Platform as a Service

(1)

Information Security Management System

Platform as a Service

Service Definition

Version: 1.0

Version date: October 2015 Classification: Public

Backup-as-a-Service Systems Monitoring DR-as-a-Service Storage-as-a-Service Hosted Exchange

Colocation Services

Systems Management _{Desktop-as-a-Service} Comms-as-a-Service Platform-as-a-Service

OFFICIAL Status

(2)

Information Security Management System

Contacts

Your contacts at OCSL are:

NAME: SARAH HOLMES ROSS HOLLIDAY ADAM COURTNEY

TITLE: Compliance Team Leader Head of Public Sector Operations Director

ADDRESS: OCSL, East House, New Pound Common, Wisborough Green, West Sussex, RH14 0AZ

TELEPHONE: +44 (0) 845 605 2100 +44 (0) 7876 226282 +44 (0) 845 605 2100

(3)

Information Security Management System

Table of contents

Contents

1. Overview of this service ... 5

1.1 Key benefits ... 5

1.2 Why choose OCSL ... 6

1.3 Key features ... 7

1.4 OCSL G Cloud 7 Services ... 8

1.5 Components available ... 8

1.6 Summary ... 13

1.6.1 Support services – OCSL Systems Management ... 13

1.6.2 Support services – OCSL Systems Monitoring ...14

2. Overview of OCSL BaaS (Backup as a Service) ... 15

2.1 ISO27001 and ISO9001 ... 15

2.2 Government Security Classifications (GSC) ... 15

3. Level of backup, restore and disaster recovery provided ... 16

4. On-boarding and Off-boarding ... 17

4.1 Service On-boarding PaaS Platform ... 17

4.2 Service On-boarding PaaS (OCSL Deployed Server) ... 17

4.3 Service On-boarding PaaS (Existing Customer Server) ... 18

4.4 Service Off-boarding ... 18

5. Service management details ... 19

5.1 Service Delivery Management ... 19

6. Service constraints ... 20

7. Service levels ... 21

7.1 Service level availability ... 21

7.2 Incident response times ... 21

8. Overview of pricing ... 23

(4)

Information Security Management System

10. Training ... 23

11. Ordering and invoicing process ... 24

11.1 Ordering ... 24

11.2 Invoicing ... 24

12. Data restoration / service migration ... 24

13. Customer responsibilities ... 25

14. Technical requirements ... 25

15. Trial service ... 25

16. Features not included in this G-Cloud service ... 25

(5)

Information Security Management System

1. Overview of this service

Platform as a Service (PaaS) provides Cloud compute virtual machines, rapidly provisioned on-demand to an enterprise class multi-tenant platform. It is paid for on a monthly basis through a fully flexible commodity based charging model. The OCSL Multi-tenant cloud platforms are built from Enterprise class hardware, utilising HP server and storage technology and Cisco networking. These are hosted in OCSL’s fully redundant N+1 UK Data Centres and provide availability at the virtual machine level of up to 99.99%.

1.1 Key benefits

 Utilise our enterprise grade infrastructure

 Remove management overheads

 Improve availability & user satisfaction

 Improve security

 Leverage OCSL IT skills

 Reduce IT TCO

 Deliver IT services to SLA

 Predictable OPEX budgeting, no hidden costs

 Improve flexibility control over the tools that are installed within your platform and create a platform to suit specific requirements

 Enable remote working

(6)

Information Security Management System

1.2 Why choose OCSL

 Enterprise level service for a fraction of the investment

 Highly skilled team with 25 years of delivering services to customers worldwide

 Bespoke, fully transparent service

 Hosted in UK data centres

 Every customer is valued, with a direct one-to-one relationship

(7)

Information Security Management System

1.3 Key features

 Up to 99.99% Availability

 Enterprise class platform with no single point of failure

 Virtually unlimited server instances

 Rapid deployment

 Agile scalable environment to flex with your business need

 Performance and capacity management

 Business continuity and disaster recovery options available

 Choose between Windows or Linux server operating systems

 Client-by-client custom configuration

(8)

Information Security Management System

1.4 OCSL G Cloud 7 Services

 OCSL Backup as a Service

 OCSL Infrastructure as a Service - IaaS – Compute

 OCSL Infrastructure as a Service - IaaS – Storage

 OCSL Secure N3 & OFFICIAL Access Services

 OCSL Platform as a Service – PaaS

 OCSL Software as a Service – SaaS

 OCSL Application Assessment Services

 OCSL Digital Assessment Services

 OCSL Digital Strategy

 OCSL Flexible Resourcing Service

 OCSL Infrastructure Assessment

 OCSL Infrastructure Services

 OCSL Consultancy Services - Microsoft Azure

 OCSL Consultancy Services - Microsoft Enterprise Mobility Suite EMS

 OCSL Consultancy Services - Microsoft Office 365 O365

 OCSL Route to the cloud

 OCSL Service Delivery & Cloud Transition Services

 OCSL Solution Architect Services

 OCSL Systems Management

 OCSL Systems Monitoring

 OCSL Transformational Services

(9)

Information Security Management System

The component pricing available within OCSL PaaS on the OCSL G-Cloud portal is detailed in the table below. The customer should order all of the components required to cover the infrastructure to be deployed. If the customer requires assistance with specifying the correct components to cover their infrastructure, they should contact OCSL on [email protected] and OCSL will be pleased to provide Pre-Sales assistance.

PaaS Component Description Quantity to Order

PaaS VM 1vCPU, 1GB RAM, 40GB O/S Disk, 1.5GB Pagefile PaaS Virtual machine 1 per virtual machine required PaaS VM 1vCPU, 2GB RAM, 40GB O/S Disk, 3GB Pagefile PaaS Virtual machine 1 per virtual machine required PaaS VM 1vCPU, 4GB RAM, 40GB O/S Disk, 6GB Pagefile PaaS Virtual machine 1 per virtual machine required PaaS VM 2vCPU, 8GB RAM, 40GB O/S Disk, 24GB Pagefile PaaS Virtual machine 1 per virtual machine required PaaS VM 2vCPU, 16GB RAM, 40GB O/S Disk, 24GB Pagefile PaaS Virtual machine 1 per virtual machine required PaaS VM 4vCPU, 8GB RAM, 40GB O/S Disk, 12GB Pagefile PaaS Virtual machine 1 per virtual machine required PaaS VM 4vCPU, 16GB RAM, 40GB O/S Disk, 32GB Pagefile PaaS Virtual machine 1 per virtual machine required PaaS VM 4vCPU, 32GB RAM, 40GB O/S Disk, 32GB Pagefile PaaS Virtual machine 1 per virtual machine required PaaS VM 8vCPU, 16GB RAM, 40GB O/S Disk, 24GB Pagefile PaaS Virtual machine 1 per virtual machine required PaaS VM 8vCPU, 32GB RAM, 40GB O/S Disk, 32GB Pagefile PaaS Virtual machine 1 per virtual machine required PaaS VM 8vCPU, 64GB RAM, 40GB O/S Disk, 32GB Pagefile PaaS Virtual machine 1 per virtual machine required Advanced Systems Management Available as an option and should be

purchased in addition to OCSL PaaS, for

(10)

Information Security Management System

servers running the following server software

 Microsoft SQL Server

(2005/2008/2008R2/2012) to Database Engine Level (does not include DBA or Application level support).

 Microsoft Exchange Server (2007/2010/2013)

 Citrix XenApp/XenDesktop (v6/v6.5/v7)

Advanced Systems Monitoring Available as an option and should be purchased in addition to OCSL PaaS, for servers running the following server software

 Microsoft SQL Server

(2005/2008/2008R2/2012) to Database Engine Level (does not include DBA or Application level support).

 Microsoft Exchange Server (2007/2010/2013)

 Citrix XenApp/XenDesktop (v6/v6.5/v7)

1 per virtual machine running SQL, Exchange or XenApp/XenDesktop

(11)

Information Security Management System

access to the internet is required. Bandwidth is

shared amongst all virtual machines purchased. required Public IP Address (per /29 subnet) Public IP addresses, sold in /29 subnets of 8

addresses, of which 2 addresses are subnet addresses, 2 are used for firewalls and routers, leaving 4 addresses that can be assigned to virtual machines, such as web servers.

1 per subnet required

Virtualised Firewall Context Virtualised firewall context, at least one must be purchased for each pool of virtual machines deployed.

1 per firewall required

Basic VPN Connectivity (per User) VPN connectivity using browser based SSL to a single user, or IPSEC from site to site (must use fixed IP addresses). At least one must be purchased to allow the customer access to manage and support virtual machines, if internet is to be used as the method of access.

1 per user required

NHS N3 Connectivity (per Mbps) Connectivity to the NHS N3 network. 1 per Mbps Bandwidth required

Service On-boarding PaaS Platform One-off setup charge for configuration of the PaaS platform. Must be selected and is charged once for each pool of virtual machines deployed.

(12)

Information Security Management System

Service On-boarding PaaS (OCSL Deployed Server) One-off setup charge for deployment of virtual machines, to be built as clean image by OCSL from server template.

1 per server deployed Service On-boarding PaaS/PaaS (Existing Customer Server) One–off setup charge for migration of

existing customer virtual machines or virtual machine data, for instance, servers requiring data migration, V2V or P2V. Limited to 100GB data per virtual machine, unless agreed otherwise with OCSL

(13)

Information Security Management System

1.6 Summary

 The customer will be allocated a resource pool equivalent to 1.5Ghz per virtual CPU

 Virtual Machines come with 40GB C: Drive as standard

 Pagefile disk will be allocated as a separate volume, as 1.5 x RAM capacity, up to a maximum 32GB

 Additional disk can be purchased in increments of 100GB, using the product “Additional PaaS Disk 100GB”

 Backup is not included; the customer should also read the Backup as a Service (BaaS) service description and purchase this for each PaaS server that requires backup capability

The operating systems that can be provided under this service include:

 Server Operating Systems (until end of support date published by the software vendor)

o Microsoft Windows Server (2003/2008/2012) o Linux (Ubuntu 10.04.4 on, RHEL 4 on, CentOS) o Unix (Solaris x86)

1.6.1 Support services – OCSL Systems Management

OCSL Systems Management provided under OCSL PaaS are as follows:

 Helpdesk to helpdesk service for the logging of faults by the Customer IT team

 2nd_{and 3}rd_{line technical support up to operating system level (unless Advanced}

Systems Management is purchased)

 Routine vulnerability patching updates

 Service Packs or firmware as agreed with the Customer

 Management of enterprise Anti-Virus solutions equipped with a centralised management console

 Management of backups where a BaaS service has been purchased

 Installation and configuration to include

o Security policy implementation, to be deployed as a default configuration unless otherwise agreed with the customer;

o Disk, Logical Volume and File system configuration;

o Adding Role Based Access Groups to the system configuration; o Server Network Services configuration;

(14)

Information Security Management System

o Dump file creation; o Log file creation;

o System Security Hardening; o System vendor liaison;

1.6.2 Support services – OCSL Systems Monitoring

OCSL Systems Monitoring is essential to OCSL’s capability to deliver a high quality PaaS service within SLA.

OCSL Systems Monitoring provides 24/7/365 monitoring of infrastructure and network devices. In addition to proactive incident prevention by alerting on key system and performance metrics, the Systems Monitoring Service also provides compressive SLA monitoring, reporting, historical trending and capacity planning.

OCSL Systems Monitoring is designed to provide continuous updated information on IT infrastructures. It provides key metrics and information on IT environments as well as displaying historical trending. By setting specific Service Level Agreements (SLA) the service will monitor infrastructure performance and generate alerts based upon criteria agreed with the customer in order to maintain the SLA it has agreed with its key

stakeholders.

Issues or performance metrics that can be monitored include:

 Servers and storage units o Failure

o Performance of disk space, CPU utilisation, memory utilisation o Server hardware components such as system fans

o Associated network services

 Customers receive monthly, comprehensive reports including: o System level status and performance

o Notification and event summary

(15)

Information Security Management System

2. Overview of OCSL BaaS (Backup as a Service)

2.1 ISO27001 and ISO9001

OCSL Managed Services have been successfully certified to ISO27001 since May 2011 and ISO9001 since November 2011. Our mature Information Security Management System (ISMS) and Quality Management System (QMS) are continually maintained by our

Compliance Team as proven in regular internal and external audits. Our certification body is Registrar of Standards (Holdings) Ltd, trading as United Registrar of Systems, Registrar of Standards Ltd & Global Registrars Inc. Their UKAS Reg no is 0043. The scope for both certificates is:

“The Supply of Managed Services, specialising in Public and Private Cloud Infrastructure, including Business Continuity (Disaster Recovery & Backup/Recovery) and Remote Management/Monitoring Solutions”.

All services are hosted at our UK Data Centres, which are in scope of our ISO27001 certificate.

All services are managed on site and in house by OCSL Managed Services employees. We do not use subcontractors. Our Service Desk is ITIL-aligned.

2.2 Government Security Classifications (GSC)

(16)

Information Security Management System

3. Level of backup, restore and disaster recovery

provided

 Backup, restore and disaster recovery is not included in this service. Please refer to OCSL BaaS (Backup as a Service) on the OCSL Digital Market Place portal to purchase this capability.

 OCSL do offer Disaster Recovery as a service. For all enquiries please contact

(17)

Information Security Management System

4. On-boarding and Off-boarding

OCSL utilise an established and proven transition methodology based upon PRINCE2 Project Management, ITIL best practice service management framework and Microsoft Operations Framework (MOF).

OCSL have listed two on-boarding products under G-Cloud for PaaS.

4.1 Service On-boarding PaaS Platform

One-off setup charge for configuration of the PaaS platform

o OCSL Service Desk Automated call distribution systems setup o OCSL Service Desk Call logging system setup

o Configuration of secure customer networks and resource pools on OCSL multi-tenant VMware platform

o Operational Documentation o Handover to OCSL support o Project Management

4.2 Service On-boarding PaaS (OCSL Deployed Server)

For virtual machines, to be built as clean image by OCSL, this service includes: o Deployment of base operating system image

(18)

Information Security Management System

4.3 Service On-boarding PaaS (Existing Customer Server)

For servers supplied and installed by the customer or another third party, this service includes:

o V2V or P2V migration of customer server to the OCSL multi-tenant VMware platform

o OCSL Service Desk Automated call distribution systems setup o OCSL Service Desk Call logging system setup

o Installation of management and monitoring tools

NB: Where server health issues are found, a list of remedial actions will be supplied to the customer, which must be remedied before the service can commence. OCSL would be pleased to quote for Professional Services based upon a daily rate if the customer requires OCSL to carry out the remedial actions.

4.4 Service Off-boarding

(19)

Information Security Management System

5. Service management details

Our ITIL aligned Service Desk is a single, central point of contact and control, routing incidents to suitably skilled engineers for resolution.

It is the objective of the OCSL Service Desk to co-ordinate the restoration of supported systems as soon as possible and within the agreed SLA performance targets.

OCSL has deployed an Incident Management System (IMS) within our Service Desk toolset.

The Service Desk is both web and telephone based. Our call handling service is available 24x7x365.

When logging calls via telephone to the Service Desk, the call operative uses the same call logging software that the customer will have access to via our secure web portal and can see the same information. This ensures consistency and freedom of available information. Our Service Desk system is also available for call logging and updating existing calls by email, as well as being accessible for servers to automatically log fault and threshold condition calls.

Calls are visible only to personnel with appropriate privileges and are account specific. Integrated with this functionality is our knowledge base, which is used to capture frequent required procedures plus complicated fixes and ‘gotchas’ to ensure a consistent and appropriate flow of information.

5.1 Service Delivery Management

OCSL will provide the customer with a Service Delivery Manger (SDM) who will act as the single point of escalation for all matters relating to the service and any issues that arise. Part of the role will be to understand the customers’ business and IT needs and to continually drive best practice to ensure service levels are met and exceeded.

Every month a service report will be produced and delivered in a face-to-face meeting, which will cover the following points:

 Executive Summary

(20)

Information Security Management System

 Service Desk information

 All changes closed per period and outstanding at end of period

 Service Metrics - Availability, capacity and performance of all assets managed or

monitored

6. Service constraints

 Maintenance windows will be agreed with the customer in advance.

 Within the parameters of software and hardware listed, the customer may employ any level of customisation. However, the customer must provide support for customised features that fall outside of the standard ‘out of the box’ capabilities of that software and hardware.

(21)

Information Security Management System

7. Service levels

7.1 Service level availability

 System Availability – Up to 99.99%

 Incident resolution target: o Priority 1 - 4 Hours o Priority 2 - 1 Day o Priority 3 - 3 Days o Priority 4 - 5 Days

 SLA Reporting - Monthly

7.2 Incident response times

Priority Incident Type Description Incident Response (within Business Hours1₎ Incident Response (Outside Business Hours) Target Incident Resolution (within Business Hours) 1 Critical - System Down

System is not operational The Service to multiple users is unavailable and the

Customer cannot readily provide a workaround solution.

1 hours 2 hours 4 hours

2 Major - System Impaired

Systems not operating with full capability but is still operational

Multiple users are restricted. The Service is available because a workaround has been applied but there are some restriction and/or

(22)

Information Security Management System

operation impact. 3 Minor - System Operating Normally

System is up and running with limited or no significant impacts

There is minor impact to users. A workaround is available with little impact on the user.

4 Informational Information or advice Agreed with Customer

(23)

Information Security Management System

8. Overview of pricing

Please see the OCSL G Cloud pricing document which details the pricing structure for this service.

9. Financial recompense model for not meeting

service levels

Where applicable, and detailed in the Call Off Agreement (signed by OCSL and the customer), Service Availability Service Credit will apply as detailed below:

OCSL shall provide at least a 99.95% uptime service availability in any calendar month. Where the uptime decreases below this level, the customer will be entitled to Service Credits in accordance with the following table.

Uptime in any calendar month Service Credit

<99.95%-99.4% 5% of monthly charge* <99.4%-98.9% 15% of monthly charge*

<98.9% 25% of monthly charge*

*It is important to note that service credits are paid as a percentage of the per component charges, for the unavailable components only, and are not paid as a percentage of the overall monthly charges.

10. Training

(24)

Information Security Management System

11. Ordering and invoicing process

11.1 Ordering

The customer can buy OCSL’s cloud based services using the Digital Marketplace.

11.2 Invoicing

 The customer shall pay by BACS the amounts set out in the Call Off Agreement (signed by the customer and OCSL).

 All amounts and fees stated, or referred to, in the Call Off Agreement are exclusive of value added tax, which shall be added to OCSL’s invoice(s) at the appropriate rate.

 OCSL shall invoice the customer following the end of each month for the service(s) performed by OCSL during that month.

 All invoices shall be sent by email and post to the customer and shall contain a detailed breakdown of the costs included in the invoice.

 Each invoice is due and payable within 30 days after the invoice date.

12. Data restoration / service migration

(25)

Information Security Management System

13. Customer responsibilities

 Administrator accounts will be configured such that OCSL staff hold the necessary rights to administer the supported operating system. While the customer or customer contracted third parties retain the level of access needed and will be expected to support the data and application layers (except where Advanced Systems

Management has been purchased).

 The customer will take all reasonable steps to avoid infrastructure incidents occurring and will maintain all systems upon which the infrastructure is dependant in an

appropriate manner.

 The customer will participate fully in OCSL’s Change Management procedures and log all infrastructure changes through this process.

 The customer will make available all technical documentation and knowledge relating to the infrastructure to be managed.

 The customer must maintain their systems in accordance with UK law.

14. Technical requirements

 The customer will provide suitable network links into OCSL datacentre (or OCSL will be pleased to quote separately for such network links upon request).

 When purchasing Linux/Unix virtual machines, the customer will be required to provide all software licenses and support subscriptions

15. Trial service

This is not applicable to this service.

16. Features not included in this G-Cloud service

Not applicable, this service description has been tailored from standard OCSL offerings to ensure suitability for G-Cloud.

(26)

Platform as a Service

Information Security Management System