CONTRUENT LIMITED

Hosting by Blackbox

This service delivers bespoke remote hosting solutions (power by BlackBox Hosting) to provide clients with remote cloud hosting environments, with secure access, data back up and disaster recovery solutions, and environment consultancy services. With flexible contracts and expert support, we offer value, reliability, and adaptability to meet evolving IT needs.

Features

• operate two highly secure Tier 3+ UK data centres
• Private cloud, hosting and co-location services.
• Multiple proactive monitoring tools
• 24/7/365 support.
• A dedicated team of expert engineers.
• 4-hour hardware replacements.
• Backup, full disaster recovery and business continuity.
• High bandwidth and redundant connectivity backed multiple Tier 1 ISPs.
• DDOS protection.
• enterprise grade superfast networks.

Benefits

• Managed SLAs backing hosting and co-location services.
• 99% of issues resolved within the hour.
• 99.999% network up-time guarantee.
• You only pay for the licences you require.
• ISO 9001,14001, 27001,22301, ISO/IEC 20000-1,
• CSA Star Level 2 and Cyber Essentials Plus Accredited.
• A scalable and highly resilient platform .

£145.75 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kvantine@contruent.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

942957258152343

Contact

Karl Vantine
+1-650-823-0636
kvantine@contruent.com

Service scope

• Service constraints: We have planned maintenance that need to be carried out to update security. We plan these works out of hours so we can minimize service interruption.
• System requirements:
  • Access to a modern Internet Browser:
  • The service is accessed remotely via an RDS internet portal.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support response times; ; Level 1 A critical component of the system is down or does not function at all, and no “work-around” for the problem; Initial Response (IR): 4 hours Target Resolution(TR): 1-2 business days Level 2 A component of the system is not performing, operational impact. IR: 8 hours* TR: 3 business days Level 3 unexpected results; there is no “work-around”; there is moderate operational impact. IR: 24 hours* TR:5 business days Level 4 Questions about software . IR:24 hours* TR :Answers as soon as possible Level 5 Customer offers suggestions IR: 72 hours* TR: considered for future Release
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: You will be allocated a Customer success representative who will manage your account, ensure that all logged queries are resolved promptly and maintain a regular cadence of calls. Error Correction: Contruent will use all reasonable diligence to correct verifiable and reproducible errors when reported. Enhancements: Contruent may, issue Enhancements to the Licensed Software. Such Enhancements are provided at no charge to customers who are under a current Maintenance and Support Agreement. Technical support: Contruent will provide online and/or telephone support (a) clarification of functions and features of the Licensed Software; (b) clarification of the documentation; (c) guidance in the operation of the Licensed Software; and (d) error verification, analysis and correction Migration support: Billed as per Services rate card and customized quotations created as per user requirements and LOE Implementation support: Billed as per Services rate card- Contruent has the capabilities and expertise needed to help any client succeed. From scheduling, to developing work processes and procedures, we have the processes, the personnel, and the tools required to effectively manage projects. Training: Billed as per services Rate card- Contruent offers training courses, beginning with the fundamentals and moving all the way up to advanced cost management.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To ensure the success of your onboarding you will be assigned a dedicated account manager and solution architect, once the implementation is complete. Training is available to your team members.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Word
• End-of-contract data extraction: Our Clients can request a copy of the VMs and data if required to a device that they provide
• End-of-contract process: Firstly, your account manager will confirm the date that our services will cease and the date of your last invoice. Notice periods vary depending on the scale of the cloud services provided, with the minimum notice period being two months prior to the end of the annual contract. After one month has passed from the end of the contract and final services payment has been received in full, the VMs and data will be deleted in accordance with our secure data destruction process.

Using the service

• Web browser interface: Yes
• Using the web interface: Users access our services through a RDS web portal.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: SUpported Browsers
• Web interface accessibility testing: N/A
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: 24/7/365 monitoring of all platforms including physical hosts, storage,; network, etc alerts us to the need to upscale the service which we will request to the client to avoid disruptions to BAU.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Black Box

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Our service provides regular backups
  • All files, VMs and databases.
  • Regular backups are done
  • However custom backups/Data Recovery
  • DR plans meet client specific requirements.
• Backup controls: Regular backups are done as a part of the DR service, however custom backups/recovery plans can be put in place to meet client specific requirements.
• Datacentre setup: Multiple datacentres
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Data Encrypted using SSL Certificate
• Data protection within supplier network:
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: SSL encryption, service authentication and network-level protections (IPS/IDS)

Availability and resilience

• Guaranteed availability: We offer a 99.999% network up-time guarantee excluding maintenance windows.
• Approach to resilience: Automated Backup and DR are in place, using separate data centres for resilience. Client specific requirements can be addressed on request.
• Outage reporting: Email Alerts are used to notify clients.

Identity and authentication

• User authentication: Username or password
• Access restrictions in management interfaces and support channels: The web portal is accessed over HTTPS connection users authenticate with the domain controller setup specifically for the client.; Users access our services through a RDS web portal. Duo can be used for MFA.; Restricted with VRF and Access Lists.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Other
• Description of management access authentication: Separate administration accounts with MFA.
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 4/26/22
• What the ISO/IEC 27001 doesn’t cover: Everything is covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 5/12/2021
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: Everything is covered.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All data access and operations are audited for compliance purposes. We use security monitoring and scanning tools to measure compliance against industry standard data privacy frameworks such as GDPR and check for inadvertent leakage of sensitive data. All live data resources are encrypted at-rest and in-transit. Currently, data from the snapshot and data warehouse databases are encrypted in-transit but not at-rest. All data resources are backed up on a 24-hour cadence

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Adheres to ISO 9001 certification standards and can accommodate client specific change requirements upon request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Weekly security reviews. Reviewing of IPS logs and other security systems. We employ automated operating system update systems like WSUS. Other potential threads are found from FortiGate IPS, Cisco Talos and ESET.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Proactive monitoring from VMware Aria operations, with email alerts and notifications.
• Incident management type: Supplier-defined controls
• Incident management approach: Complete restoration and remediation services quickly resolve simple — and complex — events caused by business disruptions or diminished quality and continuity

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Each client possesses its individual virtual setup.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Tier 3

Social Value

• Social Value:

  Social Value

  Covid-19 recovery

  Covid-19 recovery

  Covid-19 recovery; ; At Contruent, we recognize the challenges that the COVID-19 pandemic has posed to individuals, businesses, and communities worldwide. As we navigate through these unprecedented times, we remain committed to supporting our customers, employees, and partners in their recovery efforts. Our foremost priority continues to be the health, safety, and well-being of our employees and stakeholders. We have implemented rigorous health protocols in line with local and global health guidelines to ensure a safe working environment for our team members. In response to the economic impact of the pandemic, Contruent has implemented measures to support our customers. As the global economy gradually recovers, Contruent is focused on driving innovation and delivering value to our customers. We are committed to leveraging our technology and expertise to help businesses thrive in the post-pandemic era. We are optimistic about the future and remain dedicated to serving our customers with excellence. Together, we will emerge stronger from this crisis and build a brighter tomorrow.

Pricing

• Price: £145.75 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kvantine@contruent.com. Tell them what format you need. It will help if you say what assistive technology you use.