Infrastructure as a Service

Azure delivers a 99.95% compute SLA and enables you to run virtualised server infrastructure solutions in the cloud. Azure provides built-in software patching, network load balancing and high-availability features. Azure offers 24x7 technical support and service health monitoring.


  • Highly available compute for Virtual Machines (VM)
  • Infinitely-scalable from 1 to 100s of VM instances
  • Built-in Virtual Networking, Load Balancing
  • A wide range of compute machines capacities (CPU, RAM, disk).
  • Load balance incoming traffic for high performance and availability.
  • Data protection via auditing, restore and geo-replication
  • Multiple storage options for compute disc and data
  • Carbon emissions reduction through carbon-based placement decisions


  • Faster time to market
  • Add or remove resources as your business demand fluctuates
  • Increased scalability
  • Align with DevOps, Agile development and Test Driven Development approaches
  • Remove the operational overhead of managing your own infrastructure
  • Improve the availability and uptime of your services
  • Improve your organisation's disaster recovery and business continuity provision
  • Pay only for the services that you consume


£0.10 a virtual machine an hour

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jim.mcnair@lenushealth.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

3 0 4 3 4 6 5 1 7 7 1 7 4 2 4


Telephone: 0131 561 1250
Email: jim.mcnair@lenushealth.com

Service scope

Service constraints
No service constraints.
System requirements
All system requirements are supported.

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Response times are categorised by service request priority: Urgent: 1 hour; High: 4 hours; Medium: 8 hours; Low: 16 hours. Response times at weekends, public and bank holidays are negotiated separately.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Our WebOps Support Desk provides your first line response to support requests. The service is backed by Microsoft Azure services 24x7, 99.99% availability. Response times are categorised by service request priority: Urgent: 1 hour; High: 4 hours; Medium: 8 hours; Low: 16 hours. P1 - Urgent: Complete loss of an entire service for all users or severe degradation resulting in inability to function; P2 - High: Service functioning improperly resulting in some loss of service/system failure removing service from a number of users; P3 - Medium: Service functioning at less than optimal performance/system problem impacting but not removing service, resolve minor bugs/site errors; P4 - Low: Change requests.
Support available to third parties

Onboarding and offboarding

Getting started
Our team will provide the appropriate documentation and knowledge to allow training on use of the Azure management portal that is used as part of this service.
Service documentation
End-of-contract data extraction
Providers will retain the data of the user after termination of the contract. for a period of 30 days. During this period users will still be able to access the service and retrieve the data.
End-of-contract process
After you cancel the subscription, your access to Azure services and resources will end. Before you cancel your subscription: - We will back up your data. For example, if you're storing data in Azure storage or SQL, download a copy. If you have a virtual machine, save an image of it locally. - Shut down your services and stop any running virtual machines, applications, or other services. - Work with you to migrating your data.

Using the service

Web browser interface
Command line interface


Scaling available
Scaling type
  • Automatic
  • Manual
Independence of resources
Virtualisation is used to ensure applications and users sharing the same infrastructure are kept apart.
Usage notifications
Usage reporting
  • Email
  • SMS


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Google Analytics
  • Bespoke Event Tracking
Reporting types
Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • Automated Azure Web App Protection and Replication
  • Automated Azure SQL database Protection and Replication
Backup controls
Backups are managed by the Lenus Health Team who will work with customers to define backup regimes.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Approach to resilience
Microsoft Azure provides failover capability. More information available on request.
Outage reporting
Public dashboard, API, email alerts.

Identity and authentication

User authentication
Username or password
Access restrictions in management interfaces and support channels
Available on request.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication
Devices users manage the service through
Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
Class 1 Medical Device under EU Medical Device Regulations (MDR)

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
The Lenus Health Quality Management System (QMS) conforms to ISO13485 and the business is working towards ISO/IEC 27001:2013 (ISO 27001).
Information security policies and processes
Information is an asset that Lenus Health has a duty and responsibility to protect.

Our information security management system (ISMS) sets our approach to managing information security and is approved by top management and communicated to employees, contractual third parties and agents.

Top management are committed to protecting the information that we store and process though good information security practices. To achieve this, and comply with regulations, we have established:

an information security policy
a commitment to customer focus and applicable regulatory requirements
information security objectives that are measurable and consistent with the information security policy
an ISMS describing our approach to information security
responsibilities, authorities and communication processes
a management review process
a process to ensure availability of resources
data access and security processes
a business continuity / incident management procedure

Top management believe that a commitment to information security is important in order to:

encourage information and cyber security awareness amongst employees, to develop and a ‘secure by design’ mindset
increase customer confidence, which helps build relationships with and retain customers
reduce our exposure to risk
effectively utilise our resources

Lenus Health has Cyber Essentials accreditation and is in the process of achieving compliance with ISO27001.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change management is employed to evaluate, control and minimise risk and cost, and maintain the established standards and quality criteria. Our change management process is incorporated into our ITIL-based continual improvement process, that encompasses business objectives, creates baselines, defines measurements, and plans and implements improvements. Our change controls:

establish the purpose, category and nature changes
determine the potential consequences of changes
assess resource requirements for the changes

We use configuration management to establish and maintain consistency in our software’s performance. This includes configuration management for:

Project/work management
Source control
Build/release pipelines
Packages and artefacts
Azure CSP tenancies, subscriptions and Infrastructure
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Lenus Health apply our ISO13485 accredited Quality Management System processes, and Cyber Essentials backed security best practices to the information and IT assets we handle, reducing risk associated with vulnerabilities by being able to identify, classify, prioritise, remediate and mitigate vulnerabilities. Vulnerability scans are run regularly to identify weaknesses in the configuration of systems and to determine if any are missing important patches or software. Remediation or mitigation is undertaken on any vulnerabilities identified according to the class and priority of the vulnerability.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use ‘always-on’ proactive and protective monitoring to:

monitor the software performance
systematically identify risks
detect software faults when they occur
quickly initiate necessary corrective actions

Our proactive monitoring involves collecting meaningful and practical information. To do this we use tools such as:

Azure App Insights
Azure Log Analytics
Performance analytics
Service reports
Helpdesk calls and tickets
Customer complaints and positive feedback
Incident management type
Supplier-defined controls
Incident management approach
Lenus Health's incident management process requires that all events and suspect events that could result in the actual or potential loss of data, breaches of confidentiality, unauthorised access or changes to systems, must be reported immediately to top management by email, telephone or in person.

Incidents are centrally recorded, and appropriate management measures, including escalation and notification procedures are in place.

Incident reporting procedures are included in employee training.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
Microsoft has signed up as a participant and an endorser of the EU code of conduct for datacenter efficiency. Microsoft’s Azure cloud has been carbon-neutral since 2012. More than half of the energy it uses already comes from 1.6 gigawatts of wind, solar, and hydro-electric sources, and the company has announced that its cloud datacentres will be powered by 100 percent renewable energy sources by 2025, and will be water positive and zero-waste certified by 2030.

Social Value

Fighting climate change

Fighting climate change

Lenus Health is committed to achieving Net Zero greenhouse gas emissions by 2045, in line with Scottish Government policy, contributing to UK Government policy of Net Zero emissions by 2050.
Covid-19 recovery

Covid-19 recovery

Lenus Health operated during the pandemic, including through provision of essential services to the NHS (software for the NHS Scotland National Notifications and Contact Tracing Service, and a long COVID study), as well as for other key public sector organisations.

Lenus Health recognises the impact the pandemic has had on individuals and communities and is therefore committed to creating employment opportunities to assist those looking to retrain. Aligned with our focus on wellbeing, Lenus Health is supportive in enabling workers to work from wherever they would like to work; from home, from the office, or from elsewhere, subject to project constraints that may be in place e.g., security considerations etc. and their levels of comfort in being in and around other people, should they be shielding, either for themselves, or because they live with or care for family members who are vulnerable. Measures have been implemented to support our approach to the new future of work. In the office environment, work has been done to support effective social distancing. While the office is used less frequently than pre-pandemic, there is more considered use of the facility, either for individual or team based working. We now recruit from further afield and because we have embraced full remote and hybrid working, this has assisted us in recruiting the best possible talent while also positively improving work life balance. Many projects undertaken are also aligned in helping organisations and their service users to manage and recover from the impact of COVID-19. Undertaking projects that make a difference to people and wider society has a positive impact on health and wellbeing of workers.
Tackling economic inequality

Tackling economic inequality

All workers benefit from contracts with competitive remuneration, together with a package of benefits which are designed to both attract and retain talent.

For example, the annual salary review policy means that all workers can expect their salary to be increased automatically, in line with increases in cost of living, without having to request it. In addition, the company operates a Profit Related Reward (PRR) scheme. Whenever the company is in profit, a proportion of the profits are shared among all workers in the form of a bonus.

The annual budgeting process ensures provision for investment in workforce development. Costs are covered for continuous professional development activities, access to online learning resources and attendance at events. Opportunities for development to address skills gaps and achieve recognised qualifications are discussed regularly, including during monthly one-to-one check-in meetings between workers and line managers.

The intranet carries detailed role descriptions for all jobs currently filled, new jobs being created and therefore requiring to be filled in the future. This open sharing of job descriptions assists workers in identifying pathways for career progression, both within their existing team and across other teams in the business too.
Equal opportunity

Equal opportunity

Lenus Health is committed to providing a workplace where diversity, equality and inclusion are actively promoted and supported through training to tackle any real or perceived workforce inequality. We aim to contribute to the creation and maintenance of a working environment in which all individuals can make best use of their skills, free from discrimination (direct and indirect), victimisation, harassment and bullying, and in which all decisions are based on merit.

Lenus Health’s HR practices include:

1. Conducting recruitment based on merit, against objective criteria that avoids discrimination. Shortlisting is always undertaken by more than one person and with the involvement of Human Resources.
2. Advertising to a diverse section of the labour market. Advertisements will seek to avoid stereotyping or using wording that may discourage particular groups from expressing interest or applying. 3. Not asking job applicants about health or disability before a job offer is made.
4. Providing equal access to training, with needs identified through appraisals. Employees are given appropriate access to training to enable them to progress within Lenus Health and all promotion decisions are made based on merit.

The Lenus Health HR Team maintains an overview of workforce profile which provides and overview of how diverse, equitable and inclusive our workforce is. This information is used by the Senior Management Team and the Board, to determine what actions, including individual and company-wide training, should be taken to tackle any real or perceived inequalities.


Lenus Health places strong importance on health and wellbeing, job fulfilment and the balance between work and family life. Lenus Health is supportive in enabling workers to work from wherever they would like to work; from home, from the office, or from elsewhere, subject to project constraints that may be in place e.g., security considerations etc. In addition, reminders are provided to workers about the importance of using all annual leave allowance. Content is regularly shared on mental health and wellbeing through internal communication channels and this is heightened during Mental Health Awareness Week when a number of activities take place every day.
Lenus Health pays competitive salaries for all staff and the company is committed to fair and equal pay. Salaries are regularly benchmarked against industry standards and are often higher. Staff are eligible for annual performance related bonuses and automatic increases in line with cost of living. In addition, staff receive a wider benefits package including pension contributions and private health cover. Lenus Health wants its workers to do their best work, feel proud about their work and know that they have the support to enable them to feel professionally fulfilled. As such, fulfilment is a component of job design which contributes to health and wellbeing, a dimension when interviewing candidates and a point-of-discussion between workers and line managers during monthly one-to-one check-in meetings and annual progress reviews. Exit interviews for employees who leave also provide an opportunity for us to identify what we’re doing well and where further improvements can be made to ensure that support for health and wellbeing is sustained. Exit interviews regularly highlight the positive support that employees know is in place, or from which they have benefited.


£0.10 a virtual machine an hour
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jim.mcnair@lenushealth.com. Tell them what format you need. It will help if you say what assistive technology you use.