Answers and Solutions ltd

Web Hosting Platform (Private). Cloud Applications, Websites, Intranets. No Sharing - Full Control

To install 3rd party cloud apps your administrator needs servers online and in the cloud. These servers require workspace(s) and tooling. This service provides both, allowing the installation and manage the majority of cloud solutions. Complementing our Web software, Cloud and Consulting service, you can take "hosting_only" or multiple services.


  • A private version of the shared platform we offer on_G-Cloud
  • For the department with limited IT capability but requiring maximum_outcomes.
  • Different permissions for Enterprise, Departmental and Section levels
  • Specify unique security settings across an unlimited number of websites.
  • Custom firewall settings available to make this 'internal use' only.
  • Scales easily from the small section to an entire department
  • Suitable for those not wanting 3rdParties to share this resource
  • Compatible with 'off-the-shelf' Comercial solutions designed for Linux
  • Pen Testing. PenTesting during Onboarding available for GDPR security
  • Vulnerability scans


  • Enables the utilisation of low cost, high performance commercial solutions.
  • No resource sharing so bespoke settings possible.
  • No performance hit. Others can load 256+ users per server
  • Suitable for Wordpress, Opencart, Magento, wiki, PHP and eCommerce applications
  • Suitable for departmental service ticket, record keeping and other solutions


£600 to £3,000 an instance a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

4 0 9 2 2 9 9 9 5 2 3 6 8 1 2


Answers and Solutions ltd Christopher Wainwright
Telephone: 02920733722

Service scope

Service constraints
This is our most flexible offering. Because it is a non-shared system, we can give access to the command line shell and many of the other management features.

We can configure this to work with any of the 'well respected' additional services that are available. For example, an indirect security logon system could be implemented, Internet traffic analysis services exist, giving enhanced security. These can be discussed during implementation.

Some products require a VPS's rather than standards compliant hosting. Please see the service description and pricing schedule for details.
System requirements
  • A mobile phone for 2-factor authentication
  • Some security related aspects are easier with locally installed software
  • You will need suitable domain name(s) We can assist.
  • You will need suitable SSL Certificates (We can provide these)
  • Anti-Virus licences are an available option

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Online support requests will be acknowledged and users will be able to view the status of tickets.

It should be noted that support is not a substitute for training.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
We use a commercially available, Open Standards chat client. These are well produced, with usability in mind, however, these European standards were not explicitly specified when the product was built
Web chat accessibility testing
Tested with colour blind user/tester. This aspects covers one of the largest groups of people who suffer when badly designed user interfaces are deployed.
Onsite support
Yes, at extra cost
Support levels
The entire system will be hosted off-site, and all system parameters can be "configured over the wire". However, the line between an underlying platform and the installed application can get blurred. If required, we are able to provide the initial support required by most users to quickly setup and configure their systems. Chargeable telephone support, arranged via the ticking system is by appointment.

This is charged at our hourly rate to ensure that those employing highly skilled staff are not being asked to subsidize those who require onsite training.

Re: Support to 3rd parties. This raises security, authorisation and data protection issues. Support to 3rd parties is therefore provided in limited circumstances to assist integration of a 3rd party system, rather than explaining how to alter our platform. We do not support API programming. 3rd party support only is provided to named staff and is billable.

Support should not be confused with training. When appropriate, we may signpost people to appropriate supplier resources.
Support available to third parties

Onboarding and offboarding

Getting started
We will provide onsite requirements gathering and service expectations consultancy. This will allow the configuration engineer to build they system with the correct configuration, and to generate appropriate documentation. If the buyer has domain name details, we will set these up on the system and install any software chosen from our software services schedule. We will return to site a few days later to provide onsite training.

The remit of onsite training covers operation of the hosting platform, rather than any installed cloud apps. Service(s) for installed cloud apps are attached to the subscriptions to those apps.

We can also offer a data migration service should a customer be coming to us from a previous supplier.
Service documentation
Documentation formats
End-of-contract data extraction
Data transfer to a new location will always be possible. Basic end of contract costs are included in the setup fee.

The incoming service buyer may install their equipment or subscribe to appropriate services as part of their onboarding and our exit plan.

The standard monthly transfer data transfer allowance is of course provided free of charge during month 12.
End-of-contract process
The provision of professional services at our datacentre will probably be required. This shall be charged as per the pricing document.

We will offer free of charge storage of data backups made during the contracted period for a further 60 days. Once the data is 60days old it will be stale and will be deleted.

Using the service

Web browser interface
Using the web interface
To maintain system security, we will not supply logon credentials until after system setup. After the order has been validated and finalised the service does not take long to setup. From then on, users can make configuration changes to those settings relevant for most types of website hosting. Users can create internet domains, subdomains, domain pointer records etc and upload most typical website application software etc. They can create FTP accounts for multiple staff if required. Users can make backups, but cannot restore without our assistance. This is to avoid "accidents". The administrator can decide what rights to allocate users.

Note #1: Domains must first be registered elsewhere.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
The interface has been well designed. Our company selected the platform in question several years ago based on the quality of the interface. Eight years on, it remains superior to others on the market, and we continue to use it on account of the quality that it was built-in.

I cannot however at this time advise whether it has been formally certified to the standards above.

A new interface is planned for released during the lifetime of G-Cloud.
Web interface accessibility testing
1 in 12 men are colour blind and we are very aware of this issue. We tested all the available interfaces with a colour blind user. We use the system our user preferred.

There are several interfaces on the market, the one we selected and offer to clients is the best we could find; we also tested it for clarity and simplicity, ensuring the options and features are logically located and easily found.

Most vendors submitting offerings to G-Cloud will be offering cPanel or Plesk branded systems, systems we rejected for technical reasons as well as the inferior interface.
Command line interface
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
Access to the CLI interface can be switched on and off by the users nominated Administrator. When switched on, the user will have standard user rights via the CLI commands. We have a pack of software utility apps available to the user's admin staff which can be installed on a local windows desktop. These apps can, for example, access a backend database without going via the relevant webpage. These software apps are using the CLI interface. The users can also directly issue Linux commands into a command editor if they have the necessary skills.

The user will not have access to system level services. Should those be obtained, any remediation works would be billable. A user expecting to need system level access is encouraged to choose one of our VPS offerings.

The system administrator can choose what level of access should be given to regular users, with a high degree of granularity.


Scaling available
Independence of resources
This service is scaled to suit the expected workload and can easily be expanded using Virtualization technology, which offers many advantages, including hard-stops on resource hogging. If other users generate excessive workloads, it will be their system that slows down. We will be monitoring the underlying physical layer that forms our infrastructure. If loading rises we are able to add server clustering that spreads the workload across multiple physical servers.

Your private hosted system will always get the allotted resource.
Usage notifications
Usage reporting
  • Email
  • Other


Infrastructure or application metrics
Metrics types
  • Disk
  • Memory
  • Network
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach

All data moved in or out of areas protected by the above methods is protected by encryption

The buyer should note that the supplier has no control over the buyer's IT systems.
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
In-house destruction process

Backup and recovery

Backup and recovery
What’s backed up
  • The Platform has an internal backup system.
  • The DR system replicates the entire platform.
  • Databases can be backed up to an agreed schedule.
  • The backup stategy shall be agreed between supplier and buyer.
Backup controls
This will depend of the software chosen during setup consultation
Datacentre setup
  • Multiple datacentres
  • Single datacentre with multiple copies
Scheduling backups
Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
An IPsec or TLS VPN gateway can be configured at extra cost. A connection through a private network connection can be configured at extra cost. Both options add constraints to physical placement of hardware ie into which data center we place your service. Details are in the service description document and price schedule.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Our networks systems are within a datacentre with the minimum of physical access. Virtual networking can be deployed, but if required, this would also indicate that the client has security concerns above the usual run-of-the-mill. They may need one of our other solutions with higher levels of isolation implemented.

Availability and resilience

Guaranteed availability
The buyer will be eligible for one free days hosting for every hour the service was inaccessible to the buyers users, capped at 100% of the days in a free month. Planned maintenance events taking place at weekends or overnight are excluded. Details are in the service description document.
Approach to resilience
The approach to resilience within the datacentre and our equipment therein is based on the elimination of single points of failure. In techno-speak this is called n+1 , which means that if an item failed a spare one takes over.

Full details on request
Outage reporting
A public dashboard available to customers will indicate any outages.

Identity and authentication

User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
The standard method is username and password authentication. 2-factor authentication is an option easily activated. Additional / Alternative Services such as OneLogin Further security arrangements using firewall and network level security methods could be configured. Only one method ought to be used for a given scenario. The arrangements other than 2FA and username/password will involve extra cost.
Access restrictions in management interfaces and support channels
There are two levels here. The management interfaces for the clients side and those interfaces with heightened permissions that we use to administer the client side.

2 factor authentication is available. If the assignment warranted it, we can setup more advanced access control methods if instructed as an additional task, eg it is possible to restrict the login location to a named building.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
Further security is possible using network level security, eg the dedicated link method. This allows the determination down to specified building(s) via IP address techniques if required. It is implemented at extra cost.
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
PCI DSS accreditation date
What the PCI DSS doesn’t cover
We do not store CC details on our servers; CC details are processed by our bank on their PCI DSS certified servers. Our PCI certification was issued with this processing method declared. Most payment processing applications handover to an external CC payment provider, who accepts payment before handing purchase approval back to the application that you would be running on our system. This means that our PCI DSS certification is suitable for eCommerce solutions used by most organisations . If you want to store people CC details on our servers, that can be arranged and our PCI DSS would be amended to suit. Your software solution would need to be PCI DSS compliant. Using a 3rd party processor such as Worldpay [or one of their numerous competitors] is by far the best way to handle PCIO DSS aspects of Credit Card processing.
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Good Practice security governance is practiced. Our Physical server(s) are located in a restricted access datacentre. Strong passwords are enforced and stored safely.

ID's of clients appointed officers are stored and will be used to validate requests for support and assistance.
Information security policies and processes
The staff at our office do not have physical access to the hardware, ensuring that data at rest is protected.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We operate a minimal environment for the common stack which minimises the numbers and types of software patches we need to install. Software patches are those recommended by the relevant supplier(s).

Clients requesting bespoke configurations are placed on fully segregated platforms. A necessary consequence of this is that clients may need to upgrade during the lifetime of a contract if bespoke settings are required after initial setup.

A test environment is maintained separately from our production environment for the purpose of software patch testing.
Vulnerability management type
Vulnerability management approach
We have selected products recognized within the industry as having an appropriate level of security and vulnerability management. Vulnerability management is based upon notification to us by our suppliers and Patch installation.

The biggest vulnerability comes from clients installing outdated and un-patched software, rather than the PaaS platform. Segregation of shared resource minimizes risks, but if this is a concern customers may signup for the fully isolated VPS service we also offer.

Clients on the shared platform are required to notify us of applications prior to deployment. Legacy apps carrying requiring depreciated infrastructure may need hosting on a VPS.
Protective monitoring type
Protective monitoring approach
For security reasons, we do not publish details of protective actions taken since such details substantially increases the risks we face.
Incident management type
Incident management approach

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
KVM hypervisor
How shared infrastructure is kept separate
This service is hosted on several VPS machines. The only organsiation(s) using this infrastructure are those with a direct relationship to the customer. The customer decides who can share the infrastructure used to build the private hosting platform. The external separation between VPS's is enforced by the virtualization technology; comparable to the separation between physical servers. Provided the customer uses encryption, eg SSL encrypted websites, the 'on-the-wire' data is indecipherable while it traverses the network.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
Renewable or nuclear energy is used as much as possible at our datacentres. Coal derived power has virtually been eliminated, and will be gone completely during the lifetime of a G-Cloud contract.

The biggest consumption of energy within the Datacentre is server hardware. Server virtualisation minimises the number of physical servers permanently running. Our equipment is housed in multiple 3rd party datacentres. On request, datacentre space is available in northern (arctic) climates, and we can locate your service in Finnish DC's.

Social Value

Fighting climate change

Fighting climate change

Climate change is minimised by reducing CO2 emissions. We use an energy provider that has minimized its reliance on fossil fuel power generation and sources as much nuclear energy as possible. Renewable energy is included in the mix (hydro, solar and wind). Any shortfall is topped up by a small top up from fossil fuels. We also minimise power consumption by using shared infrastructures for some clients, and where a client requires a non-shared infrastructure, we minimise energy consumption using virtualisation techniques.

All hardware purchases are required to meet current energy efficiency targets.
Covid-19 recovery

Covid-19 recovery

As part of our commitment to CO2 reduction and our commitment to Covid-19 recovery, we allow home working and use virtual meeting technologies as much as possible.
Tackling economic inequality

Tackling economic inequality

We place as much business as possible in areas that are short of opportunities. The economic advantages are obvious, but additional business advantages include those that accrue from having a stable workforce.
Equal opportunity

Equal opportunity

We provide equal opportunity and recruitment is based solely on ability. Individuals are free to hold any personal view they wish and no discrimination is permitted on those grounds.


All staff are encouraged to have a healthy work-life balance. Staff are encouraged to exercise regularly and hold diverse interests. We offer a salary sacrifice scheme for all physically active recreational activities that meet this requirement, and undertake occasional team-building events in pursuit of the wellbeing criteria.


£600 to £3,000 an instance a month
Discount for educational organisations
Free trial available
Description of free trial
This is a free demonstration, not a free trial. The system is reset every fortnight. Installations generating abusive traffic levels will be deleted without notice. 30-day free trial if a day's training is purchased. No access to the email / advanced features. Logon credentials provided on enquiry.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.