Atlas Cloud Ltd

Managed Infrastructure as a Service (in Microsoft Azure)

Managed Infrastructure as a Service allows access to hosted infrastructure coupled with managed services. We are a VMware, Citrix & Microsoft partner, solutions are delivered from our own or your own Microsoft Azure infrastructure. Atlas Cloud are ISO27001:2013.

Features

• Management of Azure Active Directory
• Monitoring of virtual machines & Storage
• Management of Reservations & Storage Accounts
• Escalations to Microsoft
• Backup of Azure components
• Virtual network & Network Security Group management
• Update management of infrastructure
• Log analysis
• Service Health monitoring
• Profile & key management

Benefits

• Scalable - react quickly to business changes
• Deal with peak demand
• Agile, flexible and customisable depending on business needs
• Fully managed service
• Highly secure – ISO 27001:2013 certified

£0 to £999,999.99 a transaction a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@atlascloud.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

966294759620737

Contact

Ben Tomlinson – Marketing Manager
0191 283 0191
gcloud@atlascloud.co.uk

Service scope

• Service constraints: Maintenance that resulted in the systems would always be agreed in advance at a suitable time for the customer.
• System requirements: This solution is tailored to the users requirements.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response and resolution times are based on the priority of the incident / service request. ; Critical Response 30 working minutes Resolution 4 working hours; High Response 30 working minutes Resolution 24 working hours; Medium Response 60 working minutes Resolution 48 working hours; Service Request Response 120 working minutes Resolution 120 working hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Monday - Friday 07:00-18:00 as standard, extended support hours are possible at an additional cost depending on how much you extend the hours by. We do provide account management and have support engineers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Once an order is agreed and accepted, Atlas Cloud’s implementation team will begin the on-boarding process. This will involve building and configuring the application(s) / virtual machine(s) required by the customer and the migration of any associated data to the secure data centre environments. We provide a technical Project Manager to lead the design as well as an implementation team of experienced Architects and Senior Engineers to implement, test and transition to the Atlas Cloud. There would then be a handover to the Atlas Cloud support team which is staffed by experienced Engineers at 1st, 2nd and 3rd line levels of support. The entire process would be overseen by the CTO of Atlas Cloud from the very beginning, throughout the delivery and ongoing support thereafter. Atlas Cloud uses the IT Service Delivery Management framework, ITIL, and all of the support processes are designed around this. In addition, we hold ISO certifications in 9001, 14001, 27001:2013
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: If the client wishes to change to a different IT provider, the first step is for the client to file a request to leave. Next, an End of Contract date is agreed. Data is then collected via the client from the Atlas Cloud data centre or placed in an encrypted location at the request of the client. Atlas Cloud do not keep unencrypted data outside the data centre. The customer can extract their data at any time, whether by self-service request or a request for Atlas Cloud to perform on the customer’s behalf. The cost of this will be based upon a time and materials basis. Client owned licenses are subsequently handed back to the client and any rented hardware is returned to Atlas Cloud. Finally, the client’s data is deleted from the systems and a confirmation is sent to the client.
• End-of-contract process: The cost of the contract only covers the contract and not and additional work needed to exit the contract. We would charge an hourly rate for any additional work that needs to be completed as part of the contract end.

Using the service

• Web browser interface: Yes
• Using the web interface: N/A
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: This is not something that we have looked at.
• Web interface accessibility testing: None as we have not had a requirement to do this.
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Dedicated hosts, dedicated storage and dedicated virtual machines.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines
  • Files
  • Databases
• Backup controls: We control the backup schedule, should the user wish to change this we would request that they make this request in writing.
• Datacentre setup: Single datacentre with multiple copies
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% uptime guaranteed. Service credits can be available on request.
• Approach to resilience: Available upon request
• Outage reporting: Email or text alerting.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: We have separate accounts for management and administration. Separate VLANs between management servers and other.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR
• ISO/IEC 27001 accreditation date: 12/08/2014
• What the ISO/IEC 27001 doesn’t cover: Nothing is excluded
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Atlas Cloud follows ISO 27001. The information security policy is sent to all employees and confirmation of adherence is recorded.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have an change management process that has a multi level approval process and a dedicated changed manager. Components of the service are monitored and maintained with any risks to service noted on a risk register.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have mechanisms for threats to be flagged by our monitoring system and the engineers that work on the systems. We can deploy emergency patches in line with our change management process. We have three standard change windows per week.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use various software to monitoring our systems, the software auto creates an incident into our incident management system when a threshold is breached. The incident is then categorised and prioritised and the appropriate SLA assigned. Dependant on the priority the incident is responded to within 30-120 minutes.
• Incident management type: Supplier-defined controls
• Incident management approach: We have standard operating procedures for common events that are documented. Users can report incidents via phone, email or we have a client portal that clients can log and update incidents via. We email incidents reports at the end of every month.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: VLANs and NTFS permissions. Dedicated hosts where required. Dedicated virtual machines.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Our Data Centre provider is accredited at the Code of Conduct’s Participant level and are actively engaging in reducing energy consumption whilst delivering business critical datacentre services.

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  UK National Living Wage accredited employer, committed to paying a fair wage.

Pricing

• Price: £0 to £999,999.99 a transaction a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@atlascloud.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.