Cloud Hosting Services

Backing up of data and restoring in case of disaster
Platform as a Service
Infrastructure and platform security


  • Chain Free Backup
  • Recovery Points from 15 minutes
  • Protection from Ransomware
  • Backup of Physical or virtual machines
  • Monitoring of network activity
  • Network security using software applications


  • Quickly recover from a disaster
  • Minimise data loss against Ransomware
  • Secure devices against malware and malicious threats


£200 a user a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

2 9 1 6 4 4 3 2 2 3 8 4 0 6 9


VaraTech Rohin Vara
Telephone: 02039208886

Service scope

Service constraints
Server maintenance - Backups will occur everyday. Periodic updates installed after hours (Typically between 20:00 - 05:00)

Yearly servicing of Pc's and Laptops

Software vendor maintenance - performed by the software vendor usually after hours (20:00-05:00)
System requirements
Windows 10 Operating System

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times are within 6 hours including weekends via email. An online ticketing system will be available in Q4 2022.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Level 1 - Pay As You Go - Charged at an hourly rate whether over the phone, email or onsite

Level 2 - All You Can Eat support - charged as a monthly fee per user, per month. Will cover any support except parts.
Support available to third parties

Onboarding and offboarding

Getting started
We can provide online and onsite training with a group or 1-2-1. Most vendors have documentation in order to help with using their product.
Service documentation
Documentation formats
End-of-contract data extraction
We will work with the new provider to seamlessly migrate data/tenancies to them.
We can also provide access to the services for an extended period of time, after the end of the contract, so that the users can extract the data themselves.
As a last resort, we can securely extract data to a physical hard drive.
End-of-contract process
Included in the contract price will be the cost of services taken by the buyer/user.
Not included are additional project costs, Pay As You Go maintenance fees, parts for computers. We can also provide data destruction (software or physical) at an additional cost, if needed.
At the end of the contract, any leased equipment will be returned to us.
We will work with the new supplier to transfer services to them.
There may be additional labour charges for the time spent migrating any data.

Using the service

Web browser interface
Using the web interface
We can provide a portal for users to request and provision services.
The service will allow the up-scaling or down-scaling of most services.
Any requests have to be approved by us before they are supplied.
Users can see billed services
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Users can request and provision new or additional services for their users.
The request will have to be approved by us before it is actioned.
Users can view their billing for each service that they have with us.
Web interface accessibility testing
Command line interface


Scaling available
Scaling type
Independence of resources
Services are typically restricted by the internet connection of the user. We use data centres who provide 99.999% uptime. Service usage is planned prior to the service going live (in the case of servers) and the server/service can be increased (or decreased) as necessary.
Each buyer/user will have their own dedicated (not shared) infrastructure.
Usage notifications
Usage reporting


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Other
Other metrics
  • Infected machines
  • Machines needing software updates
Reporting types
Real-time dashboards


Supplier type
Reseller providing extra support
Organisation whose services are being resold
Axcient, Microsoft, SentinelOne, ESET, DropSuite, Keeper Security, UKFast, Avanan, KnowBe4

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
In-house destruction process

Backup and recovery

Backup and recovery
What’s backed up
  • Files and Folders
  • Servers
  • Pc's/Laptops
  • Virtual Machines
Backup controls
Users don't control what is backed up for security and Disaster Recovery reasons. We will perform all backups on the agreed schedule with the users.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
256-bit AES encryption
SHA256 and above
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
256-Bit AES
SHA256 and above

Availability and resilience

Guaranteed availability
99.999% up-time from data centre's.
If services are unavailable for 30 days, then we will issue a refund for the 30 days.
Approach to resilience
Available on request
Outage reporting
A dashboard and a status update page
Email alerts

Identity and authentication

User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
This will be done via the user profiles. Access to certain privileges will be dependent on the users role within the organisation
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Security governance is handled by the 3rd party supplier and include (but not limited to) ISO 27001, ISO 9001 and Cyber Essentials Plus Certification,
Information security policies and processes
All reporting is made directly to the CEO/Owner of the supplier. They, along with the 3rd parties, are responsible for the adherence of policies. This includes (but not limited to) policies affecting Access Control, Computer access, Application access, network access and removable media and

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow the following process for change and configuration management: -
1. Identify the change, 2. Identify the details of the change, 3. Plan the approach, 4. Implement, 5. Monitor.
Any changes are assessed for security impacting on such things as the user, the network, the device and user underdtanding.
Services are typically tracked through vendor online portal given user usage.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use threat monitoring software to alert us to any potential threats. It is AI driven so it automatically updates threat risks to prevent them. All threat information is found in our security dashboard provided by the vendor.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have monitoring software which alerts us to unusual activity on a network. Software can also log login attempts (failed and successful). Software can see where the attempted logins occurred in the world. Any compromised systems are immediately taken offline and investigated further. A network scan is also conducted to identify any other compromised systems. Compromised systems can be rolled back via previous backups. Incidents are responded to within 2 hours.
Incident management type
Supplier-defined controls
Incident management approach
We monitor activity on a users network. If a user has to report an incident, this can be done via ticket, email or telephone. Incident reports can be provided upon request via email to the user.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Third-party virtualisation provider
UK Fast, FastHosts
How shared infrastructure is kept separate
They are given a dedicated server for their needs. Virtulisation occurs within this infrastructure.

Public cloud virtualisation is managed by the 3rd party

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
The data centre has the the ISO 14001:2015, PAS2060 certification and is certified as carbon neutral, and compliant with the Energy Savings Opportunity Scheme

Social Value

Fighting climate change

Fighting climate change

We currently use carbon neutral data centres based within the UK. We recycle 100% of old computer equipment which we collect when we replace them. We utilise cloud based servers to ensure there are no additional electricity costs for us as a company or for our clients.
Tackling economic inequality

Tackling economic inequality

We work with recruitment and HR companies to ensure that all team members (current and new) are compensated in line with agreed industry salaries according to skill and competence. This is reviewed on a yearly basis. We also have links to training providers to ensure all staff have the opportunity to upskill based on the career path which they want to take.
Equal opportunity

Equal opportunity

For skills and pay - we work with recruitment and HR companies to ensure that team members are compensated in line with industry salaries according to skill and experience.
For team members with disabilities - We allow all staff the option to work remotely. Therefore, team members are not restricted in the performance of their work as they can work in the comfort of their home environment without the need to commute.
For training - we offer every team member the opportunity to upskill based on their career path and their desire.


Staff are encouraged to work from home. As long as key goals are met, team members can structure their day accordingly. There may be an opportunity in the future for team members to work 4-day weeks.
Team members are encouraged to remove themselves from their work space and to engage in some form of exercise.


£200 a user a month
Discount for educational organisations
Free trial available
Description of free trial
Not all services, It is vendor specific. Usually 30 days full trial of software/services

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.