Vodafone Limited

Public Cloud - Amazon Web Services - Standard (OFFICIAL)

Amazon Web Service (AWS) offered by Vodafone brings you the breadth and depth of the AWS portfolio, the leading provider of Public Cloud services globally.
AWS is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow.

Features

• Scalable, reliable and secure global computing infrastructure
• Your application can scale up or down based on demand
• End-to-end approach to secure flexible infrastructure

Benefits

• Quick and secure hosting of your applications
• Flexibility to select all the services you need
• No long-term contracts or up-front commitments

£0.01 a virtual machine an hour

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks_team@vodafone.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

959897011168646

Contact

Frameworks Team
03333 040191
frameworks_team@vodafone.com

Service scope

• Service constraints: Please view detailed Service Description.
• System requirements: Refer AWS Service Description and catalogue for system requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The standard response time is one hour with support available on a 24/7 basis. The Support Incident Escalation is available to be utilised for critical issues and whenever needed to resolve the issue speedily.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Vodafone will provide you with support for AWS Service. Our Hosting Solutions Support team provides a 24x365 Service Desk and Incident Management team. Support will be provided in English. The Vodafone operational model for support is ITIL based. Vodafone’s support model for AWS will triage issues into AWS if Vodafone is unable to resolve the issue. More details : Service Descriptions Support section
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Onboarding guidance is provided as part of the service. When the AWS service is ready the customer will be provided with the following: I. Service Terms – contains Vodafone and AWS T&Cs II. Service Descriptions – a guide to cover all customer information inc. AWS products, support, global infrastructure etc. III : Document for all relevant information pack
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: From the application that uses AWS or through the Admin GUI. Vodafone may also be able to help you minimise the impact of off-boarding through our professional service capability.
• End-of-contract process: The customer must remove all of their data from the Platform and notify Vodafone that they wish to terminate the Service.; Vodafone will notify the customer of the date that the Service plus any remaining data will be removed.; It is the Customer’s sole responsibility to remove their data from the Platform; Vodafone has no liability for any of the customer's data that remains on the Platform once they have notified Vodafone they wish to terminate the Service.

Using the service

• Web browser interface: Yes
• Using the web interface: Customer can access AWS management console
• Web interface accessibility standard: WCAG 2.1 AAA
• Web interface accessibility testing: It is accessible anywhere through an internet connection over HTTPs.
• API: Yes
• What users can and can't do using the API: The AWS public cloud provides a self-service management console and application programming interfaces for the provision and management of AWS services. Both the API and Console are available over the public Internet to Vodafone and our customers.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: No
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Please refer the attached link for more detail. https://aws.amazon.com/cli/

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: AWS offers a broad set of global cloud-based products including compute, storage, databases, analytics, networking, mobile, developer tools, management tools, IoT, security and enterprise applications. These services help organizations move faster, lower IT costs, and scale
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
• Reporting types: API access

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Amazon Web Service

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: "The AWS infrastructure puts strong safeguards in place to help protect customer privacy. All data is stored in highly secure AWS data centers. AWS enables customers to control their content (where it will be stored, how it will be secured in transit or at rest, For information on how data at rest is protected in AWS, see:; ; https://aws.amazon.com/whitepapers/overview-of-security-processes/; ; https://d1.awsstatic.com/whitepapers/AWS_Securing_Data_at_Rest_with_Encryption.pdf
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Replaces your existing on-premises or off-site backup solution
  • Backup offers multiple components that you download and deploy
• Backup controls: Backup applications need to be purchased by AWS console. No Operational Support System (OSS) tooling is deployed (monitoring, backup, patch management and anti-malware).
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: "You can connect to an AWS access point via HTTP or HTTPS using Secure Sockets Layer (SSL), a cryptographic protocol that is designed to protect against eavesdropping, tampering, and message forgery.; For customers who require additional layers of network security, AWS offers the Amazon Virtual Private Cloud (VPC), which provides a private subnet within the AWS cloud, and the ability to use an IPsec Virtual Private Network (VPN) device to provide an encrypted tunnel between the Amazon VPC and your data center.; ; For all details see: https://aws.amazon.com/whitepapers/overview-of-security-processes/"
• Data protection within supplier network:
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: For all details see: https://aws.amazon.com/whitepapers/overview-of-security-processes/"

Availability and resilience

• Guaranteed availability: Refer to AWS availability SLAs from here : https://aws.amazon.com/de/legal/service-level-agreements/
• Approach to resilience: Highly resilient, fault-tolerant network connections are key to a well-architected system. AWS recommends connecting from multiple data centers for physical location redundancy. When designing remote connections, consider using redundant hardware and telecommunications providers. Additionally, it is a best practice to use dynamically routed, active/active connections for automatic load balancing and failover across redundant network connections. Provision sufficient network capacity to ensure that the failure of one network connection does not overwhelm and degrade redundant connections.
• Outage reporting: "As part of the service offering you have access to AWS Health that provides ongoing visibility into the state of your AWS resources, services, and accounts. The service gives you awareness and remediation guidance for resource performance or availability issues that may affect your applications that run on AWS.; The Personal Health Dashboard (PHD), powered by the AWS Health API, is available to all customers. The dashboard requires no setup and is ready to use for authenticated AWS users. You can use the AWS Health API to integrate with in-house and third-party systems.; Further information on AWS Health can be found here: https://docs.aws.amazon.com/health/latest/ug/what-is-aws-health.html"

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: "When an AWS account is first created, an associated single sign-in identity is created which has complete access to all AWS services and resources, which reside within the account. The root user is accessed by signing-in with the email address and password which were used to create the account.; ii. In the scenario where a customer is new to AWS or transferring to Vodafone (excluding BYO model), the root credentials will be either retained or migrated to Vodafone.; For further details please refer service description document
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA are Vodafones ISO27001:2013 accreditor
• ISO/IEC 27001 accreditation date: 01/01/2024
• What the ISO/IEC 27001 doesn’t cover: Available upon request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: QSA Company: NCC Services Ltd.
• PCI DSS accreditation date: 11th June 2021
• What the PCI DSS doesn’t cover: Available upon request.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: For details see https://aws.amazon.com/compliance/iso-27001-faqs/

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Vodafone policies align to ISO27002:2013

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Available on request
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Cloud provider controls. Refer to https://aws.amazon.com/security/
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Cloud provider controls (Amazon CloudWatch) and Vodafone Fraud module.
• Incident management type: Undisclosed
• Incident management approach: Incident management processes are in line with ITIL best practice, and integrated with event, problem and change management processes.; ; Please refer Service Description document for more information

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Amazon Web Service
• How shared infrastructure is kept separate: Refer to AWS Shared responsibility model

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Available upon request

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Fighting climate change; We believe that urgent and sustained action is required to address the climate emergency. Business success should not come at a cost to the environment, and we are committed to ensure the greening of all our activities. We also see a key role for our digital networks and technologies in helping to address climate change. Digitalisation is key to saving energy, using natural resources more efficiently and creating a circular economy.; Our carbon reduction targets support those introduced in 2019 when the UK Government amended the Climate Change Act 2008 by introducing a target of at least a 100% reduction of greenhouse gas emissions in the UK by 2050. Vodafone’s own target, validated by the Science Based Target initiative, is to achieve net zero by 2040. We produce an annual Carbon Reduction Plan in line with PPN 06/21 which outlines the environmental management measures that will be applied in the performance of our contracts.; The Carbon Reduction Plan is published on our website here: Protecting the Planet | Vodafone UK

  Covid-19 recovery

  Covid-19 recovery; At Vodafone, we believe that everyone, everywhere should have access to technology. That is why our initiative – everyone.connected – was launched during the pandemic to close the digital divide.; The COVID-19 pandemic has caused a global economic crisis, creating a greater need for focus on inclusion and equality. As a technology brand, we are determined to support those who need it most – students, jobseekers, small businesses, remote communities and the elderly. This is because we know that being connected creates endless opportunities; from remote working, to education and staying in touch.; We will keep doing all we can to make sure nobody is left behind – because when people are connected, equal opportunities are created and the future is brighter. ; The programme has continued post-COVID and we are now committed to helping 4 million UK people and businesses cross the digital divide by the end of 2025. Details on our programme and our on-going commitments ; can be found here: everyone connected | Tackle the digital divide | Vodafone UK

  Tackling economic inequality

  Tackling economic inequality; Vodafone is committed to tackling economic inequality by helping to create new businesses, jobs, and skills. Since forming in Newbury, Berkshire in 1982, we have purchased products and services globally to innovate and achieve business growth.; Today, Vodafone works with over 9,000 suppliers. We’re strong advocates of the ‘one company, local roots’ concept. By creating opportunities for new businesses and supporting supply chain resilience, we enable our suppliers to recruit and grow. In turn, our partners maintain their own diverse supply chains of smaller, local partners, technology start-ups and market specialists. ; We encourage small and medium sized enterprises in our own supply chain, e.g. by offering them positive scoring in our RFQ process (which has a 20% weighting for sustainability responses) if they commit to introducing policies that align with Vodafone’s purpose. In this way, we aim to drive positive change in the supply chain. ; ; Vodafone is committed to tackling economic inequality for disadvantaged groups and areas. We support the UK Government’s ‘Good Work Plan’, the levelling up agenda and the Government’s priorities such as reduced reoffending and increased opportunities for disabled people. We work with leading public service provider, PeoplePlus, to help create opportunities for individuals from lower income households who may face barriers to employment. They are a national UK wide company and extension of the UK Job Centre who aim to deliver skills and training to ensure people can access the right employment and enhance their career prospects.; ; Vodafone’s work experience strategy addresses the underrepresentation of certain groups across the Technology workforce. We have offered work experience to over 4000 students since 2017 through programmes such as #CodeLikeAGirl and Innovators virtual work experience programme. Both programmes target a proportion of ethnic minority, female, and low social mobility students.

  Equal opportunity

  Equal opportunity; We are committed to equal opportunities in our workforce. Through our recruitment processes we:; o use gender neutral advertising for vacancies posted, running the advertisements through a gender decoder; o actively ensure diverse shortlists are provided to hiring managers as well as having diverse interview panels to ensure the candidate feels as comfortable as possible throughout the process; o Limit the “criteria/ essential” skills and reduce technical jargon where possible; o Anonymise CVs removing names, pro-nouns and photos ; o Remove university education from CVs ; o Run training for hiring managers on topics such as inclusive hiring, race and ethnicity, accessibility, discrimination, allyship and gender diversity. ; o Run campaigns related to diversity and inclusion with an intersectional approach aimed at increasing brand awareness and perception of Vodafone as a diverse and inclusive employer, as well as job applications. ; o Partner with external organisations to help create opportunities to attract greater diversity into our workforce. These include myGWork, a network for LGBTQ+ talent, Black Young Professionals network, and Evenbreak who have a community of 70,000 talent with disabilities.; o We have publicly available Fair Pay Principles that govern our approach to reward. ; ; Vodafone has come together with Ofcom and other organisations to sign Women in Tech, a pledge committing to promote the role of women in technology-based roles in the telecoms sector. We are committed to work together to increase senior representation of women, share best practice and help to drive change in Vodafone and across the industry. Our company goal is 45% women in management roles by 2030.; ; We have a range of employee networks who advocate for different groups including groups for LGBTQ+, BAME and disabled employees. We are signatories of the Race at Work Charter, Disability Confident Scheme and Hidden Disabilities Sunflower Scheme.

  Wellbeing

  Wellbeing; Vodafone’s Group Health, Safety and Wellbeing Policy expands on the Code of Conduct, setting out our commitment to establish a robust and durable health, safety and wellbeing culture. This policy is accompanied by detailed standards setting out the specific steps that must be taken to manage our greatest risks.; https://www.vodafone.com/about-vodafone/who-we-are/people-and-culture/workplace-safety/our-approach-to-safety; ; We have a multi-faceted employee wellbeing programme which covers:; • Physical health, including discounted gym membership, free access to a remote GP and discounted/free health assessments.; • Emotional and mental health. Silvercloud is a digital self-help support platform, endorsed by the National Institution of Health Care Excellence (NICE) as being an effective tool to maintain and improve wellbeing. Employees can access a variety of programmes including: Sleep, stress, resilience, Covid-19, positive body image, mindfulness, money worries.; • Financial wellbeing. We offer a personalised financial education tool.; ; Our commitments to wellbeing are supported by industry leading HR policies, e.g. our enhanced Maternity/Paternity Policies and a flexible working culture. We run an award-winning ReConnect return to work programme for those who have taken career breaks due to caring responsibilities. Our commitments are recognised externally, and we continue to be ranked as one of the UK’s top 10 ‘Best Workplaces’.

Pricing

• Price: £0.01 a virtual machine an hour
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks_team@vodafone.com. Tell them what format you need. It will help if you say what assistive technology you use.