Tivarri Ltd

Cranberry Desktop - Cloud-Managed IT Service

Runs applications, Microsoft Office and email locally on customers workstation or laptop. Can be Windows or Apple Macs. Cloud based backup and files are opened from and saved directly to Microsoft servers in Microsoft’s UK datacentres.
Includes: Antivirus, remote PC monitoring, Active Directory user profiles and UK based support.

Features

• GDPR & FCA Compliance
• User data is encrypted end-to-end from
• All-inclusive, predictable monthly fee, including Microsoft licence costs
• Data backups daily to UK datacentre
• Critical business data stored encrypted servers, not local devices
• Remote PC monitoring
• Centralised email signature management
• Advanced email phishing protection
• Multi-factor authentication
• Active directory for granular user permissions control

Benefits

• Flexibility to increase (or decrease) user numbers
• Fully managed infrastructure
• All-inclusive monthly charge (including support) so costs are predictable
• Infrastructure designed for regulatory compliance

£65.00 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@tivarri.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

962771942574645

Contact

Simon Ponsford
01225 428879
sales@tivarri.com

Service scope

• Service constraints: Maximum storage size 1TB personal space and 0.5TB shared storage per user.; ; Additional higher capacity storage options are available.; ; Application Whitelisting is not currently available on Apple Mac computers
• System requirements:
  • Internet connection
  • Microsoft Windows 10 or higher/ any Apple supported Apple Mac
  • A mobile phone or smartphone for multi-factor authentication

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Help desk opening times 08:30 to 17:30 UK time on Working Days excluding UK bank holidays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Calls are initially handled by Helpdesk Engineers, should an issue not be resolved quickly, or if the customer requests escalation, a ticket is passed to a Technical Manager. We do not employ call handlers or 1st line technical support engineers, so customers receive immediate attention from experienced technical staff.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide documentation to get users initially connected and configure multi-factor authentication, remote support to help with initial customer issues and provide a web based Knowledge Base to give user guidance. We provide a free access to our Helpdesk via telephone, email, or web portal support to assist with access and use of our service.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers may transfer their data securely to Amazon Web Services S3 or Microsoft Azure encrypted storage. The data can also be provided on encrypted media (media charged at cost) shipped to the customers confirmed location.
• End-of-contract process: At any point during or prior to the end of the contract a customer can request a copy of their data to be securely transferred to other service provider. There is no charge for this at the end of the contract, during the contract the cost is £60 per request. Should the customer require data to be saved to encrypted media and shipped then time and materials are charged.; ; 30-days following the end of the contract all user data will be deleted from all our servers including backup servers.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Users do all computation on their local computer. File access is only contended by bandwidth. Bandwidth is controlled by Microsoft and increased multiple times per year to ensure that it meets customer needs.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Disk
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • User files and shared files
  • Email archiving is included as part of the service
• Backup controls: Backup schedule is setup as part of our service. ; By default there is a complete daily backup.
• Datacentre setup: Multiple datacentres
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: All Service Availability levels are based on service monitoring data collected over whole calendar months and will be 99.9%.; Service Credit:; (% of monthly service charge) Service Availability; 10% <99.9%; 25% <99%
• Approach to resilience: All datacentres used to deliver this service are Microsoft UK based datacentres. Microsoft's resiliency details can be found here: https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-data-resiliency-overview
• Outage reporting: Alerts are sent by email to key contacts at each customer in the event of service affecting issues.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
• Access restrictions in management interfaces and support channels: Support services with 3rd parties all use multi-factor authentication. Access to our own administrative interfaces are by multi-factor authentication and IP address filtering at firewall level. Our standard authentication method is through Active Directory/Entra ID accounts.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation
• ISO/IEC 27001 accreditation date: 17/07/2023
• What the ISO/IEC 27001 doesn’t cover: All services we offer are covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO/IEC 27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our business policies and reporting structure follows ISO 27001:2013. All incidents are reviewed by the management team on a monthly basis. The Information Security Management System (ISMS) reports directly into the management team as does their deputy in the case of absence. Incidents and responses to them are also reviewed at board meetings.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Internally we use a 3rd Party software application to track all system changes, this includes user requests and specific platform or virtual machine changes. All changes are proposed, sanity checked by engineering for service and security impacts, if progressed they can be authorised by management and recorded through our Helpdesk system to ensure there is a full audit trail of changes. No changes are made without the process being followed. All Microsoft Updates are managed by our PC RMM software. Critical updates are typically released to production systems following 48 hours of testing.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Patches to user's computers are managed by Microsoft and Apple respectively. As part of our setup process we ensure that security patches are automatically downloaded and installed.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Microsoft employ their own proactive monitoring of their Office 365 and Azure based solutions. These are normally very fast to respond to any new threats.
• Incident management type: Supplier-defined controls
• Incident management approach: All incidents are recorded in an externally hosted system, this ensures continuity if Microsoft servers were not accessible. Customers and our staff have access to the system to record and view details of incidents. Customers are notified by email when the details of an incident are updated. Incident reports are incremental in that they update customers on the current information and status. Following an issue a full detailed incident report is sent to customers with our handling and subsequent handling. All incidents are discussed at our internal monthly ISO meeting.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Microsoft has built their UK datacentres based upon EU Code of Conduct for Energy Efficient datacentres.

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Tivarri is uniquely placed to assist customers to utilise cloud computing resources with the minimal carbon impact by understanding where the lowest carbon execution data centre is at any point in time. This is based on in-house developed software and expertise.

Pricing

• Price: £65.00 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@tivarri.com. Tell them what format you need. It will help if you say what assistive technology you use.