplace Pure is hosted in the Open Telekom Cloud. With a 1.3 PUE (Power Usage Effectiveness) rating it requires 30 percent less energy than comparable data centres. The data centre is powered 100% by electricity from renewable energy sources. ; In addition, Konica Minolta operates two of its own data centres in Hanover, Germany, and Stockholm, Sweden. From here it offers Infrastructure as a Service, a virtual IT infrastructure environment including a virtual network, virtual storage, and virtual server resources for customers. Both data centres operate with 100% renewable energy and are ISO 14001 certified.; At Konica Minolta, we've committed to becoming net zero in Scope 1, 2 and 3 by 2050. To help achieve this, in the UK we have published our carbon reduction plan for the last 3 years and are documenting a clear roadmap of how we get there. All employees undertake our Environment Essentials online training course annually.

  Covid-19 recovery

  At Konica Minolta delivering social value is a key part of our Environmental, Social, and Governance (ESG) strategy, which ensures that as a business and a team of people we are responsible to the wider communities we live and work in, as well as delivering our products and services to customers. ; This commitment to people, places, and the environment is ingrained in Konica Minolta as a global business, but it is also vitally important at even the most local of levels. As well as supporting national causes, we have refocussed on a place-based approach to social value. This means understanding the most challenging issues and opportunities in the communities where our employees and customers are and collaborating with others to make the biggest impact and to support the recovery from Covid-19.; Since the pandemic, people’s needs have changed and as a business we have had to adapt to be more agile to support the needs of our employees, customers and suppliers. For example, our choice based working policy enables those with caring responsibilities to balance the requirements of life and work around the needs of our business. ; Through our Social Impact Working Group we have established three charity partnerships across the UK to raise awareness and raise funds to support the vital work of our partners. This focus on local community partnerships has enabled us to ensure we are prioritising the needs of our local communities and supporting with the recovery.

  Tackling economic inequality

  Apprenticeships are a fantastic way to build a CV that showcases that an individual has that all important experience in the modern working world. Meanwhile, for the employer the rewards of running an apprenticeship programme are many. It provides access to a rich and diverse talent pool of motivated people that want to learn and progress. This has never been more important, especially in sectors where skills shortages are impeding productivity.; At Konica Minolta our nationwide apprenticeship programme has been developed to attract people from different walks and stages of life, to provide them with opportunities to flourish and provide a clear career path that retains them within the business, as part of an ongoing programme of progression. ; The programme includes Early Careers Business Professional apprenticeships designed for school and college leavers to kickstart their careers, develop skills and make an impact. It is complemented by an initiative for existing employees to develop their skills further in a specific area, or to transition into another part of the business, as well as a scheme for fulfilling junior level vacancies. ; As a Top Employer, we want to ensure we go above and beyond the governments National Minimum Wage, with focus on ensuring our employees receive at least the Real Living Wage and enabling access to all for purchasing our top wellbeing benefits.

  Equal opportunity

  At Konica Minolta, we have a commitment to promote a culture of diversity, equity, and inclusion and have clear targets to achieve this by 2030. Equality and true inclusivity will help drive diverse perspectives, skills and ideas, leading ultimately to a more sustainable business and contributing to a more equal society.; Our aspiration is to be an Employer of Choice where individuality is understood, valued, and celebrated. We meet the varied needs of our employees, taking an intersectional approach and embrace diverse thoughts and opinions. We aspire to be a Partner of Choice, an ethical business that does the right thing. We work with our customers, suppliers, and partners to set clear expectations, share best practice and to look at ways to support each other to drive progress forward.; Our policies, programmes and initiatives support the delivery of our 2030 targets. We seek to continuously push ourselves further, with accreditations and commitments such as the Race at Work Charter and being a Disability Confident Committed organisation.

  Wellbeing

  As a Top Employer in the UK, supporting people’s wellbeing has never been so important. Since the pandemic, our people’s needs have changed. People are far more conscious of their wellbeing now, than ever before. The lockdowns gave people little choice by way of going out and socialising, but it did give time to reflect and focus on what is important – our overall health.; Through our Breathe Employee Resource Group (ERG) we enable our people to own their own holistic wellbeing, and to provide them with the tools and resources to do just that. Under 3 strategic pillars – Mental, Physical and Social Wellbeing, the ERG run awareness campaigns and engagement initiatives on specific wellbeing topics such as nutrition, healthy eating, mental health and financial support. They have an active community which provides a platform for anyone in the organisation to get involved, connect with initiatives and access resources. ; All people leaders in our organisation have participated in mental health awareness training. This course gives our leaders the tools to be able to support our people at a foundation level and helps them spot the signs of struggle earlier. It also educates them on how to signpost to further support, whether that be through our employee assistance programme, or external professionals. Our policies, programmes and initiatives support our employees and their wellbeing including our choice-based working policy which enables a better life balance for our employees.; We work with our customers, suppliers, and partners to set clear expectations, share best practice and to look at ways to support each other to drive progress forward.

Pricing

• Price: £286.40 a server a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: If requested, we can provide a proof-of-concept (PoC) environment for a limited time.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidsandtenders@konicaminolta.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.