MONKTON GROUP UK LIMITED

Monkton Private Cloud

Our cloud hosting services provide scalable and secure infrastructure and platform solutions to support a wide range of applications and workflows. Unlimited storage and usage, ensuring that customers can optimise their cloud operations without concerns over scalability, performance and resiliency. For organisations requiring robust, compliant, and secure cloud hosting solutions.

Features

• Scalable server configurations from 1U to 4U.
• High-speed Ethernet options: 1G, 10G, 100G.
• Unlimited compute and data storage.
• Real-time server performance monitoring.
• Secure data centres with advanced protection.
• Redundant power and networking for reliability.
• Remote management and access capabilities.
• Flexible server upgrades and downgrades.
• Compliance with stringent global security standards.
• 24/7 technical support and service monitoring.

Benefits

• Enhances operational flexibility with scalable options.
• Accelerates data transfer with high-speed connections.
• Supports heavy data usage internally without additional costs.
• Ensures critical activities with real-time performance insights.
• Protects sensitive data with robust security measures.
• Minimises downtime with reliable infrastructure.
• Facilitates easy management from remote locations.
• Adapts quickly to changing business needs.
• Complies with regulatory requirements for peace of mind.
• Provides constant support for uninterrupted service.

£140.00 a unit a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at shirley.herron@monkton.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

323313363803795

Contact

Shirley Herron
+44 7866 566 141
shirley.herron@monkton.io

Service scope

• Service constraints: No constraints
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: General guidance cases < 24 hours; system impaired cases < 12 hours; production system impaired cases < 4 hours; production system down cases.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: N/A
• Web chat accessibility testing: None performed
• Onsite support: Yes, at extra cost
• Support levels: We provide different tiers of support which include: ; ; Basic, Business and Enterprise.; ; Basic:; General guidance cases < 48 business hours; system impaired cases < 12 business hours; production system down < 6 business hours; ; Business:; General guidance cases < 24 hours; system impaired cases < 12 hours; production system impaired cases < 8 hours; production system down cases < 2 hour.; ; Enterprise:; General guidance cases < 24 hours; system impaired cases < 12 hours; production system impaired cases < 6 hours; production system down cases < 1 hour; business-critical system down cases < 30 minutes
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a range of resources to help customers get started on our services.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data may be copied out using any supported tools, such as S3 copy, rclone and other generally supported migration tools.
• End-of-contract process: Buyer may terminate the relationship with Supplier for any reason by (i) providing Supplier with notice and (ii) closing Buyers account for all services for which Supplier provide an account closing mechanism.; ; Buyers pay for the services they use to the point of account termination. Please see the Pricing Document affiliated with this Service in the Digital Marketplace.; ; Supplier customers retain control and ownership of their data. Supplier will not erase customer data for 30 days following an account termination. This allows customers to retrieve content from Supplier services so long as the customer has paid any charges for any post-termination use of the service offerings and all other amounts due.

Using the service

• Web browser interface: Yes
• Using the web interface: Almost all functionality for each of our services is exposed through the web console.; ; The web console facilitates management for all aspects of the cloud account in a consolidated view whilst providing access to all services and their respective functionalities.; ; In some cases, specific configuration parameters of a service are dedicated to, and only available from, the CLI, SDK, or API interface.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: You can sign in to the Support Center by using the email address and password associated with your account. We also require 2FA.
• Web interface accessibility testing: None performed.
• API: Yes
• What users can and can't do using the API: All functionality is exposed via an API.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
• Other API automation tools:
  • Wide range of 3rd party services hook into our APIs
  • Also offer SDKs for Python, Ruby, PHP
  • Also offer SDKs for JavaScript, Java, .NET, Node.js.
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
  • Other
• Using the command line interface: All functionality is available via the CLI.

Scaling

• Scaling available: No
• Independence of resources: Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them.; ; Services which provide virtualised operational environments to customers ensure that customers are segregated via security management processes/controls at the network and hypervisor level.; ; We continuously monitor service usage to project infrastructure needs to support availability commitments/requirements. We maintain a capacity planning model to assess infrastructure usage and demands at least monthly, and usually more frequently. In addition, we provide capacity planning model which supports the planning of future demands to acquire and implement additional resources based upon current resources and forecast requirements.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual machine images
  • Manual or scheduled API call
  • S3 object backups
  • Block store backups
• Backup controls: Via web interface.
• Datacentre setup: Single datacentre with multiple copies
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We offer 99.99% on network connectivity via BGP and 99.999% on internal availability.
• Approach to resilience: Available on request.
• Outage reporting: Personalised dashboard with API and events; configurable alerting (email / SMS / instant messaging).

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Controls include time, originating IP address, SSL use, and whether users authenticated via 2FA devices.; ; API calls can be encrypted with TLS/SSL for confidentiality and customers can use TLS/SSL-protected API endpoints.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We implement formal, documented policies and procedures that provide guidance for operations and information security within the organisation. Policies address purpose, scope, roles, responsibilities and management commitment.; ; We have established information security functions that are aligned with defined structure, reporting lines, and responsibilities. Leadership involvement provides clear direction and visible support for security initiatives.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Gitlab for all change management controls.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We provide vulnerability scans on virtualised host platform, web applications, and databases in the Monkton environment. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities. External security group monitors newsfeeds/vendor sites for patches.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We deploy monitoring devices to collect information on unauthorised intrusion detections, usage abuse, and network/application bandwidth-usage. ; ; Devices monitor:; • Port scanning attacks; • Usage (CPU, processes, disk utilisation, swap rates); • Application metrics; • Unauthorised connection attempts
• Incident management type: Supplier-defined controls
• Incident management approach: We adopt a three-phased approach to manage incidents:; ; 1. Activation and Notification Phase; 2. Recovery Phase; 3. Reconstitution Phase

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Customer environments are logically segregated, preventing users and customers from accessing unassigned resources. Customers maintain full control over their data access. Services which provide virtualised operational environments to customers, ensure that customers are segregated and prevent cross-tenant privilege escalation and information disclosure via hypervisors and instance isolation.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  We strive to tackle economic inequality by creating opportunities for new businesses, fostering entrepreneurship, and enhancing skills development. Our services are delivered with a strong emphasis on economic inclusivity, engaging SMEs, start-ups, and social enterprises in our supply chain to promote diverse economic growth. Innovation is at the heart of our strategy to modernise delivery and increase productivity. We invest in disruptive technologies and support our supply chain partners in adopting these innovations, thereby enhancing their capacity and resilience. We also prioritise cybersecurity, ensuring that all partners in our supply chain are equipped to manage these risks effectively.; ; Our approach to economic inequality is holistic, involving every stakeholder from employees and suppliers to customers and community members, ensuring that the benefits of our contracts extend beyond traditional business metrics to foster genuine economic change and resilience.

  Equal opportunity

  We are committed to fostering a workplace that supports the diverse needs of all employees by adjusting workplace policies, enhancing tool accessibility, and improving productivity. Our dedication extends beyond internal practices to include closing the disability employment gap through inclusive hiring practices that prioritise accessibility and fairness. We also promote these values among our suppliers, partners, and customers to encourage a network-wide commitment to diversity.; ; We strive for equal treatment in all aspects of employment and cultivate an inclusive culture where varied perspectives and experiences are valued. This commitment enriches our service quality and strengthens our team through shared diverse experiences. To attract top talent, we use direct recruitment and select third-party recruiters who align with our diversity goals. Our strategy leverages platforms like LinkedIn to reach beyond our traditional networks, ensuring a diverse range of candidates and supporting our broader commitment to inclusion.

  Wellbeing

  Our commitment to wellbeing is integral to our operational philosophy, designed to support both the physical and mental health of our employees. We provide extensive health benefits, access to mental health resources, and conduct workshops focused on stress management, work-life balance, and healthy living. Flexible working hours, remote work options, and wellness days are part of our approach to promote a healthy work environment.; ; We encourage our team to prioritise their wellbeing and seek support when needed, fostering a culture of openness, inclusivity, and respect. This comprehensive approach ensures that all team members can perform at their best, effectively balancing professional and personal lives while contributing positively to broader societal goals. Our efforts create a supportive and integrated working environment that meets the immediate needs of our team and customers and enhances overall community wellbeing.

Pricing

• Price: £140.00 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at shirley.herron@monkton.io. Tell them what format you need. It will help if you say what assistive technology you use.