Cloud Industry Forum (CIF)

CIF Certified Issue cmyk R copyCode of Practice Disclosure

OGL Computer has completed the Self-Certification against the ‘Code of Practice for Cloud Service Providers’ (the ‘Code’) of the Cloud Industry Forum (‘CIF’, at http://cloudindustryforum.org/), which the mark (right) demonstrates. Clicking on the mark will take you to the CIF website where supporting information for this Certification is available.

OGL Computer is committed to the Code. One of the main objectives of the Code is to help ensure disclosure of essential information so that consumers of Cloud Services can make better business decisions based on this information. The information on this page addresses the public disclosure requirements of the Code.

NOTICE: While OGL Computer has made the commitment to the Code and has been self-certified as compliant with the Code, customers / third parties shall note that information or certification provided by the Cloud Industry Forum does not constitute advice from or endorsement by the Cloud Industry Forum. The Cloud Industry Forum disclaims any and all liability arising out of the use of services or otherwise of certified organisations. Where disclosed information or capabilities as specified by the Code of Practice are essential in purchasing cloud services from a certified organisation, it/these should be cited contractually. Professional advice appropriate to specific circumstances should always be obtained.

Corporate Name:OGL Computer Support Ltd
Alternative trading names: OGL Computer Services Group Limited; OGL Software Limited
Legal Status:  Limited Company
Date of formation:11th March 1993
Location of Registration: UK
Registration Number:02798681
Members of Board of Directors: Paul Byrne, Ashok Patel, Neil Morris
Executive Management: Debbie Byrne, Jan Walsh, Paul Colwell, Sam Byrne
Ownership:Owned by OGL Computer Services Group Limited (reg: 3429465)
Corporate Fixed Address:OGL Computer Support Limited, Worcester Road, Stourport on Severn, Worcestershire, DY13 9AT
Scope covered by the code:Infrastructure as a Service, Back Up Services, Email Services, Disaster Recovery as a Service, Managed IT Services, Monitoring Service, IT Security Services, Storage Application, Web Hosting, Hosted Desktops, Software as a Service
A.1.5
Third Party Coverage Transparency
Robust relationships with our suppliers are central to OGL’s business practices. Prior to embarking on any new business relationship, supplier due diligence is undertaken, which includes legal and insurance checks, verification of financial stability, checking trade references, quality systems and establishing a supplier’s integrity and reputation. However, OGL does not accept indirect responsibility for its suppliers. In the event of a supplier failure OGL will work with our suppliers to try and find an alternative resolution.OGL’s suppliers do not accept indirect responsibility to OGL’s customers. OGL does not accept indirect responsibility to customers of customers. Should our direct customers go out of business, OGL will provide their customers the option to contract directly to ensure continuity of service.
A.1.6
Security Control Transparency with the Cloud Security Alliance 
We have not completed the Consensus Assessments Initiative Questionnaire with the Cloud Security Alliance.
A.1.7
Other Extended Commitments to Code of Practice Principals 
The organisation does not commit to any additional transparency, capability or accountability in addition to those contained within the Code of Practice.
A.1.8
Technological Commitments
OGL’s service is strengthened through our partnerships with world leading technology brands and standards organisations. Working alongside our partners we have access to technical information, training, user groups, member websites, pre-release products and evaluation packages which in turn ensures our staff and customers are kept up-to-date with the very latest technology and can have confidence in our working practices.
A.1.9
Existing Certifications 
  • HP Silver Partner
  • Microsoft Partner – Gold Datacenter
  • AMD
  • Kaspersky Platinum Partner
  • VMware Partner
  • Veeam Silver ProPartner
  • WatchGuard Gold Partner
  • ISO 9001 – Quality Management
  • ISO 27001 – Information Security Management
A.2.3
Customer Migration Paths at Contract Termination:
There are no commercial restrictions that a customer needs to be aware of at contract termination. There are no technological implications that a customer needs to be aware of at contract termination. When the contract for services comes to an end, we would liaise with the customer to offer them the best advice regarding data provision and transfer.  The service we would provide for our customers at the end of the contract, depends on the type of contract we have with them and what services we offer.
A.2.5
Licensing Provisions:
OGL is responsible for software/IP licensing and the customer will be made fully aware of any costs not covered within the cost of the services being provided. There are no licensing implications in addition to cost.  GPL is not applicable to OGL.
A.2.7
Data
Protection Provisions: 
OGL uses ISO 27001 certified data centres within the UK and any processing for backup services is undertaken by these data centres.  The relevant data protection legislation is the Data Protection Act 1998, and any amendments.  This is referenced within OGL’s terms and conditions. OGL has achieved the ISO 27001 certification assuring customers of its commitment to ensuring data security and is registered with the Information Commissioner’s Office.  OGL uses a layered approach to security including taking the following measures: ensuring physical security is robust and maintained; the use of up to date anti-virus and anti-malware products to regularly scan the network; using well configured firewalls; segmentation of the network components; access controls; keeping systems up to date; monitoring for problems, testing and maintenance of records; employee awareness, training and communications.  It is OGL’s expectation that its suppliers will adhere to the same industry standards and legislation. 
A.2.9
Provisions for Audit
OGL is regularly audited by its respective awarding and accrediting bodies (such as Microsoft and HP vendor audits, ISO accreditation audits etc) and it is OGL’s expectation that these audits will meet or exceed our customer’s individual audit requirements.  Should an audit fall outside the scope, then we would be happy to accommodate a customer’s requirements, although this may be chargeable.  Visits to our data centre can be arranged as per the terms and conditions of the contract, which are usually free of charge.
A.2.10
Service Dependencies
OGL is extremely selective in its choice of suppliers, particularly ones which are business critical, and it is essential that our suppliers can maintain the high standards that we demand.  In order to be able to maintain an efficient out of hours service, we have contracted with an award-winning and well-established third party call handler. We utilise a specialist data centre provider, which is spread over two UK locations, as part of our hosting infrastructure. Service levels are a key focus of both of these suppliers, who boast a 99.79% answer rate and an average ring time of 1.4 rings, and a 99.9% service level agreement respectively. All suppliers must comply with current data protection legislation and be registered at the Information Commissioner’s Office.  Our data centre mirrors our standards in data security, having also achieved ISO 27001 certification. In terms of continuity of business operations, each supplier undergoes rigorous due diligence before OGL contracts with them. In addition, OGL is able to undertake the role of call handling out of hours. The data centre has been carefully selected to ensure business continuity, furthermore, redundancies have been built into our infrastructure.
A.2.11
Complaints and Escalation Procedures
Our complaints procedure is designed to ensure that any complaints or issues are properly investigated, are given careful and fair consideration and are dealt with as soon as possible.  Given the nature of the service provided, most complaints or issues will be received by telephone or email.  The Hosted Services team will respond to technical queries within OGL’s support SLA’s.  Any service-related complaints will be escalated to the Hosted Services Manager for review, with input from the Board as required.

 

 

To find out about the Cloud Industry Forum (CIF) visit the CIF website.