SERVITA PROFESSIONAL SERVICES (UK) LIMITED

Advanced Data Platform and Managed Infrastructure

Servita’s industry leading Architects have a proven track record of identifying and creating optimum solutions to what are often very complex business problems. Our Advanced Data Platform and Managed Services provide high performance, infinitely scalable and secure cloud-hosted data services.

Features

• Vertical and horizontal auto-scaling to keep response times low.
• Advanced trace identification, monitoring, and alerting.
• Interoperability through API/interface standards such as FHIR.
• Connectivity Options: N3, HSCN, Janet, and many others.
• Automated deployment, scaling, testing, and monitoring.
• Systems integration to eliminate need for data store and management.
• DevOps to system orchestrate fast delivery of applications and services.
• CI/CD (Continuous Integration/Continuous Delivery or Deployment).
• Data Exchange, in formats such as XML, and more.
• Cloud and Solutions Architecture, giving access to cloud computing.

Benefits

• Reliably access the system due to high availability/ CI.
• Achieve cost efficiencies, through automatic scaling around system demand.
• Exchange information across different devices, due to platform agility.
• Access data from multiple sources, speedily integrated and aggerated.
• Transfer offline data to online using dataset onboarding.
• Investigate anomalies and confirm relationships, through data interrogation.
• Utilise our exceptionally managed service standards.
• Support business or operational needs through fast integration.
• Quickly and easily access information anywhere, utilising internet connectivity.
• Safeguard data through our trace identification, monitoring, and alerting.

£1,500 to £77,000 an instance a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rich.story@servita.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

973799602964155

Contact

Rich Story
+447918722104
rich.story@servita.com

Service scope

• Service constraints: Patch support for a typical Kubernetes release often comes with approximately 1 year of patch support as standard. Any upgrades to this package, which include longer timeframes of patch support, may incur a one-off upgrade fee.; ; A further constraint sur API rounds the fact that Servita cloud environments are typically fully private and secure. This means that the client may need to set up a site-to-site VPN, in order to access private cloud resources.
• System requirements:
  • Middleware licensing (if any) to be covered by the client.
  • Minimum two EC2 per Kubernetes cluster to achieve high availability.
  • Access to the system requires an internet connection.
  • Either AWS or Azure cloud hosting accounts.
  • GitLab for VCS, IaC state storage and CI/CD pipelines.
  • ArgoCD and optionally ArgoCD rollouts for K8s CD deployments.

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: We respond to all tickets within the same day of their issue. In the event that tickets relate to high severity faults, we will respond, and diagnose the issue, using our technical consultants. Response times in this case, through our previous experience, have shown to take up to 2 hours. These response times do not alter with respect to weekends, as they are typical across the whole of the week, not just weekdays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Customers are given access to a Jira Service Management portal where they can submit, interact and view status of helpdesk tickets. Within the customer portal, it is possible to access the webchat facility. The webchat facility will automatically create and update helpdesk tickets.
• Onsite support: Yes, at extra cost
• Support levels: Servita provide three support levels, basic level support, developer level support, and business level support. 1. Basic level support - This level of support offers 24/7 customer service, from our internal customer engagement team, as well as support forums. These features will offer cross-applicational support to clients when needed. Further to this, the basic level of support provides 4 Core “Trusted Advisor” checks and a personal health dashboard. Associated costs: No TAM (Total Addressable Market) - Free. 2. Developer level support - Our developer level of support offers all of the support within the basic level of support, as well as one extra benefit. This additional benefit entails access to Technical and Architectural Cloud Support Associates. Here, clients can contact Associates via email, utilising one primary contact within their company. Associated Costs: No TAM (Total Addressable Market) - 5% x monthly AWS usage. 3. Business Level Support - Servita’s business level of support offers all of the support included within the developer support package, with the following additional extras: 24/7 access to PaaS Support, via email and telephone, and Case management support. Associated Costs: TAM, above £480 or cost percentage (pm). We provide Cloud Support Engineer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Servita will conduct an initial discovery session to understand requirements, constraints, and ways of working. We will tailor our services to strike cohesion with clients and ensure desired outcomes are achieved in a way that generates high levels of customer satisfaction. The output of the initial discovery will be a Servita Methodology Matrix which plots all key deliverables, their accountable owners, their purpose and at which stage they will be delivered to which areas of the client team(s). User documentation including any system protocols and procedures would be produced in Confluence and/or Swagger and Users would be given access to Servita shared repositories as required.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Online libraries.
• End-of-contract data extraction: At contract end, users can extract and export their data in JSON, CSV and SQL formats. Service and Security Management Logs can also be retained and stored according to customer requirements. Typically, Servita would co-define with the client, an exit strategy that captures the details and protocols that will be followed at contract end. Data extraction forms part of the strategy, ensuring we fully meet client expectations. To protect data integrity and security, Users are requested to provide requirements for how the data is extracted and stored in a way that complies with industry best practice and Government security policy. Servita will support the entire data extraction process including any reconciliation checks should they be required between source and target databases.
• End-of-contract process: Preparation, hardening and full implementation / live service of the platform is included. Training of the base components, release and configuration management protocols and handover of the DevOps practices are included in the price. Training, TNA, Guides and strategic roadmapping for bespoke elements are subject to impact assessment and would be provisioned via Servita Consultants. Should there be a need to transition the platform and/or migrate data, Servita will work with the client to co-define an exit and migration plan that ensures all requirements are captured and agreed thus enabling a smooth and well executed transition that meets with client expectations and needs. All data, license/user accounts and technical artefacts will be delivered to the client.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can access trace monitoring, alerting and logging components to get full visibility of activity and health across the platform. This is achieved through a selection of OpenTelemetry made available to the customer and the usage of either Azure or AWS’s native monitoring solutions.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Users can login via the AWS interface to view deployed resources and perform read-only actions such as viewing logs and metrics. Users cannot modify deployments as this is done through IaC.
• Web interface accessibility testing: Servita have not conducted any web interface testing with assistive technology users, but we believe the software providers carried this out.
• API: Yes
• What users can and can't do using the API: Depending on requirements, API’s can made available for Users to make changes such as setting internal and external connection points / environments, setting rate limits and configuring exclusion rules. We would encourage users to gain increased interconnectivity between their systems using the platform and as such we can provide automated validation tools that check formats and expected versus actual responses. There are CLI tools for interacting with AWS, Azure and Kubernetes, but we would not give access to this to Users in order to retain platform integrity.
• API automation tools:
  • Ansible
  • Terraform
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Servita work to guarantee users aren’t affected by the demand other users place upon our service in two ways. The first of these, is by ensuring that deployments are made in isolation from one another. This means that customers will be separated to ensure the performance of our service when there is collaborative demand from various areas. Secondly, we guarantee that users aren’t affected by the other user demand on the service by ensuring that clients have dedicated cloud-hosted solution provisioning. This allows us to deploy cloud resources flexibly, in order to scale up when usage spikes.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Other
• Other data at rest protection approach: We use encryption at various levels. We utilise AWS Key Management Service to encrypt Kubernetes secrets and use Doppler which integrates with AWS KMS. We enable encryption for Amazon EBS volumes attached to EKS worker nodes. All S3 buckets have encryption enabled.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines
  • Kubernetes Clusters
  • IaC States
  • Cloud Resources (EC2, RDS etc.)
  • Databases
  • File Storage
• Backup controls: Servita offer clients control over which backups are performed by agreeing upon this in advance of the outset of services. However, standard resources are backed up automatically. Clients can also request changes to their back up requirements. This will be requested via email, in order to meet compliance and requirements.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Availability; The table below demonstrates our guaranteed availability levels.; Monthly Uptime Percentage Service Credit Percentage; Less than 99.95% but greater than or equal to 99.0% 10%; Less than 99.0% but greater than or equal to 95.0% 25%; Less than 95.0% 100%; ; Users can be refunded by a number of means including credit note repayments or discounted monthly fees subject to the terms of the agreement with the client.
• Approach to resilience: Available on Request.
• Outage reporting: Servita place our clients at the heart of everything we do. That is why we are committed to reporting any outages reactively and appropriately. In order to ensure that all clients are fully informed on any details surrounding service provision, we will report all outages promptly in the following forms: SMS, Email alerts, Webhooks, Public dashboards if required. This option will incur an additional cost. Outages are reported to the client immediately with service recovery updates provided at least once every 30 minutes. Service recovery updates may be provided by our Cloud Support Engineers via phone, SMS or email.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Servita restrict access in management interfaces and support channels, by using IAM to provide access control to cloud services. We also utilise RBAC (Role Based Access Control) permissions, which are assigned to all individual IAM management accounts in order to further enhance cluster level access restrictions. Finally, we implement K8 as a control across our service, with respect to this. All of these factors ensure that management interfaces and support channels have the required restricted access necessary for safe, excellent performance.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certified Quality Systems (CQS) accredited the certification
• ISO/IEC 27001 accreditation date: 26/05/2023
• What the ISO/IEC 27001 doesn’t cover: Any bespoke and/or visualisation layers to the platform would not be covered under this certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Security Plus; Cyber Essentials
• Information security policies and processes: Servita’s goal is to provide secure, scalable and future proof solutions to UK Gov. As such Servita have implemented an Information Security Management Systems (ISMS) at the forefront of their QMS, containing policies and procedures for considered and controlled management of sensitive data, systems, services and processes. Our ISMS uses the 27001 and Cyber Essential Plus standards as a baseline. Our ISMS covers every aspect of the services we provide including: Access Control, Anti-virus, Malware and Threat Detection, Backup and Recovery, Data Loss Prevention, Data Protection, Password Management, andPersonal Conduct. Servita’s Information Systems Manager is responsible for all staff inductions, information security training programmes and for ensuring all services are carried out in accordance with our ISMS. All breaches of information security, actual or suspected, will be reported to the Information Systems Manager, who is responsible for maintaining the security policy and providing advice and guidance on its implementation. All business managers are directly responsible for implementing the policy within their own areas and for adherence by their staff. It is the responsibility of each member of staff to adhere to this policy.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Servita track changes using internal change management governance, which forms part of our QMS. Our Change Control Policy is available upon request, as is demonstrations of how the policy is implemented through the platform. DevOps tooling supports a part of our change and configuration management process. This ensures a secure, yet auditable record of any changes made to the service, technology stack, or code base. Finally, all significant changes are reviewed by the Change Advisory Board, which delivers support to the Change Management Team, whose purpose is to review any requested changes and assess change/update prioritisation.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Servita will adhere to the service pack update and patching processes as defined in their ISO27001 information security policy. Patch/release deployment is pre-configured and built into our PaaS code, in order to enable release implementation at the node/pod/cluster level. This enables Servita to achieve 0 down time. Patches can therefore be deployed immediately after approval is obtained from the Change Advisory, and Information Security advisory boards. This ensures that we can reactively deploy patches where needed. Furthermore, Servita subscribe to Norton 360 and Microsoft Security Insider threat/vulnerability intel boards to remain abreast of emerging threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Servita PaaS holds built-in security monitoring and alerting tools, which ensure that we can protectively monitor our service. Additionally, DataDog handle all trace ID’s, logging and alerting across all nodes and pods. To enhance this further, we also utilise CloudWatch, which protects data at rest, using encryption. All security incidents are responded to immediately. In the event that a potential compromise has been detected, our policy is to notify the client. This step is taken in parallel to the performance of an in-depth risk analysis. Both the results of this analysis, and client direction will determine our action plan.
• Incident management type: Supplier-defined controls
• Incident management approach: Servita record and manage Incidents as per our security incident policy and response procedure, and thus operate pre-defined processes for common events. Incidents can be reported by users via email, SMS or telephone. Our Live support services team will then perform root cause analysis on any incidents that occur, with corrective and preventative action plans documented and implemented to prevent or reduce the probability of the incident reoccurring in the future. Following this, Incident Reports are then shared with clients within 24 hours of the incident occurring, using communication channels such as email, SMS and telephone.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: AWS EC2 and Azure VMs
• How shared infrastructure is kept separate: Servita’s service operates in a segregated from, whereby client infrastructure, including the infrastructure of the network is physically segregated from other organisations. This means that different organisations do not share the same infrastructure, and thus, do not need to be kept apart.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: In compliance to the EU Code of Conduct for Energy Efficient Datacentres, we utilise Microsoft and Amazon cloud computing, which reduces the IT load of the operation. This ensures that we reduce energy consumption in a cost-effective manner. Microsoft are committed to reducing the environmental impact caused by the energy use of their products. As such, they comply with the EU Ecodesign Directive for Energy-related Products (2009/125/EC) and its implementing regulations ("Ecodesign Directive") when applicable. Our devices comply with the European Commission's Regulation for Standby and Off Mode Power Consumption for Electronic Household and Office Equipment. In doing so, they have integrated into their strategy, methods which will reduce the energy consumed by their equipment. Similarly, businesses in Europe can reduce energy consumption by up to 80% when running applications and services through AWS cloud as opposed to operating dedicated data centres. Amazon are also committed to purchasing 100% of its energy from renewable sources resulting in a potential 96% reduction in carbon emissions for an average workload being handled in our AWS cloud platforms.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Servita are committed to helping fight climate change and reduce waste. We work in tandem with ISO:14001 guidelines and measure our CO2e footprint using GHG guidelines and DEFRA spend controls (accredited in April 2024) to ensure that we act sustainably to reduce our carbon footprint. In 2023 we commissioned Positive Planet to attest our baseline year (2022), review our scopes and approve our reduction plan.; ; Servita were celebrated at the NHS Sustainability Partnership Awards 2023, winning both Software and Supplier of the Year categories in recognition of our thought leadership and sustainable cloud offering.; ; Working Remotely and Climate Change; With less people spending time in the office, we are pleased to report a reduction in our travel and commuting carbon footprint. We are managing our reduction in business travel through education and awareness so they are more conscious of their energy consumption and carbon footprints. This is through mandatory training with an annual refresher module. ; Servita are also launching the Octopus EV car scheme in 2024 to further reduce our carbon footprint.; ; Work in Office and Climate Change; Servita operate a shared workspace policy, for working on-site. We have relocated to more sustainable offices. Our shared workspaces are managed by organisations that mandate waste is segmented for recycling. This ensures that we operate excellent waste management, by recycling and reusing materials where possible. ; ; WEEE Waste; Servita have partnered with GreenTech UK to ensure all of our WEEE waste is recycled or repaired and donated to underprivileged members of the community through GreenTech UK's community out-reach programme.; ; Monitoring Compliance; We monitor compliance with our Environmental Policy and Procedure. We provide training to staff around sustainable practice at induction, and refresh annually. We monitor KPIs regularly via our Global Sustainability & Innovation Group which is chaired by our Sustainability Director, Alex Drew.

  Covid-19 recovery

  Servita are committed to supporting people and community recovery from the impacts of COVID-19, and as such aim to aid the wider community through our everyday operations, in the aftermath of the pandemic. ; ; Flexible Working; In order to contribute to community recovery following COVID 19, Servita offer flexible and remote working. This means that in cases of mandatory isolation, or family members taking ill, they are able to work from home.; ; In Office Measures; Within the office we operate social distances guidelines, and all of our communal spaces have sanitising gel. Servita also display helpful resources around the office, on posters and bulletin boards, which include information about COVID 19, and how staff can safeguard themselves within the workplace. This means that, as we move towards COVID 19 recovery, staff can take any protective measures they desire to feel safe within the workplace. ; ; Community Recovery; In aiding and supporting the local community in COVID 19 recovery, Servita also sponsor many local youth development events. For example, we currently sponsor a local Under 16s Football organisation. In doing so, we hope to support local organisations, such as this, to recover from the impact of COVID 19. ; ; Monitoring Compliance; In order to monitor and ensure compliance with COVID 19 recovery initiatives, we offer induction training which covers our COVID 19 efforts. For example, all staff receive training which covers our social distancing guidelines and how to contribute towards our goals with COVID-19 recovery. Servita also review our COVID policy and procedures once per year and regularly hold feedback sessions with staff around what is/isn’t working well for them. This informs any proposed changes to policy and procedure for future.

  Tackling economic inequality

  "Tackling economic inequality is something Servita are passionate about. As such, we are committed to promoting this within all of our operations, to contribute to the betterment of wider society, and the economy.; ; Volunteering & Charity Work; In order to internally tackle economic inequality, we offer paid leave to employees, so that they may attend sponsorships or undertake voluntary days with local community charities and organisations. ; ; Depending on contract value, Serita also allocates a percentage of net profit to charities such as Centrepoint Youth Charity, which is the leading charity for homeless people. This charity, among other things, aids young people to gain skills from training courses, in order to prepare them for future employment. Thus, in donating to them, Servita hopes to aid towards addressing economic inequality. ; ; Fair Trade; In another effort to tackle economic inequality, we monitor fair trade closely. This is operated through Servita’s Commercial Director, Rachel Flower, who reviews and amends supply chains, to ensure that fair trade is maintained throughout. Through this, we hope to contribute to social value, by aiding in the challenging of economic inequality worldwide.; ; Training and Apprenticeships; Servita operate training programmes through our training partners, to help develop and foster the skills of our valued staff.; Our core training programmes include:; - Association of Project Management – APM-P and APM-PQ; - Managing Successful Programmes (MSP); - AWS Cloud – Business Professional; - AWS Cloud – Technical Professional; - AWS Cloud – A Well-architected Solution; - AWS Cloud – Data Analytics; - CITI Certified – Supplier and Contract Management "

  Equal opportunity

  Servita are committed to Equal Opportunities and value the benefits of a diverse and inclusive workforce. ; We encourage all members of staff to explore at least 2 paid training objectives per annum and rotate the team through our various contracts to ensure resilience and professional development.; ; Servita have mandated that all recruitment partners publish a Diversity and Inclusion policy and we ensure a “blind screening” of all CVs is followed as part of the recruitment process.; This avoids any prejudice associated with gender/age/location/etc.

  Wellbeing

  Servita have launched a monthly wellbeing webinar programme, available to all colleagues across the globe.; The course covers the benefits of breathwork, movement and mental health and is aimed to support sleep and focus levels, exploring the science behind breathwork and the physiological benefits it can bring, before equipping colleagues with practical tips to tap into moments of clarity and calm in everyday life.; ; Servita have also partnered with Make It Wild to deliver team building conservation days. These days are paid by Servita with the objective to get the team out of the office and into nature, working together to help restore natural sites across Yorkshire.; ; Servita have also provided access to a life coach and mentor, inviting all colleagues to reach out to our consultant if they are feeling pressured or need support/guidance on any matter, work or personal, that could be affecting mental wellbeing.#

Pricing

• Price: £1,500 to £77,000 an instance a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can offer free access to monitoring and trace activity dashboards and can potentially create mock API endpoints to demonstrate functionality and/or message response types. This is subject to requirements and feasibility.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rich.story@servita.com. Tell them what format you need. It will help if you say what assistive technology you use.