Synextra Ltd

Enterprise Cloud - IAAS

We provide a secure, reliable cloud hosting platform. Our platform is a UK-based solution whereby you pay for exactly what you need, giving you scalability and flexibility to adapt to the evolving needs of your business.


  • Customisable Machine Sizes
  • Secure backup's included as standard
  • Remote access
  • 24/7 monitoring
  • Citrix Hosted Desktop


  • Access your data from any location
  • Protect your data from security threats
  • Pay for exact capacity you need
  • Maintain control as if its your own infrastructure


£79.50 a virtual machine

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

4 2 8 4 6 0 6 5 0 0 7 5 2 1 2


Synextra Ltd Abbey McAllister
Telephone: 01618831383

Service scope

Service constraints
Planned maintenance windows take place for all patching or service improvements. These windows will take place out of core hours.
System requirements
Chrome / Edge for accessing management interface.

User support

Email or online ticketing support
Email or online ticketing
Support response times
P0 - 30 minutes
P1 - 60 minutes
P2 - 90 minutes
P3 - 4 Hours
Service requests - 1 Day

Out of hours, tickets are not picked up however, critical issues will be actioned, the user would need to raise a ticket. Then call the helpdesk to escalate to an on call enigneer. Critical issues are covered 24/7
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
All cloud offerings come with inclusive infrastructure support. If managed support is taken for the OS/solution level this is provided on a single-tier support service. All customers receive 24/7 support with monitoring.

8am-6pm Monday to Friday are our standard helpdesk hours. Outside of these hours we always have on-call engineers to hand to assist with critical issues.

Our monitoring system is set up to contact our on-call engineers should something alert at any point. Our engineers will proactively contact the customer and begin triaging the issue as soon as the alert comes in.
Support available to third parties

Onboarding and offboarding

Getting started
For all new customer solutions, they will go through our provisioning procedure for hosting services.

Customers will be assigned an engineer during our project meetings, internally we will review the order, and confirm with the sales representative what has been purchased.

Next, they will be included in a pre-sales call, where we clarify the solution with the customer and confirm technical requirements.

Following this, a statement of works will be provided to the customer to review and sign to agree the method and peramiters of the order.

For larger projects, the customer will then be given access to a project management board for full visibility of progress on the order.

For most services, if training is required, this will be scoped during the proposal phase to determine how this would look.

During the build, we will require the customer to perform testing.
Service documentation
Documentation formats
Other documentation formats
Online Project Management Tool
End-of-contract data extraction
Data will be provided over an encrypted medium on a time and materials basis.
End-of-contract process
We have a 60-day notice period for customer terminations. At the end of the contact, a Change Request will be raised and require approval from the customer to cancel/turn off serivces.

If the customer requires Synextra time to onboard to a new vendor, this is chargeable. The data extraction would be chargeable. The customers account must be up to date for this work to begin.

Using the service

Web browser interface
Command line interface


Scaling available
Independence of resources
Capacity planning is carried out before any new tenants are provisioned on our platform. Our shared platform is oversubscribed unless dedicated resources are ordered.

Our hybrid / private solutions provide dedicated compute capacity.
Usage notifications
Usage reporting


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
Volume level encryption (solution dependant) is available.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • Files
  • Virtual Machines
  • Databases
  • Device Configuration
Backup controls
As standard we back up nightly with 14 days of retention however, customers can request bespoke backup configuration, and additional requirements may be chargeable.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
MPLS segmentation.

Availability and resilience

Guaranteed availability
99.999% availability per availability zone guaranteed.

Service credits must be requested via the customers account manager.
Approach to resilience
Synextra occupies 4 data centres with compute resources available in 2 locations that are over 50 miles apart. Resiliency can be facilitated with either replication or geo-resilient load balancing.

All locations are connected by multiple carrier and path diverse 10GB connections.
Outage reporting
We utilise a monitoring software to alert for outages and problems within certain parameters.

P0 outages will have an RFO produced to report on the issue, the resolution, and the future mitigation method.

If an outage occurs an email alert will be issued through our management system.

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
All management networks are within an isolated environment. Access to this environment is protected by 2FA. All 3rd party access is monitored with accounts disabled when not in use.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
19 May 2019
What the ISO/IEC 27001 doesn’t cover
Customer Solutions. Only Synextra is covered.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We follow all standards of ISO27001 to ensure our security practices up to date. We follow routine reporting and audits to ensure that policies are being followed and we are following a strict protocol for security standards.

Examples: Change Request procedure, Daily checks procedure, regular uptime reports and monthly patching.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We follow ISO 27001 Standards.

Our Change requests are monitored via our helpdesk solution. Each change request details :
-Planned Dates and Proposed Maintenance window
- Reason for Change
-Technical Impact
-Potential impact on security
-Change Plan
- Test plan Change
- Roll Back Plan
- Test Plan - Roll Back

All CR's needs approval from a senior memeber of the Synextra team and from the primary contact at the customers side.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We run weekly vulnerability scans of all hosting infrastructure and subscribe to vendor security bulletins. We run a regular patching schedule on a monthly basis - or as and when critical CVSS score vulnerabilities are identified. Any critical vulnerabilities identified will be prioritised for resolution within 14 days.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All core infrastructure and systems are logged into a SIEM solution reviewed by our security team. Any alerts generated will be triaged and escalated for review. The most critical alerts will be reviewed within 15 minutes.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are all recorded within our service helpdesk. Users can email to raise a ticket.

Once in the system, an engineer will be assigned to the ticket and a priority rating will be assigned.

The updates/timeframes are managed based on our SLA matrix.

If an incident is urgent, we request users to raise a ticket, obtain a reference number and then call into the main office number.

This is the same process 24x7.

Incident reports are supplied upon request, P0 incidents are provided with an RFO

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
How shared infrastructure is kept separate
Isolated tenants inside VCloud Director with NSX segmentation providing network isolation.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
Datacentres follow standards to cover energy efficiency.

Social Value

Fighting climate change

Fighting climate change

Synextra is committed to utilising carbon-neutral datacentre's.

Our data centres at present either are carbon neutral or ensure carbon offsetting.
Covid-19 recovery

Covid-19 recovery

Synextra has ensured during the peak of the pandemic and throughout the recovery that we protect our staff members but also ensure that service and availability of services for customers remain at normal standards.
Tackling economic inequality

Tackling economic inequality

Synextra is committed to developing its apprenticeship training program and is aiming to develop 5 new apprentice roles over the next 5 years. These apprentices will be provided with full training and industry qualifications in the high growth technology sector.
Equal opportunity

Equal opportunity

Synextra has the policy to ensure that staff members have the same opportunity regardless of sex, ethnicity, age ect.

The workforce at synextra are a large mix of backgrounds and we ensure that progression, salary and opportunity is the same for all.


Synextra provides a well-balanced well-being program including flexible working, overtime payments, health cover with Axa and an employee rewarding program.

We are keen on regular catch-ups with employees to ensure satisfaction and uncover the employee goals.

Synextra ensures that staff are knowledgeable of the business goal and objectives and conduct a regular all-hands session where they are updated and employee success is praised.


£79.50 a virtual machine
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.