Rackspace Ltd

Rackspace Sovereign Secure (SOC) Services

Rackspace Sovereign Secure (SOC) offers 24x7x365 protection for customer cloud environments against modern day cyberthreats. Managed by UK-only resources, with tooling & data guaranteed not to be accessible outside of UK. In addition to SIEM, provides human expertise, industry-leading technology and advanced threat intelligence, delivered from a purpose built SOC.

Features

• Host and network visibility, monitoring and protection
• Analytics platforms to collect and analyse data from customer environment
• Vulnerability scanning services including remediation management
• Configuration hardening and monitoring, to meet NCSC requirements
• Patch monitoring - understanding of threats, including CVE rating
• User access management and reporting
• File integrity management - detects, reports and documents changes
• Threat intelligence - respond to changing threat in real-time (SOC)
• Weekly, monthly and incident response (Flash) reporting
• Fully integrated Security Incident and Event Management (SIEM) solution

Benefits

• 24x7x365 detection and response to deal with advanced threats
• 24x7x365 access to certified security experts
• Meet your security and compliance goals while lowering your TCO
• Enforce NCSC and industry best practices
• Implement automatic protection actions to minimise risk of compromise
• Support your compliance requirements for service monitoring and management
• Identify and block suspicious activity automatically using pre-approved actions
• Minimise risk from software vulnerabilities by managed patching service
• Benefit from easy access to public sector security experts
• SOC Engineers vetted to BS7858 standards, SC Clearance upon request

£13,000 a unit a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sovereignservices@rackspace.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

965250234232422

Contact

UK Sovereign Services
+44 (0)208 734 8107
sovereignservices@rackspace.co.uk

Planning

• Planning service: Yes
• How the planning service works: Rackspace Security Architects have a wide range of experience in supporting public sector customers and are fully conversant with NCSC recommendations. Rackspace will hold workshops with the customer to define the risks within the current environment and use the output from these workshops to design a solution that will address all relevant risks. Any design will include a detailed deployment plan to address higher rated risks as a priority, to provide additional assurance to the buyer.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Rackspace provides all new customers a ‘101’ introduction to the service, which includes an overview of the service level, including the support team functions, the monthly account review, service delivery team engagement, change and escalation processes. During the implementation process, Rackspace will work with the customer to create a customised monitoring / response runbook. This runbook defines the Rackspace Sovereign Support (RSS) team’s standard operating procedures for working with the customer on monitoring alerts and includes custom escalation procedures in accordance with best practices and specific business needs. These customer runbooks are designed to present the right information, at the right time, to the RSS support and service management teams, as well as allowing the customer to interact with the service as required.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Rackspace has a wide range of experience in designing security solutions for the public sector. As part of the transition phase to PDR, Rackspace would conduct a series of assessment workshops with the customer to identify the security protection already in place and to also identify any gaps the customer wishes to address. From these workshops, Rackspace would design the PDR service solution that meets the customer's requirements and define a transition plan to ensure security is maintained at all times during the move to Rackspace PDR.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Rackspace has extensive experience in UK public sector security testing and the NCSC CHECK testing scheme. We can help to define the scope of testing for a customer's environment and coordinate testing with selected test companies, supervise test activities and implement any relevant remediation work that may be required.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Managed endpoint security solutions
  • NCSC-aligned security monitoring SIEM
  • Vulnerability and threat assessment
  • UK sovereign SOC service
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: Rackspace offers 24x7x365 ITIL-compliant ongoing security support services. Service is offered based on a range of tiers, which offer different support levels. ; ; We support solutions from Rackspace Sovereign Services cloud variants, third party hosted solutions, on-premise and public cloud.

Service scope

• Service constraints: Rackspace will use staff in the UK only to provide the 24x7x365 support for Rackspace Sovereign Secure. To provide assurance on the security of customer log data, all members of the SOC team are located in the UK and vetted to BS7858 at a minimum, or SC Clearance levels upon request. All data is stored and only accessible from within the UK borders.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Once a security event has been identified in a customer environment, Rackspace will provide an initial notification within 30 minutes from event identification for "Critical" and "High" severity level events.; Flash Report are available <90 minutes from event identification for "Critical" and "High" severity level events, after event identification.; If service changes are required in order to remediate identified risks or vulnerabilities, the CSOC will create a remedial plan and notify the relevant customer team of the requirements of that plan within 30 minutes to 24 hours, depending on event's severity level. Response times are valid at weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Support levels: Rackspace Sovereign Services maintains a 24x7x365 Customer Security Operations Centre (SOC) to support the service. The SOC is staffed by certified and experienced security analysts whose credentials exceed industry norms. ; ; Tiers of service are:; - Bronze: security logging service, where we log security events in SIEM; - Silver: threat detection and notification service, where we detect and triage potential security events and pass on a much-reduced number of potential true positives to the customer; - Gold: detect and triage potential security events and pass on a much-reduced number of potential true positives to the customer’s nominated team, together with suggested actionable advice on how to tackle these security events; - Custom: a customised tier can be quoted to incorporate additional areas of the custom estate, i.e. beyond the Rackspace cloud platform(s), or to combine items from existing tiers

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Qualys, BT, Trend Micro, SolarWinds, CrowdStrike, BigFix

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance UK Limited (a member of BSI group)
• ISO/IEC 27001 accreditation date: 20/10/2023
• What the ISO/IEC 27001 doesn’t cover: Certain professional services and software development controls are excluded and some international office space is not in scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC 1 (SSAE 18), SOC 2, SOC 3
  • ISO 27017
  • ISO 27018

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Rackspace has committed to achieving net zero carbon emissions by 2045. This is five years ahead of the UN Paris Agreement on Climate Change ambition to limit the global warming of the planet to 1.5 degrees Celsius, compared to pre-industrial levels. We have begun the process of automating our large facilities with smart, energy-saving features. We have assembled a cross-functional team to define our ESG-related goals more clearly so we can better measure our impact in the future. We have also invested in and are deploying smart building automation systems in five locations globally and three data centres, both including London. These systems will drive reduced energy consumption in each of these locations, through building control systems that provide the ability to efficiently manage light, heat and cooling zones based on operational demand. Globally, one of our highest impact initiatives in 2024 is the move to a new corporate headquarters, which is estimated to reduce our footprint by around 80%.

  Covid-19 recovery

  We have evolved physical health programmes and developed new mental and emotional wellness programs to better serve and support our Rackers, as we recover from COVID. In addition, we began to look for ways we could help those organisations that support our communities. To that end, we initiated a company-wide donation match program, matching Racker donations to COVID-19 relief organisations and other non-profit organisations that provide valuable services and support to local communities. During this first two-week campaign, Rackspace and its employees donated more than £152,000 toward the COVID-19 relief efforts of over 360 organisations around the globe. We actively promote volunteering to support and fund-raise for charities and we offer a minimum 40 hours of paid volunteer time off annually.

  Tackling economic inequality

  At the core of every Racker is a drive to leave the world better than we found it, and we are passionate about giving back to our communities across the globe. While Rackers can leverage paid volunteer time off for any cause, our Rack Gives Back programme creates opportunities for Rackers to give our time and talent to others. As an example in 2022, we donated 21,000 hours and over £125,000 to charity. One of the many examples of Rackspace tackling economic inequality are donations to local communities. When downsizing to a more workforce fitting global headquarters, Rackspace donated over 1,500 computer monitors, 2,000 chairs and hundreds of decks to local charities and schools. In 2022, Rackers (Rackspace employees) also donated over £20,000 24 food banks globally. The Rackspace Foundation takes a ‘place-based’ approach to community investment. Rather than focusing on a single cause across many geographic regions, we are committed to providing holistic support for the schools and students in our immediate neighbourhoods. For example, at our headquarters, we have adopted seven schools in San Antonio, where we fund important programs that help meet basic needs and give students a well-rounded education.

  Equal opportunity

  Having a diverse workforce – made up of team members who bring a wide variety of skills, abilities, experiences and perspectives – is essential to Rackspace’s success. We are committed to the principles of equal employment opportunity, inclusion and respect. We do not tolerate discrimination against anyone – team members, customers, business partners, or other stakeholders – on the basis of race, colour, religion, national origin, sex (including pregnancy), age, disability, sexual orientation, gender identity, marital status, past or present military service, or any other status protected by the laws or regulations in the locations where we operate. We provide equal employment opportunity to everyone who is legally authorised to work in the applicable country. We provide reasonable accommodations to individuals with disabilities and removes any artificial barriers to success. Rackspace has also introduced a number of initiatives to help working parents and allow the sometimes disadvantaged to thrive in our workplace with flexible hours and other support specifically designed for working parents.

  Wellbeing

  Rackspace has a number of wellbeing programs in place to keep our teams healthy. We have invested in this area additionally over the COVID period, since it is widely viewed that the isolation introduced through lockdown has introduced new challenges for some of our teams. We offer a comprehensive employee assistance programme (EAP) providing Rackers with access to confidential professional support with any of the following challenges: depression, anxiety and mental health, family or relationship problems, improving work life balance, financial or legal problems, child or elder care challenges. We have a monthly wellbeing challenge ('The Racker Recharge'), which is a fun competition with a small prize focused on a particular area of wellbeing. The purpose of the challenge is to build awareness of heathy practices and build good habits in our teams. As an example, March’s challenge was on nutrition, hydration and sleep. One of our core values is compassion – we are one team doing the right thing for our customers, communities and each other. In many of our locations we offer discounted membership to local gyms to allow Rackers to keep their bodies as fit as their brains.

Pricing

• Price: £13,000 a unit a month
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sovereignservices@rackspace.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.