OAKLAND GROUP SERVICES LIMITED

Data Platform Hosting

We design, build, and manage data platform capabilities using full stack cloud technologies that we customise and optimise to meet our clients needs. We are technology agnostic, meaning we are experts across a range of technologies including Azure, AWS, Databricks, GCP, Github, and have experience operating in secure environments.

Features

• VMS

Benefits

• Servers

£20,000 to £1,000,000 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@weareoakland.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

941590744898784

Contact

Phil Bent
0113 2341944
tenders@weareoakland.com

Service scope

• Service constraints: The services we build revolve around public cloud constraints (e.g. AWS/ Azure/ GCP), and as such there are very few service constraints associated to maintenance and hardware configurations. Where a constraint does occur this will be promulgated by the public cloud provider.
• System requirements: Our service is dependent on public cloud capabilties

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: As standard we do not cover weekend support; however, this can be discussed and options provided.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide the following levels of onsite support dependent on the nature of the issue: ; Principal Consultant/Technical Account Manager: £1,400/day;; Snr Consultant/Cloud Engineer: £1,200/day;; Consultant/Cloud Engineer: £1,050/day;; Jnr Cloud Engineer: £860/day.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We work alongside our clients during the development of the Data Platform capability. Our approach is to 'work with' and 'not to' our clients, meaning we work alongside and upskill them as we build the bespoke service for them. This ensures users become aware of the functionality and how to access the service as it develops. We also provide technical, administrator, and user documentation as well as offering onsite training as needed to ensure our clients gain the full benefit of the capability.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: We work with our clients to set up a tenancy with a major vendor of their own (Amazon Web Services/ Microsoft Azure/ Google Cloud Platform). We then develop the Data Platform capability to meet their needs. When the contract ends with us, the client owns their data which is hosted by the chosen vendor. Should the client end the contract with that vendor, they can extract the data via a number of means, for example cloud-to cloud-transfer, download to local storage. This can be done both manually or via an API gateway as needed.
• End-of-contract process: At the end of a contract with us, we will have delivered a data platform capability in agreement with our clients needs, and have provided detailed documentation on how to operate and manage the capability. At an additional cost we can also provide a support function to help maintain and support its development as new use cases come to light.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can use standard suite of UI-based features to setup and change required resources of the data platform capability.; ; Because we use readily available cloud capabilities as the basis of our service (AWS services/ Azure services/ GCP services), users are able to access and make changes in accordance with those service provider details. e.g. via AWS CLI.; ; We would strongly recommend a client fully becoming accustomed to the customisations we have developed, to ensure the success of the data platform service provided prior to making changes.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Because we use public cloud tooling, all web interfaces have been fully tested to align with appropriate standards for accessibility.
• API: Yes
• What users can and can't do using the API: Users can use an API to link data from their current databases to transfer them across to the data platform. Through this means we are able to combine multiple data sources, assess them, apply data quality checks, and provide a single source of truth. Users are also able to access that single source of truth via APIs to link the trusted data source back to other tools such as reporting or management tools. We will customise the API to meet a clients needs as part of the build we provide.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Users can use standard suite of commands to setup and change required resources of the data platform capability. ; Because we use readily available cloud capabilities as the basis of our service (AWS services/ Azure services/ GCP services), users are able to access and make changes in accordance with those service provider details. e.g. via AWS CLI. ; We would strongly recommend a client fully becoming accustomed to the customisations we have developed, to ensure the success of the data platform service provided prior to making changes.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: We use public cloud technologies, and as such they are able to scale to meet the needs of our clients. These technologies have at least a 99.9% guaranteed uptime, and we ensure failover and redundancy is designed into the architecture. In the context of Government clients, we would draw on existing cloud capabilities available to them to meet the needs of the data capability we've provided.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft Azure, Amazon Web Services, Google Cloud Platform, DataBricks

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Tailored or standard back up and recovery options available
• Backup controls: We can configure or create scheduled backups to meet any client needs. This can be handed over to the client in order to make changes in the future, if we are not supporting the platform.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We have a standard set of SLA depending on priority of the nature of the incident raised. These are as follows: ; Severity S1 - Target Resolution: 8 hours (1 working day);; Severity S2 - Target Resolution: 24 hours (3 working days);; Severity S3&S4 - Target Resolution: 40 hours (5 working days).; ; SLA resolution times can be adjusted based on the specific support package that is used.; ; The underlying platform SLAs are provided by the specific vendor that supports our Data Platform.
• Approach to resilience: We design resiliency into our data platforms following industry best practice, for example we follow MS Azure resiliency checklists https://docs.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service
• Outage reporting: Dependent on the need of our client, we would normally set outage reporting via API and email alerts.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: IAM approach
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyds Register
• ISO/IEC 27001 accreditation date: 25/06/2020
• What the ISO/IEC 27001 doesn’t cover: Nil
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Internally we ensure our Information Security Policies and processes are followed through mandatory training. All projects are also reported on weekly, any security incidents are highlighted immediately, triaged by the IS manager and escalated as required. For example, this could be escalated for the security team to manage and investigate (including board level support) - further escalation (to third parties e.g. NCSC) would be actioned as appropriate. Security management (monitoring) is reported to the Board on a monthly basis, and we have a centralised logging and management system in process to manage SIEM across our internal network. Where we work in a clients tenancy, we will follow their security management practices as appropriate.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We typically conduct configuration and change management through 3 separate environments: development, test, and live. Only once a product has been developed and tested (including security testing) will it then be introduced into the live environment, to ensure only the benefits of the product are seen without any issues to the live environment. We employ robust version control on our products, and ensure each stage of a product's lifecycle is indicated such that full visibility is seen, and should issues occur the ability to quickly revert to previous versions is possible. In addition, details of changes are also documented.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Dependent on clients needs, we will conduct vulnerability testing on our products, but as standard will ensure we follow OWASP and industry best practice. We utilise Microsoft Defender and Sentinel to monitor and mange vulnerabilities and manage incidents across all the software products we manage and provide. Microsoft Threat management and analytics enable us to become aware of threats as they are published, and mitigate them promptly, for example through software configuration change or patch management.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We utilise MS Sentinel, MS Defender, and Defender for Cloud to monitor all our systems and services. These capabilities allow us to identify potential compromises, stop attacks before they happen, and quickly respond to potential incidents.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Any event that affects the Confidentiality, Integrity, or Availability of Data Platform we support will trigger our incident response cycle: Detect, Analyse, Contain, Remediate/Eradicate, Recover. The project team responsible for the platform will manage initially, but will draw upon wider resources as needed (security manager, developer team, PR team, Board members etc.) . Users are able to report incidents either directly with the project team (by phone or email), via our helpdesk, or by contacting Oakland direct. We provide an initial triage report within 24 hrs and a full report within 72 hrs of completion of the incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Our data platform capabilites are based on main cloud providers such as AWS, Azure, GCP. ; Each of these providers are striving to reduce their carbon footprint and increase the carbon efficiency of their data centres. Literature is available from each to describe how they adhere to the EU Code of Conduct for Energy Efficient datacentres. ; We are very passionate about ensuring the data platform services we provide are built with efficiency in mind, and as a result they utilise the minimum amount of resource necessary to achieve the desired business benefits. We look to continuously improve this and work with our cloud providers to achieve ever greater efficiency and reduced power consumption as a result.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At Oakland, we embrace our environmental responsibility with our Green Ops framework. Building on Fin Ops principles, Green Ops equips data delivery teams to manage and reduce their environmental impact, and is an action-orientated approach, based on a four-stage lifecycle which enables continuous improvement.; ; 1. Display: use data to build a holistic view of impact; 2. Diagnose: analyse intensity areas ; 3. Decide: craft actionable plans based on diagnostics; 4. Deliver: execute and monitor.; ; As a minimum, we will utilize Green Ops for all projects undertaken by Oakland. ; ; Green Ops is data-led. We will define clear metrics that attribute environmental impact to data activity (e.g. cloud subscriptions or data projects). We propose these to include, but not be limited to:; • Cloud and on-premise resource consumption (compute / storage); • Energy consumption (kWh); • Energy carbon intensity (kg/Co2) ; • Activity scale (e.g. no. of production solutions and services, total live projects); ; Supplementing these metrics with more dimensions such as time-periods and user groups will create a granular view of impact. ; ; Environmental measures must be analysed and visualised to drive Green Ops execution, either via existing dashboards or standalone reports. If preferred, we can deploy pre-created Power BI ; Green Ops dashboards which can be rapidly configured. Oakland have built these (and the supporting data platform) as part of our Data Platform Hosting offering.

  Tackling economic inequality

  We ensure our recruitment practices, our culture and the people experience all meet the five principles from the Good Work Plan that will attract good candidates from a diverse range of backgrounds. These include worker satisfaction, good pay, participation and progression, wellbeing, safety and security and voice and autonomy. Values based recruitment, unconscious bias training & fair and consistent recruitment practices. Creating social value through our matched giving scheme and B Corp activities and status.

  Equal opportunity

  We will not tolerate discrimination or harassment, and are committed to promoting equal opportunities in employment. Those who work for us, and anyone applying for a job with us, will receive fair and equal treatment. We ensure, where possible, full access for everyone applying for a vacancy. Decisions about transfers and internal promotions are made, so far as possible, using only objective criteria. We will never victimise anyone who makes a legitimate complaint to us about harassment or discrimination, or who supports a colleague in their complaint. Our futher commitments and aims include: A working environment free from all forms of unlawful discrimination, including victimisation and harassment. A workplace capable of allowing everyone to achieve their greatest potential, and where individuals are willing to give their best. A policy of ensuring employment opportunities are open to all qualified candidates, so that we recruit from the largest possible pool of available talent and recruit the best-qualified staff. A commitment to recruiting based on ability to do the job, that also reflects the multicultural composition of our local community. A commitment to amending our polices and approaches if we think it has become outdated, or circumstances suggest to us that it needs updating. A commitment to protecting staff, wherever possible, from being victimised or treated less fairly if they make or support a complaint in good faith under our policies.

  Wellbeing

  At Oakland, mental health and wellbeing is at the forefront of everything we do and in this ever evolving hybrid world we are constantly looking for ways to support our employees as we adjust to the new ways of living and working. Psychological safety in the workplace is of primary importance and we want our employees to feel safe, valued and heard and secure in the knowledge that they will not be discriminated against for being their true, authentic selves. As part of this support, we also promote diversity and inclusion so everyone feels they can bring their ‘Whole Self’ to work. As a company we make big investments into our wellbeing initiatives and actively engage with our team to allow us to gain their input, improve our benefits and provide the vital support they need to maintain their optimum health and wellbeing. We also have a robust employee assistance programme which includes access to private healthcare, mental health support and therapies and offers a 24 hour support line. We regularly roll out wellbeing training across the business and bring in wellbeing experts to engage with the team and have enlisted Mental Health First Aiders within the organisation. We actively promote healthy lifestyles, positive mental health and share a variety of ways our team can support their own wellbeing and create a healthy work/life balance. We also offer a wide range of company benefits (which include discounted gym memberships and a ‘Cycle to Work’ scheme). We firmly believe that if you look after your staff, your staff will look after you.

Pricing

• Price: £20,000 to £1,000,000 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@weareoakland.com. Tell them what format you need. It will help if you say what assistive technology you use.