Skip to main content

Help us improve the Digital Marketplace - send your feedback

The Positive Internet Company Limited

Secure UK-based Drupal managed hosting

Since 1998, The Positive Internet Company has specialised in Linux hosting services with extensive experience of the Drupal CMS. Positive owns and operates its green UK datacentre, providing performant, 24/7-monitored, tailored managed platforms with stringently audited security.

Positive focuses on enterprise-grade highly-available secure private cloud solutions with data sovereignty guaranteed.

Features

  • Dedicated account manager for all services
  • Proactive consultative performance and security
  • 24/7 monitoring, response and full patch management
  • Highly-scalable private cloud
  • Support agile languages including PHP, Ruby, Python, Javascript, Perl
  • Full CMS management including Drupal, WordPress, Magento, Laravel
  • 24/7 ticket and phone support
  • 99.99% availability SLA
  • All data stored and hosted in the UK
  • Automation tools for easy deployment

Benefits

  • Fully managed environment lets you focus on your core missions
  • Fully managed service removes responsibility for hardware and software
  • Immediate human response to any alerted issue
  • Resilient dedicated hosting on custom-designed hardware
  • Secure UK-based company, management, engineering and technical team
  • Trusted advice from industry veteran, founding gold-sponsor of Debian LTS.
  • 20+ years of expertise in the full Open Source stack
  • 100% green renewable energy hosting
  • Unlimited 24/7/365 support with on-site technical experts

Pricing

£250 to £10,000 a server a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@positive-internet.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

3 0 1 5 0 9 5 3 9 6 4 3 4 2 4

Contact

The Positive Internet Company Limited Managed Services Team
Telephone: 0800 316 1006
Email: gcloud@positive-internet.com

Service scope

Service constraints
N/a
System requirements
GNU/Linux platforms preferred

User support

Email or online ticketing support
Email or online ticketing
Support response times
24/7 online ticketing support. Three working-hour support reply promise for non service-affecting issues. Fifteen minute response-time for service-affecting issues. Immediate escalation via telephone always available.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
Positive provides unparalleled consultative support: from design to ongoing management of the network, platform, operating system and architecture, security, backups, monitoring and 24/7 response. All support costs are fully inclusive. Positive will also assist with application support and optimisation as appropriate.

Contactable via email, 24/7 phone and portal. Dedicated account manager and direct availability to all on the technical team, including platform architects, security experts, networking team, RDBMS specialists and CMS consultants.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Positive provides full onboarding services via our 63-point bespoke provisioning process, including deep-dive discovery of technical, stakeholder and business requirements, with onsite meeting. This is followed by managed migration which includes replicating the existing environment, parallel running and tuning it, and finally migrating the service to the new live platform. Finally, Positive produces internal and external documentation and training materials as appropriate.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
In full compliance with the GDPR and related legislation, we provide all requested data from our services once the contract ends, in the formats requested. We support all open formats.
End-of-contract process
We will always work to avoid any vendor locking, and to provide reasonable planning, cooperation and assistance to achieve a smooth transition/exit. At the end of a customer's contract, we are happy to roll over if this is requested into rolling 90 day terms as required for the fluid decommissioning process.

Using the service

Web browser interface
Yes
Using the web interface
We provide full access to all ongoing support tickets and other services on request.
Web interface accessibility standard
WCAG 2.1 AAA
Web interface accessibility testing
Our interfaces have been used successfuly in production by those using accessibility assistance
API
Yes
What users can and can't do using the API
We support all open deployment services to our customised cloud platforms.
API automation tools
  • Ansible
  • Chef
  • Puppet
  • Other
API documentation
Yes
API documentation formats
  • HTML
  • PDF
Command line interface
Yes
Command line interface compatibility
Linux or Unix
Using the command line interface
All functionality can be provided to every aspect of the service via SSH connections to the CLI, either as a normal user or root.

Scaling

Scaling available
No
Independence of resources
We can provide fully-managed dedicated private clouds where all the infrastructure is completely under the control of a single client.

For cloud instances, we provide resource segregation.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Operating system images
  • All applications and configuration
  • All user data
  • Database dumps
  • Copies for versioning
Backup controls
We can provide a fully flexible backup schedule for every type of data or restoration requirement.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
SSH tunneling etc.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
SSH tunneling

Availability and resilience

Guaranteed availability
SLA guarantees 99.99% service availability, and includes pro-rata credits for any periods that fall under this guarantee, up to the monthly value of the service in question.
Approach to resilience
Positive Park has full N+1 resilience, so that no infrastructure component within the facility can cause a service-affecting outage. This includes fully redundant cooling and power (with multiple UPS, battery and generator backup, with multiple refueling arrangements). The network infrstructure is completely triangulated between London and Manchester so that no single path failure can cause a connectivity outage.
Outage reporting
Positive uses its own outage report system called SING, which allows clients to subscribe via email, API or social media feeds to outage announcements.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Management interfaces have IP based restrictions, and then appropriate authetication and validation access, via PKI or strong usernames and passwords. All access is encrypted via SSL.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
NQA / UKAS
ISO/IEC 27001 accreditation date
03/03/2022
What the ISO/IEC 27001 doesn’t cover
Our ISO 27001 certification refers to the provision and support of hosting and colocation services at Positive Park data centre campus.

All aspects of the business align with these processes and procedures though the focus of audit is naturally information security operations. Marketing and social media are not directly covered by the certification but nonetheless follow the same internal security best practices as appropriate.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Full compliance with ISO/IEC 27001 .
Information security policies and processes
ISO/IEC 27001

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Positive follows ITIL change management best practice. All changes are assessed for their impact and risk, and implemented through version-control configuration management. All changes are validated and assessed for service impact potential, with rollback and mediation steps determined before any such steps are undertaken.

All services and servers have a detailed log of activity and change control requests, which can be fine grained for the specific service and stakeholder expectation.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Positive utilises Debian GNU/Linux LTS, with rapid patching. As soon as a vulnerability is reported and patched, systems receive those patches. The benefit of LTS is that such patching is guaranteed over a number of years without any danger of unintended version upgrades. Positive is on the appropriate CERT lists, as well as embargoed zero-day announcement lists, so it can mediate known threats even before they have received an official patch. Positive will specifically monitor for trends in application exploit and leverage its knowledge to provide agile solutions to such threats.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Positive NOC is staffed 24/7. Alerting and monitoring usually includes security and anomaly detection. Security issue are immediately escalated to the senior security team, who act appropriately based on the nature of the incident, up to and including the immediate segregation or even powering-down of affected systems for further analysis.

A range of security analyses are undertaken including file hashing comparisons, root-kit-detection systems and full log auditing. Once the scope of the incident is understood, patching, rollback or rebuilding as appropriate is undertaken before the system restore.

A full RCA is produced as soon as possible, within any agreed SLA.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Positive maintains formal incident response processes for common events. It encourages users to report incidents via the authorised ticketing system, or through the. 24/7 emergency response number.

Incident reports are provided once the full information and amelioration data has been collated as a document released to the agreed account-holder. Further discussions and meetings are encouraged thereupon.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
KVM hypervisor
How shared infrastructure is kept separate
Positive provides dedicated private clouds, with completely dedicated hypervisor serfvers, so that no infrastructure is shared between clients.

Positive can also provide VMs on its shared PosiCloud infrastructure, where full KVM compartmentalisation is enforced.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Positive uses 100% green renewable energy in its Positive Park datacentre, as certified by The Green Web Foundation. It employs passive cooling systems wherever possible and uses energy-efficient CPUs and other components where the task allows for such. All lights are on PIR circuits. Deployed servers use energy-efficient drives and CPUs where appropriate for the service levels they provide.

All company vehicles are either electric or hybrid, and staff are required to use public transport wherever possible.

Social Value

Fighting climate change

Fighting climate change

Positive uses 100% green renewable energy in its Positive Park data centre, which is certified by the Green Web Foundation.

Our commitment to sustainability goes beyond the selection of a renewable energy tariff and runs across all aspects of our operations.

For example, the Positive Park campus is ideally situated on the Cambridgeshire Fens - a region renowned as a leading centre for wind energy generation. Furthermore, the wind patterns across the flat plains enable the effective use of passive cooling systems, drastically reducing our dependence on power-hungry traditional air conditioning units.

We also use energy-efficient hardware; all lighting is on PIR circuits and deployed servers use energy-efficient drives and CPUs where appropriate.

Uniquely, the Positive Park campus is located on several acres of land reserved solely for sustainable practices. We set aside a large portion of the campus for wilding, creating an oasis which provides vital habitat for bees, butterflies, moths, birds, and other native flora and fauna that rely upon that ecosystem.

We also maintain a dedicated website with information about Positive’s commitment to fighting climate change specifically and the issues confronting the digital economy more generally at https://host.green. Finally, we are an industry-leader and public advocate for a more sustainable Internet, including participating in interviews with the BBC.

Pricing

Price
£250 to £10,000 a server a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
30 day free trial of complete service.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@positive-internet.com. Tell them what format you need. It will help if you say what assistive technology you use.