CIF Code of Practice Disclosures

Cloud Industry Forum

Stack Data Solutions Ltd has completed the Self-Certification against the ‘Code of Practice for Cloud Service Providers’ (the ‘Code’) of the Cloud Industry Forum (‘CIF’, at www.cloudindustryforum.org), which the mark above demonstrates. Clicking on the mark will take you to the CIF website where supporting information for this Certification is available.

Stack Data Solutions Ltd is committed to the Code. One of the main objectives of the Code is to help ensure disclosure of essential information so that consumers of Cloud Services can make better business decisions based on this information. The information on this page addresses the public disclosure requirements of the Code.

NOTICE: While Stack Data Solutions Ltd has made the commitment to the Code and has been self-certified as compliant with the Code, customers/ third parties shall note that information of certification provided by the cloud industry forum does not constitute advice or endorsement by the Cloud Industry Forum. The Cloud Industry Forum disclaims any and all liability arising out of the use of services or otherwise of certified organisations. Where disclosed information or capabilities as specified by the Code of Practice are essential in purchasing cloud services from a certified organisation, it/these should be cited contractually. Professional advice appropriate to specific circumstances should always be obtained.

Policies and Procedures

A.1.1. Compliance with Code

Cloud Service Provider Stack Data Solutions Limited is committed to the principles of Transparency, Capability and Accountability which are embodied in the Cloud Industry Forum’s Code of Practice, because these help create a more trustworthy business environment for cloud-based processing

A.1.2. Corporate Identity and Responsibilities

Corporate name: Stack Data Solutions Limited
Legal status: Private Limited Company
Date of formation: 2/11/1984
Location of registration: England
Registration number: 1865047
Ownership (major shareholders): Stack Technology Holdings Ltd
Members of board of directors Jeff Orr, Dorothy Orr, Stephen Cobham, Stuart Bridge
Executive management Stephen Cobham (CEO) Dorothy Orr (CFO)
Corporate fixed address: Bridle House, Bridle Way, Liverpool L30 4UA, UK

A.1.3. Scope Covered by the Code

Scope of services: Infrastructure as a Service, Backup & Restore Services, Domain Name Services, Email, Disaster Recovery as a Service, Managed IT Services, Monitoring Services, Platform as a Service, Security (IT) Services, Service Management, Storage Application, Unified Communications, Hosted Desktops, Software as a Service, Co-Location, Video Conferencing, Telephony

Geographical scope: Countries with local sales and/or support: UK & Ireland
Countries where customer data may be held or processed: UK
Customer data will only be held in the UK.
No other options are available.

A.1.4. Public Branding

Alternative Trading Names
Stack Group
Stack Telecom
Stack Interconnect
vSTAX
Website: http://stack.co.uk

A.1.5. Third-Party Coverage Transparency

Stack Data Solutions Ltd Limited does not accept any indirect responsibility for our suppliers.

Stack Data Solutions Ltd Limited’s suppliers do not accept indirect responsibility to Stack Data Solutions Ltd Limited’s customers.

Stack Data Solutions Ltd Limited does not accept indirect responsibility to customers of customers

A.1.6. Security Control Transparency with the Cloud Security Alliance

Stack Data Solutions Ltd Limited’s suppliers do not accept indirect responsibility to Sack Data Solutions Ltd Limited’s customers

A.1.7. Other Extended Commitments to Code of Practice Principles

Stack data Solutions Ltd does not commit to any additional transparency, capability, or accountability requirements in addition to those contained directly in this Code of Practice

A.1.8. Technological Commitments

Stack Data Solutions Ltd does not publicly commit to supporting any specific technologies, standards, or inter-operabilities. Any such support must be separately negotiated.

A.1.9. Existing Certifications

Stack Data Solutions Ltd. Is certified ISO 9001:2008 by ACS Registrars, who are UKAS accredited Stack Data Solutions Ltd is certified ISO 27001:13 by BSI, who are UKAS accredited

A.1.10. Industry Association Memberships

Institute of Measurement and Control

Corporate Identity and Responsibilities

Corporate Name: Stack Data Solutions Ltd
Legal Status: Limited Company
Date of Formation: 20/11/1984
Location of Registration: United Kingdom
Registration Number: 1865047
Members of Board of Directors: Jeff Orr, Group Chairman; Dorothy Orr, Group Finance Director; Stephen Cobham, Managing Director; Stuart Bridge, Technical Director
Executive Management: Stephen Cobham, CEO; Dorothy Orr, CFO
Ownership (Major Shareholders): Stack Technology Holdings Ltd (100%)
Corporate Fixed Address:
Bridle House
1 Bridle Way
Liverpool
Merseyside
L30 4UA


B.1 Information Security Management (Including Data Protection)

The company operates to ISMS ISO27001:2015 standard certified by BSI who are UKAS approved auditors. Stack also operates an IS09001:2008 certified QMS, independently audited by ACS Registrars who are UKAS certified auditors. Documentation and evidence reside on a legal evidential grade document management system which encrypts all content.

B.2 Service Continuity Management

Part of the ISO27001:15 process requires the conduct of business impact analysis and carrying out a risk assessment for all processes and all assets. This leads to a series of risk treatment plans that in turn lead to action and then review. This is a constant process that involves all staff and the consultants and auditors and is led by the ISO2700 standing committee that meets monthly and is overseen by the board of directors.

The standard also requires that a recovery plan is in place and that we demonstrate its effectiveness by regular testing. The test outcomes are reviewed by the ISO 2700 committee and the board of directors. A documented change control procedure evaluates the business impact of proposed changes and the change process. Both the ISO27001 and ISO9001 standards require evidence of the process of review and improvement.

B.3 Service Level Management

Service-level management is controlled as part of the treatment of objectives in ISO27001 and is monitored at executive level as an agenda item “client issues” of the meetings of the board of directors. The day to day management is undertaken by the support manager. He is provided with metrics from the system monitoring tools using SNMP and other techniques. Logging servers collect statistics that can be referenced against historical benchmarks and the Stack Support Database records engineering activity be it proactive or reactive and times to the second support response in respect of SLAs. These procedures are defined in the ISMS and QMS systems. The metrics are summarized and reported numerically and graphically to the board of directors by the Technical Director. A documented change control procedure evaluates the business impact of proposed changes and the change process.

B.4 Supplier Management

Under QP07 of our QMS ISO9001 the Purchasing Manager has responsibility for supplier management. He is responsible for obtaining value from suppliers and contracts and ensuring that these meet the business needs and service levels. The following is an extract from QP07. Suppliers shall be assessed for inclusion on the Approved Suppliers List by meeting one or all of the following requirements: • Approval to national standard for their product / service or Quality system • Assessment / evaluation by Purchasing Manager • Proven competence via continued acceptable supply for over 12 months.

The Purchasing Manager shall be responsible for monitoring the performance of Approved Suppliers and raising records of complaint or non-conformances in the event of unsatisfactory service. Records of poor performance shall be submitted for Management Review.

The purchase of product/services not requiring procurement from an Approved Supplier shall be made from suppliers deemed competent by those authorised for purchasing. They shall ensure that unsatisfactory supply is dealt with as applicable.

B.5 Software Licence Management (Including Licence Compliance)

The Company employs a qualified license manager who is responsible for ensuring that all licensing is on the vendor approved model and compliant with current deployment regulations. The Technical Director is responsible for regular audits of the licenses in use by the company and raises non-conformances where appropriate.

B.6 Complaint Handling

The Stack Group is always interested in customer’s feedback. We are committed to providing our customers with exceptional service. From time to time however, we recognise that things may not meet customers’ expectations.

When this is the case we want to know as early as possible to enable us to correct any issues as quickly as we can, and if appropriate put suitable preventative measures in place.

In the first instance, you should speak to the member of staff who initially dealt with your issue to try to come to come to a satisfactory resolution. If you are unhappy with the solution offered, please follow the steps below.

If you feel cause to complain then you can use one of the methods below:

By phone Please call our Cloud Support Team on 0151 521 6699

The team will try to resolve your issue whilst you are on the call. If we are unable to resolve at first point, the appropriate escalation path will be followed to ensure the speediest resolution to your complaint.

By email: Please feel free to email us using the address below. Please include your company name and your contact details, and if possible your account number: This email address is being protected from spambots. You need JavaScript enabled to view it.

By letter We will also accept any complaints in writing. Please send your letter to the address below including your company name, your contact details (and if possible your account number):

Complaints
Stack Data Solutions
Bridle House
1 Bridle Way
Liverpool
Merseyside
L30 4UA

The Complaints Process

Our aim is to resolve any problem you may have to your satisfaction. If we are unable to achieve this in the initial discussion we will agree a plan of action with you.

If you are unhappy with the resolution proposed by the Cloud Support Team, your complaint will be reviewed by the Operations Director.

Timescales and Next Steps

We aim to resolve your complaint within 10 working days of receipt. We will keep you updated throughout the progress of the complaint, at regular & agreed intervals.

Escalation

If you are unhappy with our resolution of your complaint and report it to us it will be escalated to the entire board of directors to be addressed under the agenda item “client issues” at the earliest meeting of the board

Arbitration

If you are unhappy with our resolution and wish to seek further action we are happy to agree to binding arbitration in local courts to settle any dispute.

B.7 Environmental Impact Management

We are committed to providing a quality service in a manner that ensures a safe and healthy workplace for our employees and minimises our potential impact on the environment. We will operate in compliance with all relevant environmental legislation and we will strive to use pollution prevention and environmental best practices in all we do.

We will:-

Integrate the consideration of environmental concerns and impacts into all of our decision making and activities

Promote environmental awareness among our employees and encourage them to work in an environmentally responsible manner

Train, educate and inform our employees about environmental issues that may affect their work

Reduce waste through re-use and recycling and by purchasing recycled, recyclable or re-furbished products and materials where these alternatives are available, economical and suitable

Promote efficient use of materials and resources throughout our facility including water, electricity, raw materials and other resources, particularly those that are non-renewable

Avoid unnecessary use of hazardous materials and products, seek substitutions when feasible, and take all reasonable steps to protect human health and the environment when such materials must be used, stored and disposed of

Purchase and use environmentally responsible products accordingly

Where required by legislation or where significant health, safety or environmental hazards exist, develop and maintain appropriate emergency and spill response programmes

Communicate our environmental commitment to clients, customers and the public and encourage them to support it

Strive to continually improve our environmental performance and minimise the social impact and damage of activities by periodically reviewing our environmental policy in light of our current and planned future activities.

To this end we have:

1) Installed low energy lighting (compact fluorescent or LED)
2) Installed water metering and water economising devices
3) Engaged a waste company that ensures 100% recycling of our waste
4) Reduced Data Centre power and cooling load by 80% through virtualisation
5) Participated in a toner cartridge refilling program
6) Participated in a mobile phone to third world re-distribution scheme
7) Instructed suppliers to use the minimum of packaging
8) Reduced the company vehicle fleet by 50% substituted low emission vehicles (99g/Km) and eliminated 70% of journeys
9) Installed an efficiency optimiser on the building heating system and improved thermal insulation
10) Installed invertor type air-conditioning units reducing power consumption

Jeff Orr (Managing Director)…………………………………Reviewed 25/08/16