Creation Date:
Matt Johnson, Owen
Turney
15/2/13
Last Revision Date:
Version:
15/2/13
3.0
Reviewed by:
Matt Clark, James Mulhern
David Hemmings, Hilary
Singleton
Annually
February 2014
OPTIONAL
Version changed
Owned by:
Approved by:
Change made
Version carried forward
from G-Cloud 2
submissions
Change owner
Review Period:
Next review date:
Unique reference:
Change Date
Andy Powell
12/2/13
2.9
Service Definition
IL3 Cloud Design Service
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 1 of 20
Contents
Contents ............................................................................................................................. 2
1.
Definitions .................................................................................................................... 4
2.
Service Summary......................................................................................................... 5
2.1.
Functional Overview ............................................................................................. 5
2.2.
Non-Functional Overview ...................................................................................... 6
2.3.
Information Assurance .......................................................................................... 6
2.4.
Government Security Compliance Standards ........................................................ 7
2.5.
Eduserv Project and Design Methodologies .......................................................... 7
3.
Discovery and Requirements Analysis ......................................................................... 8
4.
Eduserv IL3 Cloud Design Service Project ................................................................... 9
5.
6.
4.1.
IL3 Cloud Design Service On-boarding ................................................................. 9
4.2.
Requirements Specification .................................................................................. 9
4.3.
Project Planning Phase ......................................................................................... 9
4.4.
Project Control .................................................................................................... 10
4.5.
Project Closure ................................................................................................... 10
Customer IL3 Cloud Solution Design ......................................................................... 10
5.1.
Eduserv IL3 Cloud Design Service Toolkit .......................................................... 10
5.2.
Eduserv IL3 Cloud Design Options ..................................................................... 11
5.3.
Customer IL3 Cloud Solution Design Deliverables .............................................. 12
5.3.1.
Functional Specification ............................................................................... 12
5.3.2.
High Level System Design ........................................................................... 12
5.3.3.
Service and Security Operations Architecture .............................................. 13
5.3.4.
RMADS Accreditation Plan .......................................................................... 13
5.3.5.
Build and Operations Plan ........................................................................... 13
Service Management ................................................................................................. 14
6.1.
Hours of Service ................................................................................................. 14
6.2.
Customer Contact ............................................................................................... 14
6.2.1.
Service Requests and Change Requests ..................................................... 14
6.3.
Change and Risk Management ........................................................................... 15
6.4.
Project Reporting ................................................................................................ 15
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 2 of 20
6.5.
Service Levels .................................................................................................... 15
6.5.1.
IL3 Cloud Design Service Deliverable Milestones ........................................ 15
6.5.2.
Change and Service Request Response ..................................................... 16
7.
Eduserv IL3 Cloud Design Service Pricing ................................................................. 16
8.
Service Credits........................................................................................................... 16
9.
Service Termination and Off-boarding........................................................................ 16
10.
Service Constraints ................................................................................................ 16
11.
Service Dependencies ............................................................................................ 17
12.
Customer Responsibilities ...................................................................................... 17
13.
Service Options ...................................................................................................... 18
13.1.
Low Level Design Service ............................................................................... 18
13.2.
Migration Planning Service .............................................................................. 18
Annex 1: Eduserv IL3 Cloud Design Service Schematic ................................................... 19
Annex 2: Eduserv IL3 Cloud Design Service Pricing ......................................................... 20
Discovery and Requirements Analysis........................................................................... 20
IL3 Cloud Design Service Project .................................................................................. 20
Service Options ............................................................................................................. 20
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 3 of 20
1. Definitions
“Baseline IL3 Cloud Design Service Plan” is the Customer and Eduserv mutually agreed
project plan specifying the tasks, timescales, resources, costs, dependencies and risks in
implementing the Eduserv IL3 Cloud Design Service. It is agreed following service onboarding and placed under change control
“Build and Operations Plan” is an IL3 Cloud Design Service Project deliverable specifying
the tasks, timescales, resources, costs, dependencies and risks in implementing and
operating the proposed Customer IL3 Cloud Solution Design
“Business Impact level (BIL or IL)” is the security standard specified by the Government
Security Policy Framework and the Standard Protective Marking scheme reflecting data
Confidentiality, Integrity and Availability
“Change Request” is a customer request to significantly change the scope of the service
Requirements Specification and/or the agreed Baseline IL3 Cloud Design Service Plan
“Christmas to New Year Break” Christmas Day to New Year’s Day when the Eduserv IL3
Cloud Design Service is unavailable
“Core Hours of Service” are Monday to Friday 8am to 6pm, excluding English Public
Holidays and Christmas to New Year Break
“Customer Change Authority” is the designated customer contact(s) with respect to
authorising a Change Request or Service Request
“Customer IL3 Cloud Solution” is the total Eduserv hosted customer IL3 IaaS solution
incorporating Eduserv Core Infrastructure, Customer Solution Infrastructure, Customer
Solution DMZ Infrastructure and Customer IL3 Design Options as appropriate
“Customer IL3 Cloud Solution Design” is the design documentation set for the Customer
IL3 Cloud Solution incorporating Functional Specification, High level Design and Service
and Security Operations Architecture
“Customer IL3 Design Options” are the optional customer technical solution components
including External Access, Release and Development Environments, Disaster Recovery
and Backup Solution design
“Customer Solution DMZ Infrastructure” is the physical infrastructure required to provide IL3
data segregation from the Internet and to conform to relevant CESG Good Practice Guides
(notably GPG-8 and GPG-13)
“Customer Solution Infrastructure” is the customer-specific physical infrastructure including
Customer IaaS platform (Compute, Storage, Virtualisation Software), Networking, and
Security appliances
“Discovery and Requirements Analysis” is a mandatory Eduserv pre-sales service to scope
and price the IL3 Cloud Design Service
“Eduserv Core Infrastructure” is the Eduserv physical Datacentre(s), physical security,
internet connectivity and related processes that contribute to ISO27001 certification
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 4 of 20
“Eduserv IL3 Cloud Design Service Project” is the project to take customer solution
requirements, the Government security compliance standards and Eduserv IL3 Cloud
Design Service Toolkit and to develop a Customer IL3 Cloud Solution Design
“Eduserv IL3 Cloud Design Service Toolkit” is the Eduserv suite of technical, service and
security design templates and related documentation sets which support Customer IL3
Cloud Solution Design and subsequent IL3 RMADS accreditation on implementation
“IL3” is the Business Impact level for customer “Restricted” data
“Infrastructure as a Service (IaaS)” is a Cloud service model for delivering Customer
solution compute (CPU, memory), network and storage resource
“Release and Development Environments” are the optional Production, pre-Production,
Development, System Test and/or Disaster Recovery logical or physical environments
which may form part of a Customer IL3 Cloud Solution Design
“Risk Management and Accreditation Documentation Set (RMADS)” is the suite of material
supporting accreditation of a Customer IL3 Cloud Solution Design against HMG Information
Assurance standards and notably the Cabinet Office Security Policy Framework (SPF)
“RMADS Accreditation Plan” is an Eduserv IL3 Cloud Design Service Project deliverable
specifying the tasks, deliverables, resources, risks and dependencies in achieving IL3
RMADS accreditation
“Service and Security Operations Architecture” ” is an Eduserv IL3 Cloud Design Service
Project deliverable specifying the key policies, processes, roles and responsibilities in
securely operating a Customer IL3 Cloud Solution to required standards and good practice
“Service Request” is a customer request for information or a request for Eduserv IL3 Cloud
Design Service support out of Core Hours of Service.
2. Service Summary
The Eduserv IL3 Cloud Design Service is a design service which gathers a customer’s
business, technical and service requirements and produces a suite of design and related
documentation sets for an Eduserv-hosted Customer IL3 Cloud Solution which facilitates
subsequent IL3 RMADS accreditation on implementation.
2.1. Functional Overview
The Service provides:
a) Discovery and Requirements Analysis
A phase to gather an understanding of the customer’s business context, goals and
timescales for a Customer IL3 Cloud Solution and to assess the customer technical,
service, security and commercial requirements. The output from the phase will be a
Requirements Analysis Document and a fixed-price quote for the Eduserv IL3 Design
Service Project.
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 5 of 20
b) Eduserv IL3 Cloud Design Service Project
The Eduserv managed project to take customer solution requirements, the Government
security compliance standards and Eduserv IL3 Cloud Design Service Toolkit and to deliver
a Customer IL3 Cloud Solution Design, including:

Requirements Specification and Functional Specification

High Level Design

Service and Security Operations Architecture

RMADS Accreditation Plan

Build and Operations Plan – including indicative costs for Customer IL3 Cloud
Solution Design implementation and operation.
2.2. Non-Functional Overview
The Eduserv IL3 Cloud Design Service is undertaken by experienced Eduserv Project
Managers and Technical Design Authorities working with customer stakeholders and
specialist partners to establish a Baseline IL3 Cloud Design Service Plan which is executed
to deliver an ‘IL3 RMADS-ready’ Customer IL3 Cloud Solution Design and associated
documentation sets. The Service provides:

Committed Eduserv Project Manager and Technical Design Authority resource
using appropriate tools, methods and other Eduserv professionals services, as
required

External and independent Security Consultancy to ensure additional design and IL3
RMADS compliance rigour

Service management processes regarding customer contact, service and change
requests and the production of project deliverables

Service options which support the further detailed definition of the design, its
implementation and IL3 RMADS accreditation, including Low Level Design Service
and Migration Planning Services.
Annex 1 provides a high level schematic of the Service.
2.3. Information Assurance
Eduserv is ISO27001 certified and has significant experience in working to a broad range of
Government customer security standards, up to Business Impact Level IL3. Eduserv will
store and process any service-related data such as plans, designs, records and reports to
appropriate security standards. Any Eduserv technical server, storage or network
infrastructure required by Eduserv to deliver the service will be hosted in Eduserv’s Tier-3
designed UK data centre. Staff engaged in the design project will be appropriately security
cleared.
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 6 of 20
2.4. Government Security Compliance Standards
The Service is centred on establishing a Customer IL3 Cloud Solution Design and
appropriate documentation which supports subsequent IL3 RMADS accreditation. The
context, requirements and constraints of computer systems housing IL3 data and of the
RMADS planning and accreditation process are as follows.
a) Business Impact Level IL3 data and associated Computer Systems
HMG Information Assurance and notably the mandatory Cabinet Office Security Policy
Framework (SPF), outlines approaches to assess the value of hosted information assets
and appropriate measures for protection against threats and vulnerabilities. Many of these
approaches are reflected in CESG Good Practice Guides (GPG), with the following being
the most relevant to an Eduserv-hosted Customer IL3 Cloud Solution Design: GPG8 –
‘Protecting External Connections to the Internet’; appropriate Public Service Network (PSN)
Codes; GPG12 – ‘Use of Virtualisation Products for Data Separation’ and GPG13 –
‘Protective Monitoring for HMG ICT Systems’, with IL3 requiring a ‘Deter’ capability, with
measures to deter an attack from a skilled hacker.
b) IL3 RMADS and accreditation
Compliance with the SPF and notably the governance of computer systems housing IL3
assets is subject to accreditation. The production of a Risk Management and Accreditation
Documentation Set (RMADS) is mandatory for IL3-housed assets. RMADS comprises of
two main phases:

Phase 1: Perform an HMG IA Standard 1 Technical Risk Assessment - catalogue
relevant information systems; establish a risk profile vis-à-vis requirements; conduct
a threat assessment and produce a Prioritised Risk Catalogue

Phase 2: Create an RMADS in accordance with HMG IA Standard 2 - conduct an
ISO 27001 Benchmarking Review, develop a Risk Treatment Plan to ensure a
proposed customer solution meets requirements, develop Security Operating
Procedures where a technical solution does not meet the required level of risk
mitigation.
2.5. Eduserv Project and Design Methodologies
The Eduserv IL3 Cloud Design Service is planned and managed as a formal project by an
Eduserv Project Manager using an appropriate project methodology and working in close
collaboration with customer stakeholders, Eduserv Technical Design Authorities, Eduserv
technical specialists and 3rd party security consultants.
Eduserv Project Managers use fit for purpose project management methods, including:

Prince2, underpinned by conventional 7 stage predictive approaches, typically used
for large scale complex designs

Rapid Application Development and agile approaches such as Scrum and DSDM,
used to pragmatically deliver prioritised design products in short timescales.
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 7 of 20
Designs are produced by an Eduserv Technical Design Authority using a structured
architectural design methodology. For complex designs, typically under Prince2, a formal
and holistic approach is used, such as TOGAF or the Zachman Framework, to ensure
detailed analysis and alignment to business requirements.
Design Security Assurance is provided throughout the design lifecycle by Eduserv security
specialists. However, external and independent security consultants are used to validate
key design decisions and deliverables, notably in relation to IL3 RMADS accreditation
requirements.
3. Discovery and Requirements Analysis
A Discovery and Requirements Analysis phase is required to establish the customer’s
business context, goals and timescales and the target Customer IL3 Cloud Solution
technical, operational and security requirements. The output from the phase is a
Requirements Analysis Document including an Eduserv fixed-price proposal for a
subsequent Eduserv IL3 Cloud Design Service Project. It comprises of the following:

Discovery approach: Eduserv will engage with relevant customer business,
technical, service, security and 3rd party stakeholders to gather relevant knowledge
and to establish a cooperative relationship around the Customer IL3 Cloud Solution
Design. It will be carried out in a structured manner via interview, questionnaire and
document review subject to customer approval

Discovery and analysis of business requirement: will establish the relevant highlevel business requirements, drivers and business stakeholders, including the
review of any available business case information

Discovery and analysis of design project requirement: will establish key design
project requirements including timescales, business cycles, budget, dependencies,
risks, key stakeholders and 3rd parties

Discovery and analysis of design technical requirement: will establish key customer
technical stakeholders; key Customer IL3 Cloud Solution compute and storage
requirements, target software architecture platform, products, systems, interfaces,
constraints and dependencies and Customer IL3 Design Options; relevant Legacy
IT systems and outline requirements for any subsequent migration and
consolidation

Discovery and analysis of design operational and security requirements: target
SLA’s and key operational processes; 3rd party support providers and
responsibilities across the service stack; specific system access, data management
and security requirements

Fixed-price Eduserv IL3 Cloud Design Service Project quote. This will be the price
of producing an ‘IL3 RMADS ready’ Customer IL3 Solution Design and document
set based on the established requirements.
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 8 of 20
On agreement of the Requirements Analysis Document and fixed-price quote, Eduserv will
proceed with service commencement and on-boarding of the Eduserv IL3 Cloud Design
Service Project.
4. Eduserv IL3 Cloud Design Service Project
4.1. IL3 Cloud Design Service On-boarding
The on-boarding of the IL3 Cloud Design Service will be facilitated by the production of a
Project Initiation Document (PID). This will draw on the above Requirement Analysis
Document to detail project goals, scope, project organisation, constraints, resources and
budget.
On-boarding will also include interfacing to customer project and quality systems, setting up
project control mechanisms, project files and collaboration environments as appropriate.
4.2. Requirements Specification
The initial phase of the Eduserv IL3 Cloud Design Service Project will be to establish a
clear baseline specification of customer requirements. This will draw on the above
Requirement Analysis Document. The Requirements Specification will typically be
produced by customer representatives, with Eduserv assistance as required, and will detail
and agree a high level, non-technical description of requirements. Eduserv can facilitate
requirement workshops and stakeholder interviews and typically propose a pragmatic
MoSCoW (Must, Should, Could, Would) methodology to reach prioritised well-articulated
customer requirements.
The Requirements Specification is a key input to the Eduserv IL3 Cloud Design Service
Project and notably for the development of a Functional Specification which maps outline
technical approaches to customer requirements, see 5.3.1.
4.3. Project Planning Phase
Following the establishment of an IL3 Cloud Design Service Project Initiation Document
(PID), a customer Requirements Specification and following further scoping, stakeholder
interview and analysis; a detailed Baseline IL3 Cloud Design Plan will be produced
specifying key project tasks, milestones, resources, costs, dependencies, risks and
acceptance criteria.
This will be agreed with relevant customer authorities and placed under change control.
This forms the basis for the structured and controlled delivery of the design project. Plan
formation is conducted by an experienced Eduserv Project Manager trained in PRINCE2
and familiar with handover to ITIL Service operation. The Project Planning Phase includes:

The production of a detailed Baseline IL3 Cloud Design Plan including solution,
service, people, security and cost components

The production of a shared risk register which identifies prioritised risks and agreed
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 9 of 20
contingency and mitigation actions

The customer agreement and sign-off of the Baseline IL3 Cloud Design Plan.
4.4. Project Control
Eduserv Project Managers use fit for purpose project management approaches, see 2.5, to
control the delivery of design projects in line with the baseline plan. Eduserv Design
Authorities support Project Managers by owning the technical integrity of design projects
from initiation through to handover. Key, Prince2-oriented, project control activities include:

The Eduserv IL3 Cloud Design Service Project will be regarded as a number of
distinct projects each divided into stages; with acceptance criteria acting as
boundary gates which must be satisfied before progressing. Each stage will be
defined in terms of work packages specifying the activity, subtasks, owner,
authoriser, milestones and acceptance criteria

Key Project Deliverables, see 5.3, will be provided to service level targets and will
be subject to customer sign-off before proceeding to subsequent project stages

The Baseline IL3 Cloud Design Service Plan will be managed under change control
by the Eduserv Project Manager and a risk log will be maintained

Project spotlight reports will be produced on a weekly basis covering progress,
issues, risks and mitigation actions

Project reviews will be held on an agreed periodic basis.
4.5. Project Closure
The Eduserv IL3 Cloud Design Service Project will complete following the supply and
customer acceptance of all project deliverables, see 5.3.
On completion a post-implementation review report will be produced highlighting how the
project performed against its planned cost, schedule and acceptance criteria.
5. Customer IL3 Cloud Solution Design
The Eduserv IL3 Cloud Design Service uses skilled Technical Design Authorities, an
appropriate design methodology and an Eduserv toolkit of reusable design material to
produce a business-aligned Customer IL3 Cloud Solution Design in line with the
Requirement Specification, above. Key elements and deliverables of the design process
include.
5.1. Eduserv IL3 Cloud Design Service Toolkit
Eduserv have significant experience of designing, building and operating IL3 Cloud
Services in line with RMADS requirements. To capture this experience and to enable
reuse, Eduserv have developed a toolkit of IL3 design, build and integration approaches,
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 10 of 20
templates and documentation. This covers technical infrastructure design, integration within
Eduserv’s Datacentre, network, management, protective monitoring and cloud hosting
environment, ‘on-net’ and customer access provisioning, and related service and security
operations including RMADS accreditation planning. Key elements of the Eduserv IL3
Cloud Design Service Toolkit include:

IL3 Solution Design (Solution Templates) – Logical Eduserv IL3 Design Blocks that
may be combined to form an infrastructure design that is capable of being
successfully IL3 RMADS accredited, including:
o
Eduserv Core Infrastructure – the Datacentre physical building, physical
security, internet connectivity and business processes that contribute to ISO27001 certification. This core infrastructure is shared between multiple
clients
o
Customer Solution Infrastructure - the physical infrastructure to support the
specific customer’s IaaS platform, network connections, compute, storage,
virtualisation software, networking, and security firewalling
o
Customer Solution DMZ Infrastructure - the physical infrastructure required
to provide IL3 data segregation from the Internet and to conform to GPG8
and GPG13. This acts as the break point between the IL3 environment and
external access points

IL3 Service and Security Operations (Service Templates) - the body of reusable
Eduserv procedures, practice and documentation with respect to hosted IL3 solution
operational management. Including relevant ITIL Service management approaches
and the holistic assessment of risk with appropriate measures to protect against
vulnerabilities and threats. At IL3 this includes a protective monitoring operations
including ‘deter’ capability

IL3 Security Accreditation (RMADS Templates) - Eduserv have undergone IL3
RMADS accreditation for a complex hosted Government customer Cloud solution
and have a clear understanding of the accreditation project requirement, phasing
and lead times. Eduserv have a body of RMADS template material which may be
subject to some reuse including scope and risk definition, threat assessment and
treatment planning with respect to solution and service design.
5.2. Eduserv IL3 Cloud Design Options
A Customer IL3 Cloud Solution Design will typically have a number of bespoke components
to reflect customer business and functional requirements and specific network, storage and
security separation constraints. Eduserv have templated a number of design option
approaches to support a range of specific customer requirements, including:

External access: in line with GPG8 and GPG13 requirements
o
2-factor authentication for remote system access, such as VPN
Username/Password and Client Certificates
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 11 of 20
o
No direct ‘North-South’ connectivity across the DMZ, the Proxy server and/or
Threat Management Gateway should handle all North-South traffic. Packet
inspection should occur

Private Client Connectivity: Direct connectivity with (or without) firewalling into the
client’s corporate network allowing effective extension of the client estate into
Eduserv’s Datacentre(s). This allows full integration with client systems such as
Corporate Active Directory and SharePoint Services

Release and Development Environments: Eduserv’s design can incorporate one or
more customer environments including Production, pre-Production, Disaster
Recovery, Development and System Test

Disaster Recovery: Suitable DR facilities can be provided at an alternative
geographical location to provide off-site redundancy with near real time replication
of data using SAN to SAN block level replication

Backup: to disk on-site or off-site to allow recovery of mission critical data.
5.3. Customer IL3 Cloud Solution Design Deliverables
The following are the key Eduserv deliverables from the design process.
5.3.1. Functional Specification
Eduserv will produce a Functional Specification comprising of a technical description of
how each of the requirements identified in the Requirements Specification will be
implemented and notably the inputs, outputs, behaviours and dependencies. The
Functional Specification is a precursor to the production of a High level Design.
5.3.2. High Level System Design
A High Level Design is the key deliverable of the Eduserv IL3 Cloud Design Service. It
specifies the architecture platform(s), key solution components, systems, products and
interfaces in meeting the Functional Specification. It includes the following; drawing on the
Eduserv IL3 Cloud Design Service Toolkit, as appropriate.

High Level Architecture Overview
o
Logical IL3 Design: Eduserv Core Infrastructure, Customer Solution
Infrastructure, Customer Solution DMZ Infrastructure component design,
see section 5.1
o
Customer IL3 Design Options: External Access, Private Client
Connectivity, Release and Development Environments, DR and/or
Backup component design

Infrastructure Design Overview: specifying the architecture platform and key
Cloud infrastructure (IaaS) solution elements, and draft Bill Of Materials

Network Design Overview: specifying, as appropriate, Internet and ‘on-net’
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 12 of 20
direct connectivity into the customer network, DR connectivity, management
access and key data and workflows

Security Design Overview: DMZ, physical devices, firewalling, separation
(virtualisation, storage) and protective monitoring infrastructure design.
5.3.3. Service and Security Operations Architecture
The Service and Security Operations Architecture deliverable outlines the operational
framework for managing the Customer IL3 Cloud Solution and it is a key part of the
RMADS accreditation scope. The architecture draws on Eduserv’s experience and
documented service policies and templates in the Eduserv IL3 Cloud Design Service
Toolkit, as appropriate. This ensures due consideration of the RMADS and related
accreditation context.
The architecture will be centred on an ITIL Service Management and ISO27001 framework
with appropriate consideration of IL3 security operations compliance including mandated
and recommended practice in CESG Good Practice Guides (GPG-8, 12 and 13), including:

Service support and Delivery: consideration of incident management, change and
release management; availability management and IT service continuity
management

Security Operations: vulnerability and operational risk assessment, system access
controls and security incident management procedures. Protective monitoring
services to IL3 ‘deter’ level, including appropriate event log and incident recording,
review, analysis and action re threats. Ongoing liaison with business owners re
security policy and procedures.
5.3.4. RMADS Accreditation Plan
Eduserv will produce a baseline plan describing the tasks, deliverables, resources,
timescales, risks and dependencies in achieving IL3 RMADS accreditation for the
Customer IL3 Cloud Solution Design and Service and Security Operations Architecture, in
relation to the business requirements. Key elements of the plan include:

A draft Prioritised Risk Catalogue: including risk definition and threat assessment

A draft Risk Treatment Plan: including definition of the solution and operational
approaches to mitigate prioritised risks.
5.3.5. Build and Operations Plan
Eduserv will deliver an IL3 Design Build and Operations Plan to specify the key tasks and
costs in implementing and operationally managing the proposed High Level Design above,
it will outline:

Indicative implementation tasks, timescales, resources, costs, risks and
dependencies in order to build, test and validate the Customer IL3 Cloud Solution
Design in Eduserv’s Datacentre, network and Cloud service environment
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 13 of 20
o

This will include a defined cost for producing a Low Level Design and full,
definitive Bill Of materials, if the size and complexity of the customer IL3
solution warrants it
Indicative Service and Security Operations tasks, timescales, resources, costs, risks
and dependencies to establish customer-specific operational, security policies and
procedures and to complete acceptance in to service
o
This will include an indicative annual Service cost for operating the
Customer IL3 Cloud Solution. As a Cloud-based service this will typically be
priced on a consumption or utility basis in relation to compute and storage
resource.
6. Service Management
The service will typically be managed in line with Prince2 project management guidelines.
This includes producing a Project Initiation Document and Baseline IL3 Cloud Design
Service Plan, initiating and controlling the project stages and producing defined project
deliverables until successful project closure. The service requires close collaboration with
the customer and key stakeholders in relation to project definition, project control and
change and risk management.
Service Management will ensure clarity in the service roles and responsibilities, provide
customer contact processes for change and service requests and commit to service levels
in terms of request response and project deliverables.
6.1. Hours of Service
The Eduserv IL3 Cloud Design Service is provided during Core Hours of Service. Eduserv
will endeavour to be flexible to customer priorities and business cycles and may agree
specific tasks outside of Core Hours of Service on the basis of a Service Request, see
6.2.1.
6.2. Customer Contact
Eduserv provide a telephone and email Service Desk for customers during Core Hours of
Service in order to facilitate the logging of Service Requests and Change Requests.
Telephone: (0)1225 474321
email address: governmentcloud@eduserv.org.uk
6.2.1. Service Requests and Change Requests
Service Requests and Change Requests will be made to Eduserv via the designated
Customer Change Authority.

A Service Request is a customer request for information or a request for nonstandard working, for instance providing support out of Core Hours of Service

A Change Request is a customer request to change the scope of the design (a
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 14 of 20
significant change to the Requirements Specification), or the agreed Baseline IL3
Cloud Design Service Plan.
6.3. Change and Risk Management
The Eduserv Project Manager will provide the following control services with respect to
service change and risk:


Change Management
o
The maintenance of a log of Change Requests received via the Customer
Change Authority as part of project configuration control
o
The maintenance of a log of changes to requirements, specifications,
design, and planning documents
o
A summary of changes will be provided in the weekly spotlight report, see
section 6.4
Risk Management
o
The maintenance of a risk log, which prioritises project risks and identifies
mitigating actions, owners and timescales. Risks will be regularly reviewed,
reported and escalated to the customer following an agreed process.
6.4. Project Reporting
The Service will provide a Weekly Spotlight Report, highlighting:

Service progress against the Baseline IL3 Cloud Design Service Plan

Current issues, risks and mitigation actions (project, design, RMADS accreditation)

Project costs to date against budgetary targets.
6.5. Service Levels
The Eduserv IL3 Cloud Design Service has the following target service level metrics.
6.5.1. IL3 Cloud Design Service Deliverable Milestones
The IL3 Cloud Design Service Project delivers a suite of design and related documentation
sets. The deliverables and target milestones, where applicable, include:
Project Deliverable
Requirements Analysis Document
Requirements Specification
Project Initiation Document (PID)
Baseline IL3 Cloud Design Service
Plan
Deliverable Due Date
2 working weeks after the completion of the Discovery and
Requirements Analysis phase
Dependent on customer input
2 working weeks after Eduserv IL3 Cloud Design Service
Project commencement
Baseline plan produced 2 working weeks after the
completion of the PID
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 15 of 20
Functional Specification
High Level Design
Service & Security Operations
Architecture
RMADS Accreditation Plan
Build and Operations Plan
Weekly Spotlight Report
Post-Implementation Review Report
Dependent on project size and scope
Dependent on project size and scope
Dependent on project size and scope
Dependent on project size and scope
Dependent on project size and scope
Delivered by end of each working week, beginning at
commencement of IL3 Cloud Design Service On-boarding,
see 4.1
Provided within 2 working weeks of project closure, see 4.5.
6.5.2. Change and Service Request Response
Eduserv will respond to a customer Service Request or Change Request within 2 working
days.
7. Eduserv IL3 Cloud Design Service Pricing
Eduserv’s IL3 Cloud Design Service pricing is provided in Annex 2.
8. Service Credits
The Eduserv IL3 Cloud Design Service does not issue service credits.
9. Service Termination and Off-boarding
A customer or Eduserv may terminate the IL3 Cloud Design Service in line with the relevant
Eduserv Terms and Conditions. On service termination, Eduserv will commence a service
off-boarding process, including:

Providing the customer with copies of all completed project deliverables and reports

Ceasing access to any project or collaboration tools or workspaces

Deleting and cleansing any customer-related data or information held by Eduserv or
on Eduserv infrastructure, to required security standards.
10. Service Constraints
The Eduserv IL3 Cloud Design Service has the following limitations and exclusions:

The Service is a project management and design service and excludes any
implementation activities

The Service delivers a High level Design, Service and Security Operations
Architecture, RMADS Accreditation Plan, Business and Operations Plan (including
a draft Bill of Materials and indicative build and operations cost). It does not include
a Low Level Design and a firm fixed price for build and operation
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 16 of 20

The Service produces an IL3 RMADS ‘accreditation ready’ design set and RMADS
Accreditation Plan. It does undertake the RMADS accreditation process

The Service uses good practice, Eduserv skills and experience and 3rd party
consultancy to ensure an IL3 RMADS ‘accreditation ready’ design is produced.
However, it cannot guarantee successful subsequent IL3 RMADS accreditation

The service excludes customer Legacy IT Service migration analysis and planning

The scope of the IL3 Cloud Design Service will be outlined in the Requirements
Analysis Document and defined in detail in the Requirements Specification and
Baseline IL3 Cloud Design Service Plan. Any subsequent significant change in
requirements will be subject to a Change Request which will be assessed by
Eduserv and may incur further cost

The Service excludes visits to customer sites, including the attendance of service
reviews. Attendance will be subject to prior agreement with any expenses incurred
charged additionally.
11. Service Dependencies
The IL3 Cloud Design Service has the following dependencies:

An initial Discovery and Requirements Analysis phase must be conducted to define
the scope and price of the Eduserv IL3 Cloud Design Service Project.
12. Customer Responsibilities
The customer has the following responsibilities in relation to the service:

The customer will provide Eduserv with access to, and the sufficient time of,
customer business and technical stakeholders in order for Eduserv to conduct the
Discovery and Requirements Analysis

The customer and Eduserv will agree a fixed-price for the Eduserv IL3 Cloud
Design Service Project, based on a quote from the Discovery and Requirements
Analysis phase

The customer will provide input to and agree the Requirements Specification,
Project Initiation Document and Baseline IL3 Cloud Design Service Plan

The customer will provide on-going input to the Eduserv Project Manager and
Technical Design Authority in relation to information requests

The customer will provide a list of authorised names, and follow designated
procedures, with respect to logging Change Requests and Service Requests with
Eduserv.
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 17 of 20
13. Service Options
The Eduserv IL3 Cloud Design Service may be enhanced by a number of service options,
which support the further detailed definition of the design, its implementation and IL3
RMADS accreditation.
13.1. Low Level Design Service
Is a service to produce a Customer IL3 Cloud Solution Low Level Design including a
definitive Bill Of Materials. This is required in order to establish a firm price for customer
solution ‘Build and Operate’ and to practically support infrastructure build and formal
RMADS accreditation.
The Low Level Design specifies the detailed design of each component in the solution
following relevant vendor best practice guidelines. Operability and lifecycle design issues
such as scalability, performance, maintainability, business continuity and capacity are also
addressed.
13.2. Migration Planning Service
Is a project service using well-defined project management approaches to assess and plan
customer Legacy IT solution and service migration to the Customer IL3 Cloud Solution
environment. This may also include IT consolidation and/or modernisation activities as part
of the migration process.
The service includes the migration planning of operational service and commercial
requirements as well as technical requirements.
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 18 of 20
Annex 1: Eduserv IL3 Cloud Design Service Schematic
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 19 of 20
Annex 2: Eduserv IL3 Cloud Design Service Pricing
Discovery and Requirements Analysis
In order to scope and price the IL3 Cloud Design Service Project, a pre-sales Discovery
and Requirements Analysis phase is required, priced on a man day basis dependent on
scope and complexity of the Customer IL3 Cloud Solution Design requirement.
The day rate is ‘Strategy & Architecture, 5. Ensure/Advise’ in the provided SFIA Table.
A key deliverable of the Discovery and Requirements Analysis phase will be a fixed-price
quote for the IL3 Cloud Design Service Project.
IL3 Cloud Design Service Project
The IL3 Cloud Design Service Project comprises:

On-boarding including the production of a Project Initiation Document in
conjunction with customer stakeholders

Support to the production of a customer Requirements Specification

Production of a Baseline IL3 Cloud Design Service Plan, and its controlled delivery
by a Eduserv Project Manager

Production of a set of design project deliverables, including

o
Functional Specification
o
High Level Design
o
Service and Security Operations Architecture
o
RMADS Accreditation Plan
o
Build and Operations Plan
Project acceptance and Post-Implementation Review.
The IL3 Cloud Design Service Project is a fixed-price project, with the pricing agreed as an
output of the Discovery and Requirements Analysis phase.
Service Options
The Eduserv IL3 Cloud Design Service has a number of Service Options which support the
further detailed definition of a design, its implementation and IL3 RMADS accreditation.

Low Level Design Service – with a fixed-price quote included as an output of the
Build and Operations Plan

Migration Planning Service – is a project service requiring a Time and Materials
Discovery and Requirements Analysis phase which will subsequently specify a fixed
price for the Migration Planning Service project.
IL3 Cloud Design Service v3.0
CONTROLLED DOCUMENT : Printed or electronically transmitted copies are uncontrolled
Eduserv Public
Page 20 of 20