Skip to main content

Help us improve the Digital Marketplace - send your feedback

BMT LIMITED

Internet Application & Website Hosting

BMT provides an open and flexible cloud service platform supporting a wide range of operating systems, programming languages, tools and databases. Our service includes full hosting support, high system availability and daily backups of all data and documentation stored within websites applications and databases.

Features

  • Secure Cloud hosting
  • Content Management Systems
  • Classified data storage and hosting
  • First and third line software service desk support
  • Email, phone and on-site service desk support
  • Incident and Problem management and resolution
  • Provision of off-site and on-site training courses
  • ISO27001 accredited security
  • System administration
  • Supports a range of operating systems, programming languages, tools, databases

Benefits

  • Robust and secure hosting/support infrastructure underpinned by ITIL principles
  • Excellent 24/7/365 hosting uptime statistics
  • Proven, scalable hosting service which accommodates large-scale data/user expansions
  • Responsive and friendly helpdesk/support staff putting users at ease
  • Rapid response to support requests with quick resolution times
  • High levels of user satisfaction through a committed support response
  • Customised training courses to meet needs of specific user groups
  • Reduction of travel costs through on-site training course provision
  • Elastic cloud opportunities with automated scale up, user defined limits
  • Pay for what you use pricing model

Pricing

£845 to £2,360 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Bidding.UK-Europe@uk.bmt.org. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 5 9 4 4 9 6 6 0 8 8 4 1 2 8

Contact

BMT LIMITED Edyta Redfern
Telephone: 07717705919
Email: Bidding.UK-Europe@uk.bmt.org

Service scope

Service constraints
Service Desk support available within office hours Mon-Fri 08:00-17:30 (not including English Bank Holidays)
System requirements
No specific system requirements

User support

Email or online ticketing support
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
BMT provide Service Level Agreement and Disaster Recovery support level options, dependent on the criticality of the hosted system and the customer needs. Our SLAs have defined reporting procedures, incident categories and priorities (determined by impact and urgency) that drive response/resolution timescales against all support requests.
The minimum Disaster Recovery support level will incorporate nightly backups of web site/application files and databases - synched to a backup server with a recovery plan so that the data and web server can be recovered within 24 hours.
Our Service Desk is available between 08:00 – 17:00 (UK hours) Monday to Friday excluding English Public Holidays. Users can call our Service Desk directly or email the Service Desk with any issues. All of our hosting options are backed up by a Service Desk team which is comprised of a number of experienced first line support technicians, software developers and test analysts.
We are also able to provide training packages comprising on-site classroom training sessions, administrable on-line training/guidance tools and web-enabled, interactive, SCORM-compliant training systems.
For Content Management System (CMS) hosting, we also provide system administration support options which include system configuration changes and content updates.
For hosting/support costs, please see the Pricing Document.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
In addition to our standard support package, we are also able to provide training packages comprising on-site classroom training sessions, administrable on-line training/guidance tools and web-enabled, interactive, SCORM-compliant training systems.
We can also provide technical guidance and on-site visits to help capture and understand your requirements and map your requirements to a suitable hosting service.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
Microsoft Word
End-of-contract data extraction
At the end of the contract, BMT provide the customer with a copy of all software files and databases for potential migration to a new hosting service. Where applicable, BMT also provide the relevant supporting documentation including:

- Technical specifications;
- Help/User Guides;
- Functional documentation;
- Technical proposals;
- Data models;
- Architectural diagrams;
- System Deployment Guides;
- Technology stack/licensing requirements.
End-of-contract process
Included with the contract price are initial discussions with the customer to define end of contract services and any data off-boarding activities that may be required. These may include liaison with the new hosting provider if required.
Once the requirements have been defined a proposal, including any additional costs to cover all solution off-boarding activities will be made and will be dependent on the scope and scale of the services required.
Additional services could include, but not be limited to, liaison with the new hosting provider throughout the off-boarding process, data extraction services and system architecture and technical briefings to ensure the new supplier is ready upon switchover to the new hosting service.

Using the service

Web browser interface
No
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Our hosting environments ensure applications and services are resource-isolated, ensuring that no other services are not impacted by other services.

Our hosting environments allow for individual services to have resources throttled and / or dedicated per service. This includes storage capacity, processing capacity and bandwidth.
Usage notifications
No

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Top Processes by CPU consumption
  • Top Processes by Memory consumption
  • Data usage (network traffic)
  • File storage amounts & quotas
  • Average response times
  • Process explorer – memory usage & CPU time
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft, Amazon and Digital Ocean

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Virtual Machines
  • Logs
  • Databases
  • Configurations
  • Files
Backup controls
Users can request a backup schedule which meets their Backup/Disaster Recovery requirements.

Virtual Machine Images are automated and scheduled using the online platform interface.

Databases and Website Files can be backed up to a parallel server (as the platform supports private networking among active virtual machines) or locally/geographically redundant storage.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Firewall. Majority of ports are closed except those specifically used for NET use and SSH when required.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
A Firewall is used. The backup server permits FTP and SSH from the Web Server only for automated backup purposes. Only authorised support staff are granted access to the servers, applications or associated data. All information stored within the systems is handled and managed in accordance with GDPR.

Availability and resilience

Guaranteed availability
BMT has implemented a number of controls to ensure that we mitigate any risks associated with the integrity, confidentiality and availability of our systems. We typically provide a contractual agreement to a minimum of 99.95% uptime.

BMT agrees a Service Level Agreement (SLA) with each buyer for our cloud hosting service. In addition to uptime levels, our SLAs have defined reporting procedures, incident categories and priorities (determined by impact and urgency) that drive response/resolution timescales against all support requests.
Approach to resilience
A warm standby site is maintained. Further details available on request.
Outage reporting
Alerts are raised to the BMT service desk and escalated through the integrated support and infrastructure team on premises.

Identity and authentication

User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
Under our ISO 27001:2013 accreditation, BMT has implemented a number of controls to ensure that we mitigate any risks associated with the integrity, confidentiality and availability of our systems.

We develop our services with secure programming principles in mind to ensure that the risk of any malicious activity is mitigated. The data architecture and security model within the websites/applications themselves provide the necessary confidentiality of information as authenticated users can only access areas that they have been granted access to and users without a valid username and password cannot access the application or data at all.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Limited access network (for example PSN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Lloyds Register
ISO/IEC 27001 accreditation date
11/01/2023
What the ISO/IEC 27001 doesn’t cover
All services are covered by ISO27001:2013
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • Accredited by Defence Assurance Information Security to hold Official-Sensitive information
  • Comply with the Defence Cyber Protection Partnership Medium level risk

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The BMT Hosting Support Team is constructed from a number of members of staff from the Information Systems Department within BMT. It is the company’s policy to put every member of staff through the security clearance process and, as such, every staff member working on any hosting-related task has SC level clearance.

Under our ISO 27001:2013 accreditation, BMT has implemented a number of controls to ensure that we mitigate any risks associated with the integrity, confidentiality and availability of our systems.

Our hosting and data centres are protected through anti-virus, software patching, EAL4 firewalls and regular testing. This is demonstrated as a number of our systems are subjected to almost weekly penetration tests which confirm the appropriate controls we have in place.

BMT’s has a thorough patching policy that is subject to external audits every 6 months as part of our ISO 27001:2013 accreditation. The accredited controls that are in place protect against malicious attacks, viruses, Trojan horses, Denial of Service (DOS) attacks, SQL injections and a range of other threats.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our Change Management process is initiated from a number sources which include ICT Strategy, Capacity Management, Incident/Problem Management (which include security incidents) and Service Requests. All Change Requests (RFCs) are recorded in our Service Desk system. Changes are assessed (including security impact assessment) and either approved/scheduled for planning or are rejected. Minor, Major and Significant changes must be approved by the BMT ICT Change Assessment Board (CAB). Changes are implemented as a series of tasks which are recorded and actioned within the BMT Service Desk. Changes are reviewed and closed during weekly management reviews and quarterly strategic reviews.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
BMT has staff who are members of CISP. Additionally, the SIEM solution used within the infrastructure provides real-time threat updates and analysis of internal traffic for signatures. BMT regularly upgrade Operating System and installed software and the Firewall to ensure that the latest security patches are applied so that both the server and website/application are secure. All updates are fully regression tested accordingly with our system testing processes, which will include full impact analysis.
Further information available on request.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The SIEM solution used within the infrastructure provides real-time threat updates and analysis internal traffic for signatures. Incidents are managed by the integrated service team and escalated to third –parties (including HMG) if outside of internal skill profile.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incidents are raised by email, phone or personal contact. The impact and urgency are selected using the appropriate matrix as a guide. Priority is automatically assigned and SLA targets set. Initial analysis of an incident identifies the timescales for resolution and the requester is notified. The incident is passed to the appropriate management process, if required. Once the incident has been resolved, the Requester is notified and prompted to mark the incident as closed or respond to reinstate the incident. A user or analyst can reinstate a resolved incident if necessary. Incident reports exported from our incident management system.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Microsoft Azure, AWS & Digital Ocean
How shared infrastructure is kept separate
Our hosting platform uses a multi tenanted approach to resource isolation. Users, groups and applications are separated via logical boundaries to prevent accidental or malicious access across tenants.
Tenants resources are kept in segregated network segments using packet filtering and Windows Firewall to block unwanted connections.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Our web hosting platforms are hosted on Microsoft Azure, AWS and Digital Ocean. The Microsoft Azure hosting environments conform to the EU Code of Conduct.

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

BMT is a socially responsible company, aware of the need for change and is committed to reducing negative environmental impacts. We actively address climate change through a comprehensive approach, that focuses on reducing our internal carbon footprint and promoting sustainability across our operations. Having been ISO14001:2015 accredited since June 2018, BMT is committed to being an organisation that improves its environmental performance through the internationally recognised standard.

Remote Work and Telecommuting: The company encourages remote work to cut down on employee commuting, significantly reducing transportation-related emissions.

Responsible Business Travel: BMT leverages virtual meeting technologies to reduce the necessity for travel. When travel is inevitable, employees are guided to use public transport and environmentally friendly options, while the company offsets the carbon emissions produced.

Green Office Initiatives: BMT has implemented energy-saving measures within our offices and any upgrades are made with a focus on sustainability, to minimize energy consumption and emissions.

Energy Management: Energy usage is meticulously monitored and analyzed through energy management systems, ensuring operational efficiency, and identifying opportunities for further energy savings.

Supplier Engagement: BMT demands eco-friendly practices from its suppliers, aiming for sustainability throughout the supply chain.

Employee Engagement and Training: Staff members receive training on environmental practices and are encouraged to participate in the company’s sustainability efforts.

Sustainability Policy and Reporting: The firm adheres to a robust Sustainability Policy and engages in transparent reporting to track its environmental performance, setting targets for continuous improvement.

Sustainable Technology Investment: Internally, BMT invests in sustainable technologies that benefit its operational practices, such as software to enhance project efficiency and energy-conserving IT equipment.

Through these focused internal strategies, BMT lessens its environmental impact and demonstrates industry leadership in sustainability, fundamentally contributing to the global fight against climate change.

Tackling economic inequality

Innovation: BMT is proud to be a founding member of the South-West Regional Defence and Security Cluster (SWRDSC), the first pan-Defence and Security Cluster in the UK. It forms a collaboration led by industry and academia, supported by government. The aim of the cluster is to raise the profile of regional Defence and Security capability to stimulate greater sector knowledge, business, economic growth, and productivity across the South-West region. The South-West is home to many innovative businesses and the cluster aims to strengthen investment and partnerships, to help build capabilities and attract and compete for talent. Its purpose is to enable the sector to collaborate, overcome barriers to entry and help supply chains to complete and realise new technologies.

Apprenticeships: BMT has an established, sustainable, valued, and recognised apprenticeship scheme, which demonstrates our commitment to our professions and underpins our passion for STEM. Our aim is to support young people with work experience and placements. Our apprentices form a critical part of our talent pipeline, bringing fresh ideas and innovative ways of working. BMT’s programme offers renumeration to market pay rates, a choice of inspiring roles working alongside experience staff, and support to achieve recognized qualifications. We include an apprenticeship levy to sponsor the student’s academic studies and leave days to attend college.

Recruitment: We take an ‘outside the box’ approach to recruitment, ensuring opportunities are accessible, regardless of background or circumstance. We actively engage with local employment agencies who support the recruitment of specialist and hard to recruit employees. Our ‘Returners Programme’ taps back into people with skills at the core of BMT’s business, but who have fallen outside of normal career pathways due to challenging circumstances. We have employee networks in place to ensure these individuals have the support they need to thrive in our business.

Equal opportunity

Social values are at the core of our commitment to Diversity, Equity and Inclusion (DE&I). We believe a proactive, strategic approach to DE&I is essential to sustaining a successful and progressive business. This is why DE&I did not begin with just a policy, but a strategy, which actively promotes DE&I activity and is embedded as part of our strategic planning with set business objectives, supported by funding and resource to deliver.

Our objective is to provide a safe, fair, supportive and sustainable working environment where employees enjoy work, grow, develop and benefit from the collective success of BMT. We review formal measures such as the Good Work Plan to ensure we are constantly working to best practice. As an EBT (Employee Benefit Trust), we are a business that promotes and thrives on communicating with our employees and doing what is best for them, always.

BMT is committed to providing equal opportunities, which is supported by the following undertakings at BMT:

1. Apprentices, Graduates, Year in Industry and Summer Placements - We advertise at a broad range of universities across the UK to ensure we reach as many parts of society as possible.

2. Recruitment Passport Training – to ensure our processes are free from bias

3. STEM events across universities and schools in diverse areas to attract young people into STEM careers.

4. A commitment to providing fair and equal pay to all our employees.

5. Regional DE&I forums which allow representatives from across BMT to recognise challenges we may face in this space and define action plans to resolve them.

6. STEM returners programme - facilitating the return of skilled professionals to the STEM industry after a career break.

7. Supporting employee wellbeing

This is a sample of what BMT do every day, to ensure equal opportunities for all.

Wellbeing

BMT is an Employee Benefit Trust, and we truly value the health and wellbeing of all our staff, this is demonstrated through our global wellbeing strategy that seeks to improve physical, financial and mental health. BMT believes that a proactive approach to health and wellbeing of our employees is fundamental to the success of our business. This means that we adopt a positive mindset and total commitment to understand and address health and wellbeing inside our organisation.

At BMT we aim to integrate wellbeing into all work activities and practices, creating a positive environment that is compatible with promoting staff engagement, performance, and achievement. Active measures in place at BMT to support health and wellbeing, including physical and mental health include:

Regular conversations with line managers and wellbeing champions

A £300 per year Wellbeing Fund for each employee to help fund activities that support personal development and/or wellbeing.

Employee wellbeing events such as facilitated sessions with MIND on mental health in the workplace.

Mental Health First Aiders and Champions in place across the organisation.

A “Wellness Zone” on our internal intranet with a range of resources and tips that are regularly updated.

Wellness Rooms in offices – providing a quiet and relaxing space for employees to access when required.

Flexible working practices to enable employees to have a good work/life balance.

Ensuring all employees have access to resources such as: Private Medical Insurance, Employee Assistance.

Programme (EAP), Eye Tests and Glasses, Flu Jabs, Health and Wellbeing Events and a Cycle to Work Scheme

Pricing

Price
£845 to £2,360 a unit a day
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Bidding.UK-Europe@uk.bmt.org. Tell them what format you need. It will help if you say what assistive technology you use.