Rackspace Ltd

Rackspace Sovereign Police Cloud

Rackspace Sovereign Police Cloud is a hosted, fully managed, multi- or single-tenant private cloud solution that has been designed from the ground-up for UK government organisations, hosting data at OFFICIAL-SENSITIVE.

Features

• Dedicated and encrypted enterprise-grade infrastructure environment
• 24x7x365 service and support
• ITIL-aligned IT service management
• UK sovereign and security cleared solution
• Fully managed and proactive operational management
• Dedicated or shared versions available
• Disaster recovery using pair of Rackspace data centres
• PSN-accredited management environment
• NHS and NCSC compliance statements
• 10,000+ VMware hosts and 100,000+ virtual machines under management

Benefits

• Ready to host sensitive Police data
• Minimising unplanned down time using automation and proactive monitoring
• Single/multi-tenant hosted environment meets security, compliance and data sovereignty needs
• Access to Rackspace experts for guidance and advice
• Comprehensive lifecycle management, automation and policy-based governance
• Proven VMware credentials underpinned by annual independent IT health check
• Proven VMware credentials underpinned by multiple VMware Partner awards

£15,000 a unit a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukpublicsector@rackspace.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

955287443498131

Contact

UK Public Sector Sales
+44 (0)208 734 8107
ukpublicsector@rackspace.com

Service scope

• Service constraints: Minimum commitment on shared platform is 10 VMs / 1TB storage
• System requirements:
  • Each environment is designed to customers specifications
  • BYOL licence available for police customers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority One incidents are responded to within 15 minutes of the incident being logged, 24 hours a day, 7 days a week. Incidents are logged either by phone, email or the automated monitoring of infrastructure and applications. Full details of the service response targets for incidents, changes and requests can be found in the terms and conditions.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Rackspace offers a consistent level of support and management for our government customers.; ; Sovereign Support provides a consultative, proactive service approach, where Rackspace is responsible for deep multi-layer monitoring, patching, management and planning for the environment. This is backed by a nominated account team, consisting of a Customer Success Manager, Lead Engineer and a Account Director / Business Development Consultant.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Rackspace provides all new customers a ‘101’ introduction to the service, which includes an overview of the service level, including the support team functions, the monthly account review, service delivery team engagement, change and escalation processes, monitoring portal and the billing portal walk-throughs.; ; The Rackspace Customer Success team can deliver informal training for your technicians on particular topics they would like more information on.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Rackspace can provide project resources at additional cost to migrate workloads into or out of the platform.; ; Upon request, Rackspace can attach a portable device to customer’s servers. Customers are responsible for transferring data to the portal device and for ensuring personal data, sensitive personal data, and other types of sensitive data are appropriately protected (encryption).
• End-of-contract process: At the end of the contract, the contract will automatically roll over to a monthly cycle contract unless the customer gives 30 days notice to terminate or renew its contract. Rackspace will inform the customer of the rollover taking effect and work with the customer to identify options to formally extend the contract or to initiate a termination, as per the call-off contract agreement.; ; In case a customer wishes to terminate its contract, Rackspace agrees to plan, cooperate and provide exit assistance in good time to achieve a smooth transition of services with minimal disruption to customer’s operation and to continue to provide the services until transfer is complete. Additional fees may apply.

Using the service

• Web browser interface: Yes
• Using the web interface: Rackspace Customer Portal provides access to billing and service information, however as Rackspace Sovereign Police Cloud is a fully managed environment, Rackspace will manage the customer to prevent changes to the certified design. A customer-facing monitoring portal is available upon request and can show the status of the managed environment directly.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: No specific web interface technology testing has been undertaken with assistive technology users, however good practice development methods have been used to optimise the end user experience.
• Web interface accessibility testing: No testing has been completed with users of assistive technology.
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: In Sovereign Cloud, users have the choice between VMs having 4:1 or 1:1 contention against the underlying compute platform. In a shared compute infrastructure, VMs are monitored and moved between hosts to ensure that there is sufficient resource available to provide the required compute. For 1:1 VMs, the VMs on the host will not exceed the total host resources. This scenario also applies to dedicated compute to protect user VMs from user workloads in the same organisation.; ; In Azure, scaling of resources is managed by Microsoft.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Data encryption is implemented as per the customer's requirements.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Full image backup of VM
  • Other options available
  • File level backup
  • SQL Level backup
• Backup controls: The backup process is structured to meet the customer’s business needs and requests. Rackspace will work with the customer to help define a solution that will meet your specific business needs / demands, including retention periods and backup schedules. Rackspace will be responsible for data restoration should the need arise.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Other
• Other protection between networks: PSN connectivity
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Dedicated customer virtual networks (VLAN / VxLAN) are used to logically segment customers' networks. ; ; Firewalls protecting the customer from the Rackspace public network and from the Internet are implemented, configured and managed by experienced Internet security specialists according to the customer’s explicit requirements. Firewalls are configured with Access Command Lists (ACL), which prevent access to private internal IPs and deny access to all non-administrative ports.; ; For higher levels of assurance, Rackspace offers support using a PSN-accredited, secure management platform.

Availability and resilience

• Guaranteed availability: Support Request Response Times: Rackspace provides 15 minutes response time SLA for Emergency and up to 4 hours for Standard priority tickets. Should there be a failure to meet any SLA objectives, the Customer Success Manager Manager will calculate the appropriate performance credit as per the contractual agreement. Once approved, the credit is issued to the customer account and can be offset against pending or future invoice. A relevant ticket is also created and the credit note stored on the customer portal for long-term record keeping.
• Approach to resilience: Disaster recovery (DR) is typically provided via the OS / application level. Data can be replicated between environments running in different DCs via the OS / application tools.; ; Rackspace can provide multiple data centres per region in a majority of cases, utilising Rackspace sites, and/or cloud platforms such as Azure. Rackspace will work with customers to understand their disaster recovery / resilience requirements, and will architect a solution designed to meet the defined recovery time / point objectives.
• Outage reporting: Following a major incident, a customer may request an Incident Report from the Rackspace Customer Success Manager. This report will be delivered via email and contains a summary of the events that occurred, along with a root cause analysis and preventative actions.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Customers do not have direct access to hypervisors. Rackspace access control policies based on the principles of ‘least privilege’ and ‘segregation of duties'. Customer solutions reside on their own dedicated VLAN. Rackspace administrative access to dedicated customer solutions is performed via the Bastion Servers, which act as segregation points between the Rackspace corporate network and the customer environment. Access via the Rackspace secure management environment is subject to stringent logging and auditing controls.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institute (BSI)
• ISO/IEC 27001 accreditation date: 10/11/2023
• What the ISO/IEC 27001 doesn’t cover: Software development controls are excluded and some international office space is not in scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001
  • ISAE 3402 Type II / SOC
  • Public Services Network Service Connection
  • Public Services Network Service Provider

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus; ISO 27017; ISO 27018; SOC 1/2/3
• Information security policies and processes: Rackspace has assigned lead responsibility for information security to the Chief Security Officer (CSO). The CSO has reviewed and approved the Information Security Management System (ISMS), which demonstrates the commitment to the establishment, implementation, operation, monitoring, review, maintenance and improvement of the ISMS. The CSO collaborates with Legal Counsel to monitor compliance with all local and national laws and regulations that apply to Rackspace.; ; Rackspace has documented policies which meet the recommendations of ISO 27001 standard (including an Information Security Policy). The Information Security Policy is reviewed at least annually or as a significant change occurs, to ensure its continuing suitability, adequacy and effectiveness.; ; Supporting policies include:; - Global Corporate Information Security Policy; - Global Organisation of Corporate Information Security Policy; - Management of Information Security Incidents Policy; - Global Information Technology Risk and Compliance Policy; - Global Business Continuity Policy; - Global Supplier Relationship Management Policy; - Global Communication Security Policy; - Global Operations Security Policy; - Global Physical Security Policy; - Global Access Control Policy; - Global Asset Management Policy; - Global Vulnerability Management; - Global System Acquisition Development and Maintenance Policy; - Global Cryptography Policy; ; Policies and processes are audited internally and externally by an independent assessor.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Rackspace Sovereign Police Cloud utilises a UK sovereign support tooling and resource platform. All change / problem / incident management is via ITIL process.; ; Rackspace utilises technical change management process to control changes to the shared infrastructure. Proposed technical changes are subject to Change Board approval according to defined thresholds.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability scans are performed on a quarterly basis at a minimum, but can be run on-demand if required. Any vulnerabilities that may be identified will generate support tickets as part of the scan process. These tickets are alerted to the assigned lead engineer for management purposes and to ensure actions are carried out in a timely manner.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Rackspace Sovereign Police Cloud employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the data centre edge, our network backbone, Internet exchange sites and at the user level. This provides visibility when a service disruption is occurring and pinpointing its cause.; ; Proactive monitoring continuously measures the performance of key subsystems of the services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached, or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Rackspace maintains formal incident response processes concerning both corporate network incidents and incidents affecting customer solutions. Incidents that affect more than one customer or Rackspace operations (enterprise impacting) are managed from a centralised tool that provides alerting and escalation paths and procedures, communication procedures and command, control and communication across all Rackspace facilities.; ; Rackspace will work with you to institute a formal incident response plan for your environment. Rackspace can optionally provide a dedicated Intrusion Detection Service device with managed services for this purpose.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: On the multi-tenant platform infrastructure is only shared between government customers. Data is encrypted per customer at the storage level and compute can be either shared, or dedicated compute selected, depending on the workload. Logical network segregation is provided through the use of NSX.; Customers have the option of selecting their preferred deployment model, shared everything, dedicated compute, dedicated compute and storage, or a dedicated platform. Alternatively, where Azure is selected, a public cloud multi-tenant platform is in place.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Rackspace has committed to achieving net zero carbon emissions by 2045. This is five years ahead of the UN Paris Agreement on Climate Change ambition to limit the global warming of the planet to 1.5 degrees Celsius, compared to pre-industrial levels. We have begun the process of automating our large facilities with smart, energy-saving features. We have assembled a cross-functional team to define our ESG-related goals more clearly so we can better measure our impact in the future. We have also invested in and are deploying smart building automation systems in five locations globally and three data centres, both including London. These systems will drive reduced energy consumption in each of these locations, through building control systems that provide the ability to efficiently manage light, heat and cooling zones based on operational demand. Globally, one of our highest impact initiatives in 2024 is the move to a new corporate headquarters, which is estimated to reduce our footprint by around 80%.

  Covid-19 recovery

  We have evolved physical health programmes and developed new mental and emotional wellness programs to better serve and support our Rackers, as we recover from COVID. In addition, we began to look for ways we could help those organisations that support our communities. To that end, we initiated a company-wide donation match program, matching Racker donations to COVID-19 relief organisations and other non-profit organisations that provide valuable services and support to local communities. During this first two-week campaign, Rackspace and its employees donated more than £152,000 toward the COVID-19 relief efforts of over 360 organisations around the globe. We actively promote volunteering to support and fund-raise for charities and we offer a minimum 40 hours of paid volunteer time off annually.

  Tackling economic inequality

  At the core of every Racker is a drive to leave the world better than we found it, and we are passionate about giving back to our communities across the globe. While Rackers can leverage paid volunteer time off for any cause, our Rack Gives Back programme creates opportunities for Rackers to give our time and talent to others. As an example in 2022, we donated 21,000 hours and over £125,000 to charity.; One of the many examples of Rackspace tackling economic inequality are donations to local communities. When downsizing to a more workforce fitting global headquarters, Rackspace donated over 1,500 computer monitors, 2,000 chairs and hundreds of decks to local charities and schools. In 2022, Rackers (Rackspace employees) also donated over £20,000 24 food banks globally. ; The Rackspace Foundation takes a ‘place-based’ approach to community investment. Rather than focusing on a single cause across many geographic regions, we are committed to providing holistic support for the schools and students in our immediate neighbourhoods. For example, at our headquarters, we have adopted seven schools in San Antonio, where we fund important programs that help meet basic needs and give students a well-rounded education.

  Equal opportunity

  Having a diverse workforce – made up of team members who bring a wide variety of skills, abilities, experiences and perspectives – is essential to Rackspace’s success. We are committed to the principles of equal employment opportunity, inclusion and respect. We do not tolerate discrimination against anyone – team members, customers, business partners, or other stakeholders – on the basis of race, colour, religion, national origin, sex (including pregnancy), age, disability, sexual orientation, gender identity, marital status, past or present military service, or any other status protected by the laws or regulations in the locations where we operate. We provide equal employment opportunity to everyone who is legally authorised to work in the applicable country. We provide reasonable accommodations to individuals with disabilities and removes any artificial barriers to success.; Rackspace has also introduced a number of initiatives to help working parents and allow the sometimes disadvantaged to thrive in our workplace with flexible hours and other support specifically designed for working parents.

  Wellbeing

  Rackspace has a number of wellbeing programs in place to keep our teams healthy. We have invested in this area additionally over the COVID period, since it is widely viewed that the isolation introduced through lockdown has introduced new challenges for some of our teams. We offer a comprehensive employee assistance programme (EAP) providing Rackers with access to confidential professional support with any of the following challenges: depression, anxiety and mental health, family or relationship problems, improving work life balance, financial or legal problems, child or elder care challenges. We have a monthly wellbeing challenge ('The Racker Recharge'), which is a fun competition with a small prize focused on a particular area of wellbeing. The purpose of the challenge is to build awareness of heathy practices and build good habits in our teams. As an example, March’s challenge was on nutrition, hydration and sleep. ; One of our core values is compassion – we are one team doing the right thing for our customers, communities and each other. In many of our locations we offer discounted membership to local gyms to allow Rackers to keep their bodies as fit as their brains.

Pricing

• Price: £15,000 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukpublicsector@rackspace.com. Tell them what format you need. It will help if you say what assistive technology you use.