ISO27001 – check the small print


ISO27001 (Information Security) recognition of the standard and security of services we offer

Security of our Client’s data is critical for any Cloud service and so we built our service based on best practice principles which are mandated in the ISO27001:2013 standard – the preferred standard for information security management.

Many companies claim ISO27001 compliance, but they will often only certify a specific service or application e.g. certify a single product when they have a portfolio of 50, but make it appear that it applies to their entire business.

Tivarri has been certified ISO27001 against the latest version of the specification (2013) for the entire business and all our operations. This gives customers confidence that all the services that we offer are fully ISO complaint. For those customers who need to undertake annual information security audits, this should make the IT component of the audit straightforward. Please don’t forget that we are always on-hand to assist with your audit questions or to speak to your auditors directly on your behalf.

It you have any IT related questions regarding regulation, Cloud services, security or best practice please do not hesitate to contact us.


Tivarri is GCLOUD-12 certified

Tivarri has been approved as a Crown Commercial Service Cloud Hosting service provider under the new GCloud-12 framework. This means the same hosted desktop service that our customers are using today, Cranberry Cloud, has been approved for UK Government use.

This benefits all our customers as the Crown Commercial Service now monitors our business performance – credit scores, financial stress scores, investigates specific queries raised about suppliers, and performs random spot checks on services to ensure we match their service requirements as required for government contracts. This gives an additional level of assurance over the services we offer and the long-term sustainability of the Tivarri business.


Java Updates

Java and Oracle Systems – changes to automatic patching

Java is a programming language first released in 1995, and there are lots of applications and a few websites that will not work unless Java is installed. The software required to run java applications has been freely available to download from with security patches and new features being released every couple of months. Now Oracle Systems, the owner of Java has decided to make money out of their asset.

Today customers with Java installed are automatically updated with the latest security patches. Oracle are planning to make two major versions of their product available, one which automatically updates (rather like Windows Update) at a cost that starts at $50 per customer per month. The other version will remain free but there will no longer be the automated update process as it needs to be manually repackaged and updated.

If you are affected, we will contact you shortly, but we plan to switch customers who need Java to the new “free” version and manage the update deployment ourselves each weekend when we apply Windows Updates. In terms of functionality customers should experience no difference. This service will be free of charge.


Brexit and data sovereignty

To provide a resilient high-quality service we backup and encrypt customer data in our primary UK datacentre and then securely replicate to a secondary datacentre, where it then remains in encrypted store to be used in a disaster recovery.

In the past, depending on the actual data type, some data has been stored within a French datacentre. Customers have given us a clear indication that come March 29th they want to ensure that all their data is held in UK datacentres. We are just completing testing at our second UK datacentre and we can give a cast iron guarantee that all customer hosted desktop live and data will be held solely in the UK come Brexit.

Where we supply email services the data is held in Microsoft datacentres, which according to their terms of service means that data is typically held in the UK but may be backed up to another European country (in most cases this is the Irish Republic). Our UK only policy for data retention is a rare commodity in the current market and we are pleased to be able to offer this service guarantee.