Naimuri

Cloud Solution Suite

Revolutionise your cloud journey with our comprehensive Cloud Solutions Suite, integrating Secure Development Platform, Virtual Desktop Infrastructure and Secure Cloud Kubernetes at the highest level of optimisation. Seamlessly blend flexibility, scalability, and cost-efficiency into your operations, unlocking unprecedented potential for innovation and growth all in a highly secure environment.

Features

• Secure-by-design landing zones for rapid project mobilisation.
• Cloud-based infrastructure for seamless access to applications.
• Expert support for securing Kubernetes deployments.
• Unified cost monitoring and context-aware workload optimisation.
• Automated monitoring and logging for regulatory compliance.
• Anytime, anywhere data availability with virtual desktop infrastructure.
• Robust pod admission controls for enhanced security.
• Comprehensive compliance benchmarking and policy implementation.
• Context-aware workload optimisation for efficient resource allocation.
• Specialised support for serverless and spot instance workloads.

Benefits

• Enhanced security and compliance adherence across all services.
• Increased scalability and flexibility for dynamic workloads.
• Streamlined IT management with automated infrastructure management.
• Reduced infrastructure costs through efficient resource allocation.
• Improved collaboration and productivity with seamless access to resources.
• Heightened data security and threat detection capabilities.
• Simplified disaster recovery planning with cloud-based solutions.
• Enhanced performance and operational efficiency.
• Transparent financial insights with unified cost monitoring.
• Advanced partnership with AWS.

£302.10 to £1,396.02 a user a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business@naimuri.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

984351904467725

Contact

Rob Steadman
07393631316
business@naimuri.com

Service scope

• Service constraints: There are no constraints to the services we provide.
• System requirements:
  • AWS or Azure Subscription.
  • Full admin access to subscriptions.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday - Friday; 0900 - 1700 - response times can be agreed upon request
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our approach to providing support is based on the needs of the customer. We use the SRE (Site Reliability Engineering) Approach to maximise our support and development activities.; ; Beyond this, we will aim to deliver a support service that fits the needs of the customer - This can include in person, telephone, email or web support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide both onsite, online or in application training to suit the users needs. Delivered in an agile and iterative method.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Contract dependant
• End-of-contract process: Time and Materials Contract, customers responsible for ongoing AWS or Azure billing at end of contract.

Using the service

• Web browser interface: No
• API: No
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: AWS and Azure environments can be fully accessed via CLI.

Scaling

• Scaling available: No
• Independence of resources: This is a Platform for customers to build services in the cloud as such, user demand has no effect on the platform. Customer created services within the platform can be auto scaled.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: Other - Console notifications

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics:
  • Firewall Metrics
  • Utilisation Metrics
  • Access Logs
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Bespoke services for our customers can be developed from our list x facility that will address customer's key challenges.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• Backup controls: Backup schedules and data can be configured from customer requirements.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Contract dependant based on customer requirements
• Approach to resilience: Contract dependant
• Outage reporting: Contract dependant

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Single sign on. Based on Customer requirements.
• Access restrictions in management interfaces and support channels: Contract dependant based on customer requirements.
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: Contract dependent - However we support the following: 2-factor authentication, Public key authentication (including by TLS client certificate), Identity federation with existing provider (for example Google apps), Limited access over government network (for example PSN), Dedicated link (for example VPN or bonded fibre), Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO Certification Limited
• ISO/IEC 27001 accreditation date: 10/06/2023
• What the ISO/IEC 27001 doesn’t cover: Solutions and or technologies not owned by Naimuri. When staff utilise IT systems belonging to clients, partners, or associates, their actions and the information related to both the staff and Naimuri still apply. They must still follow Naimuri’s baseline security standards, even though the IT assets themselves are not directly owned or managed by Naimuri but by another entity.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Various conformance packs are available. Policies can be defined by customer.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Contract dependent to meet customer requirements.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Contract dependent to meet customer and security accreditation requirements, including Cyber Essentials & ISO27001, IT Health Checks supported by various threat intelligence reports.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring processes are defined and managed by customers.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Contract dependent, both customer defined and Naimuri incident management processes followed.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: AWS & Azure
• How shared infrastructure is kept separate: AWS & Azure employ hypervisors to create and manage virtual machines (VMs), ensuring each customer's data and applications run in isolated environments on the same physical hardware. This isolation is reinforced through advanced networking configurations and access controls, which prevent unauthorised access between environments. Additionally, both AWS and Azure implement stringent security policies and compliance measures, continuously monitoring and auditing their systems to maintain the integrity and confidentiality of user data, upholding both security and privacy on their multi-tenant platforms.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Naimuri use both AWS and Microsoft Azure data centres in the UK, which comply with the European Code of Conduct for Energy Efficiency in Data Centres. They commit to the Code's best practices, which cover areas such as IT load management, cooling, power distribution, and data centre design. This adherence allows them to reduce environmental impact and align with broader sustainability goals.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Naimuri has an Environmental Impact Power Group responsible for coordinating the firm wide approach to sustainability and environmental impact.; Key approaches include:; Set up recording and monitoring of our Scope 1, 2 and 3 carbon emissions.; Created a carbon reduction plan - committed to achieving Net Zero emissions by 2050 or sooner.; We are establishing carbon literacy workshops for colleagues and partners to improve understanding and encourage more sustainable operations and behaviours.; Engaging with other customers and suppliers to look into more sustainable upstream and downstream results.

  Equal opportunity

  At Naimuri we actively promote a diverse and inclusive environment. We have partnerships with Manchester Digital (promoting women in IT), Coding Black Females, NorthCoders (An IT Bootcamp for people who are cross training or reskilling), and other initiatives.; ; We actively seek to recruit people from various backgrounds to build diversity in our teams, making sure we don’t just recruit degree qualified individuals. Each year we take on Apprenticeships, Graduates and early careers (people swapping careers or returning to work), and invest in their growth and progression thorough our early careers progression framework.; ; Our approach to recruitment is centred on our values and culture. We provide benefits to promote flexible working patterns including part time working, which allows many people who have found this a barrier to entering tech roles, the opportunity to join us and pursue their career. Our culture promotes a flat delivery structure on projects, giving everyone an equal voice in how the team operates and delivers.

  Wellbeing

  We encourage, invest and enable our people to develop what’s important to them, resulting in company initiatives (we call them Power Groups). These promote people's wellbeing and improve our environmental impact. This in turn has led to people becoming training mental health first aiders or skilled to perform environment audits.; The Naimuri Mental Health Wellbeing Group has established multiple measures, including investment in time and funding, to support MH & Wellbeing. Regular wellbeing support and activities are established as BAU. There are regular monthly updates to firm wide briefings to maintain a strong leadership approach for values and messaging relating to MH & Wellbeing and the enablers required to support this (e.g., appropriate resourcing of projects).

Pricing

• Price: £302.10 to £1,396.02 a user a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business@naimuri.com. Tell them what format you need. It will help if you say what assistive technology you use.