ATKINSRÉALIS UK LIMITED

Cloud Hosted Applications

As a vendor-agnostic provider of cloud hosting, AtkinsRéalis is well placed to work with you to understand your cloud workload requirements and provide you with a solution tailored to your needs. We can host workloads on virtual servers, deployments of cloud PaaS database solutions, or container-based workloads through Kubernetes.

Features

• Private Cloud Hosting in a secure UK data centre.
• Public Cloud Hosting on Azure, AWS, or Google Cloud Platform.
• Hybrid Cloud Hosting can be achieved mixing public and private.
• Support and Maintenance services.
• Professional application, network, services, and architecture design services.
• GDS and Government Technology Code of Conduct compliance.

Benefits

• Cloud native approach to deploying services
• Flexible hosting options tailored to your requirements.
• Modernise on-premise systems and benefit from cloud deployment.
• Cost-effective hosting through serverless and other cloud technologies.
• Securely host workloads that are agile and flexible.
• Proven track-record building and managing cloud environments.

£600 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ccs@atkinsrealis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

408862250174411

Contact

Martin Yeoman
+44 1372 75 2023
ccs@atkinsrealis.com

Service scope

• Service constraints: Constraints might include planned maintenance arrangements or support being limited to specific hardware configurations.
• System requirements: Bring your own licence for non-PaaS software.

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Responses will be determined by a Service Level Agreement (SLA). The SLA will be agreed with the buyer prior to commencement of service.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We can provide a range of different support levels that meet the requirements of the buyer. A Service Level Agreement (SLA) will be agreed with the buyer before the commencement of service, our standard SLA is:; ; Standard Support - 09:00 – 17:00 hours, Monday to Friday (exc. English Public Holidays). ; ; Incidents may be logged via the web, telephone or email during these times. Additionally, Incidents may be logged via the web outside of these hours but will not be progressed until the next working day. Software fixes will be progressed during these hours, and a release made available in agreement with the customer and AtkinsRéalis release schedule. ; ; Extended levels of support can be purchased and we would be happy to discuss these requirements with the buyer and pricing them accordingly.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We will work with the buyer to determine their requirements for the hosting of the application. The route to onboarding the buyer will be determined by their requirements and the agreed method of hosting their application. We will work closely with the buyer and their teams to acquire all necessary software artefacts for deployment along with necessary configuration information and any required data. The exact nature of the onboarding process will differ from buyer to buyer and will necessarily be determined during the discovery of requirements from the buyer.
• Service documentation: No
• End-of-contract data extraction: The process to extract data at the end of the contract will be agreed with the buyer before the commencement of service.
• End-of-contract process: The services provided at the end of the contract will be determined and agreed with the buyer before the commencement of service, this will include any additional costs to be covered for the end of contract service.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Public cloud hosting, for example on Azure, the buyer’s components are isolated from other users of the service through separation and isolation; separate tenants, subscriptions, and resource groups are used to ensure segregation of services.; ; Private cloud hosting runs in our UK data centre as shared infrastructure. The buyers’ running services are segregated from others through isolation via private vLANS. Our firewall controls access across vLANS ensuring only vLANS with appropriate rules in place to communicate with each other. The private cloud infrastrucuture automatically scales according to demand, ensuring heavy workloads from on user does not negatively impact others.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft Azure, Amazon Web Services, Google Cloud Platform, Virtuozzo

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Virtual Machines
  • Databases
  • Container applications
  • Configuration settings
• Backup controls: The amount of control over backups will be determined based on the buyer’s requirements. The cost and method of control will be determined and agreed before the commencement of service.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Other cloud PaaS components can be used to protect data within the network, for example services provided by Microsoft Azure and Amazon Web Services. Often these services involve encryption of data-at-rest using either platform managed encryption keys or customer managed encryption keys.

Availability and resilience

• Guaranteed availability: Before the commencement of service, we shall work with the buyer to understand their requirements for availability and agree the guaranteed levels of availability. Several factors can influence the guaranteed level of availability and this approach ensures that the right level of availability is provided to meet the requirements of the workload being deployed.
• Approach to resilience: We can deploy workloads to a range of public cloud providers as well as our own private cloud offering. As a result, services hosted by us benefit from the resilience that is inherent in these provided cloud environments. Application and service level resilience can be configured to meet the buyer’s requirements using different architectural patterns and cloud-native technologies. We shall work with the buyer to understand their resilience requirements and ensure these are appropriately accommodated in the service.
• Outage reporting: Outage reporting will be dependent on the buyer’s requirement along with the type of workload they want to have hosted. We can provide a number of different tools and services to report on outage, from dashboards and service availability pages through to email and SMS alerting. The exact nature and depth of reporting will be different for each buyer, therefore we shall work with the buyer prior to commencement of service to ensure the right level and mechanism of reporting is utilised.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: We utilise the cloud tooling and access controls implemented by the providers of the cloud platforms we deploy to. Only users with a requirement to access management interfaces and support channels are granted access, and wherever possible we adopt zero-trust policies and Just-in-Time priviledged access.
• Access restriction testing frequency: Never
• Management access authentication: 2-factor authentication
• Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register Quality Assurance Limited
• ISO/IEC 27001 accreditation date: 06/04/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials and Cyber Essentials PLUS Certified.
• Information security policies and processes: The Chief Executive Officer is ultimately accountable for data protection and privacy compliance. Our Project Performance and Risk Oversight function is responsible for creating and taking a strategic view of all areas of information governance, ownership and risk. This function supports and drives a Governance agenda across the organisation and provides the Governance and Ethics Committee, Executive Committee and CEO with the assurance that effective information governance controls and assurance are in place.; The office of the Chief Information Security Officer is responsible for developing and implementing our information security programme. The CISO reports directly to a member of the Executive Committee. ; Our annual Code of Conduct training is mandated to all staff and emphasises the importance of information security and data privacy. Additionally, on-line cyber security and data security training is mandated to staff as part of the on-boarding process, with annual refreshers.; AtkinsRéalis is committed to increasing alignment with and certification to ISO 27001 and we are in the process of expanding the scope of certification. ISO 27001 is a key element of our cyber security strategy, and it is our intention that the majority or all of the business will be certified by the end of 2025.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The configuration and change management approach will differ from buyer to buyer and will be based on the sensitivity of their workload to changes. Some services will not require a rigorous change management process beyond simple impact assessments; however, some services will require rigorous change management processes, approvals, and reporting. We will work with the buyer prior to commencement of service to ensure that an appropriate change management process is in place for their service.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: The approach to vulnerability management will be dependent on the requirements of the buyer. Before the commencement of service, we will work with the buyer to understand their vulnerability management requirements and ensure they are accommodated appropriately.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: The approach to protective monitoring will be dependent on the requirements of the buyer. Before the commencement of service, we will work with the buyer to understand their protective monitoring requirements and ensure they are accommodated appropriately.
• Incident management type: Undisclosed
• Incident management approach: The approach to incident management will be dependent on the requirements of the buyer. Before the commencement of service, we will work with the buyer to understand their incident management requirements and ensure they are accommodated appropriately.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Workloads deployed to a Microsoft Azure datacentre will adhere to the code of conduct for energy efficiency, details of Microsoft’s commitment to sustainability in Azure can be found at https://azure.microsoft.com/en-gb/explore/global-infrastructure/sustainability/; ; Amazon do not state adherence to the code of conduct but are committed to sustainability in their data centres, more details can be found at https://sustainability.aboutamazon.com/products-services/the-cloud?energyType=true; ; Google Cloud Platform do not state adherence to the code of conduct but are committed to sustainability in their data centres, more details can be found at https://cloud.google.com/sustainability/

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  AtkinsRéalis are committed to achieving social value on everything we deliver. Everything we do supports our goal of delivering outstanding project outcomes for our clients, but also ensuring that we leave a legacy for our client and their stakeholders, whether it be environmental, social, or economic. As a global organisation working on the world’s biggest Infrastructure, Transport and Energy programmes we always work to ensure that climate change is considered. Tailored commitments will be agreed through the buying process.; ; Sustainability is at the heart of AtkinsRéalis purpose - engineering a better future for our planet and its people. As an organisation we have signed up to the United Nations Framework Convention on Climate Change's (UNFCCC) Race to Zero global campaign and signed the Business Ambition for 1.5oC commitments. We have signed The Climate Pledge, working towards net zero by 2030 and are in the process of setting science-based targets.; ; We support clients in safeguarding what we do today to enhance the environment and protect future generations from harm, this is fundamental to AtkinsRéalis’ sustainability policy and Sustainable Business Strategy. ; ; We have a series of approaches that we use through the delivery of our cloud projects, including:; ; • Considering whole life carbon when designing systems and assets to minimise carbon.; • Utilising a variety of tools (appropriate to the sector and client) to assess whole life carbon from embodied to in-life to end of life.; • Raising awareness about climate change to stakeholders of the projects to ensure clear understanding.

  Tackling economic inequality

  AtkinsRéalis are committed to achieving social value on everything we deliver. Everything we do supports our goal of delivering outstanding project outcomes for our clients but also ensuring that we leave a legacy for our client and their stakeholders, whether it be environmental, social, or economic. Tailored commitments will be agreed through the buying process.; ; We are committed to creating a healthy future for communities and the wider economy. We do this through creating new businesses, jobs and skills and working with supply chain partners to create capacity and resilience.; ; We recognise some of the digital and cyber skills shortages facing the UK and are actively participating and promoting careers from school age children through to lifelong training. This is often delivered through STEM outreach schemes such as Governors for Schools programme and CyberFirst. This can include upskilling activities delivered by some of our highly skilled professionals ranging from interview and job preparation (e.g., CV support, Mock interviews) through to technical training (e.g., cyber security, digital skillset, STEM-based careers, supply chain engagement). We promote our full-time opportunities to priority groups based on the area of operation. (e.g., people living in regionally and nationally deprived areas /disabled people/ people who are underrepresented in the industry including Women, BAME, LGBT+ etc.).; ; We understand the opportunities a diverse supply chain can bring to complement our overall solution we are providing to our clients, such as innovation, improved productivity, novel or new technologies or niche skillsets. As a large organisation we have a large network of approved suppliers from diverse backgrounds including small and medium enterprises that we can utilise as required. These suppliers go through our due diligence process to ensure they meet our standards (i.e. around cyber security) and we are working with suppliers who share our values.

  Equal opportunity

  AtkinsRéalis are committed to achieving social value on everything we deliver. Everything we do supports our goal of delivering outstanding project outcomes for our clients but also ensuring that we leave a legacy for our client and their stakeholders, whether it be environmental, social, or economic. Tailored commitments will be agreed through the buying process.; ; We have achieved the platinum standard on Cleared Assured Accreditation and are well positioned in its advocacy of ED&I practices. We are committed to creating an inclusive, collaborative culture for all of its employees and sub-contractors and feeding back value directly to our clients.; ; AtkinsRéalis is a member of Inclusive Employers, a national network of businesses committed to building inclusive workplaces. Our processes have enabled us to create inclusive and diverse teams that will benefit clients with better performance, diversity of thinking and enhanced creativity. We are committed to cultivating a thriving diverse and inclusive work environment, where differences are valued and respected, and all staff are valued, supported, and treated fairly.; ; Equal opportunity is fundamental to how AtkinsRéalis operates. From the moment a candidate applies to a vacancy of ours, we assess how we can best ensure equality. With this in mind, we are committed to ensuring that we select and recruit the best people for each role based on their ability to do the job, in line with the needs of the business, irrespective of the candidates’ gender identity, marital status, disability, sexual orientation, health, age, race, nationality, religion, employment status, or membership or non-membership of a trade union. We pursue this commitment by having clear and concise procedures and guidelines for HR and line managers to ensure policies are fully understood and implemented.

  Wellbeing

  AtkinsRéalis are committed to achieving social value on everything we deliver. Everything we do supports our goal of delivering outstanding project outcomes for our clients but also ensuring that we leave a legacy for our client and their stakeholders, whether it be environmental, social, or economic. Tailored commitments will be agreed through the buying process.; ; We are passionately committed to changing the way we think about, and deal with mental/ physical health and wellbeing in the workplace. Without a happy, healthy, and energised team we wouldn’t be able to serve our clients in the innovative way we want to and make substantive change like cloud transformation possible. We live by our own values and ensure these are embedded in our delivery. When undertaking our work, we ensure all stakeholders have a safe and open dialogue to talk about health and wellbeing and access appropriate support.; ; We consider ourselves long term partners with communities, upskilling people and enabling wellbeing benefits over the long term. This can include:; ; • Partnering with local groups and charities to invest in community wellbeing appropriate to the services being delivered. ; • Training our staff to deliver inclusive design in every piece of work to account for those with accessibility issues. ; • Designing with users'’ wellbeing in mind. (Implementing user centered design principles and co-designing with the stakeholders who will use cloud technology. ; • Engaging with stakeholders; to raise awareness to address specific wellbeing agendas, such as mental health.

Pricing

• Price: £600 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ccs@atkinsrealis.com. Tell them what format you need. It will help if you say what assistive technology you use.