Recarta IT

Infrastructure as a Service (IaaS)

Recarta's infrastructure as a service (IaaS) delivers shared and/or private cloud services for hosting workloads. Our infrastructure investment and skills allows for rapid deployment of production and disaster recovery workloads. Management tools and x86 VMs can be deployed as required.


  • Multi-tenant cloud platform with secure customer segregation
  • Hosted from accredited UK Tier 3 datacentres
  • Shared or Private cloud based on Logical partitions
  • Built on highly resilient (N+1) Enterprise class infrastructure
  • Latest Flash storage options
  • Secure Backups available using vendors latest technology
  • Hosted client server options available


  • Reduced Costs (ROI)
  • No capital outlay - OPEX
  • Outsourcing of operations and management
  • Resilient infrastructure and Tier 3 DC
  • Scalable and deployed on latest technology
  • Utilising latest Green and sustainable technology
  • High Availability and off-site back up options •


£0.18 a virtual machine an hour

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

4 4 4 5 0 8 4 0 4 0 7 2 0 8 1


Recarta IT Daren Bland
Telephone: 07785 114938

Service scope

Service constraints
Minimum levels of instances is a requirement.
System requirements
Client to provide remote access from client locations.

User support

Email or online ticketing support
Email or online ticketing
Support response times
An agreed SLA will be in place to define any changes for weekend escalation. Standard SLA is:

1 Critical Impact
Business is critically impaired by a loss of the service.
30-minute response time.
4-hour resolution time.

2 Medium Impact
Business is partially impaired by a loss of the service.
4-hour working day response time.
8-hour working day resolution time.

3 Low Impact
Business function or service is not affected.
1 working day response time.
2 working days’ resolution time.
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Service Level Agreements are scoped and tailored to meet the customer's requirements around their RPO and RTO. Plus any agreed local and/or remote services.

Service Level Agreement support ranges can include:
9-5 Mon-Fri
Escalation only

Via the above options, services can be provisioned whereby a client can pass all backup management, local and remote, to a Recarta fully managed service. This can include services to restore backup or sub components. Or to a service whereby Recarta manages the remote storage capabilities. This can also be defined as providing backup storage with the client being responsible for all actions as regards local and remote backups plus restorations.

Pricing is dependent on the service(s) chosen, and will be based on the level of Recarta interaction outside of the provision of backup storage.

Recarta employs a mature Service Delivery Function with a dedicated Service Delivery Manager being assigned alongside a dedicated sales Account Manager. This function ensures concurrency of any agreed SLA through thorough ongoing service review, change request process, managed service completions, escalation and resolution processes.
Support available to third parties

Onboarding and offboarding

Getting started
Our Sales engagement model starts the conversations around the level of service based on the client's requirements. This forms the basis of the take on service to be completed, and its associated documentation.

With any service, Recarta can work with the client to assist with their business requirements so as to tailor the service to meet their needs. This can additionally involve consultative services to complete an internal audit to capture any and all required components. The Recarta team can assist with the production of a mature operational support documentation.

Ultimate training is dependent on the service chosen. Recarta can provide onsite or online training plus user documentation. For instance the client may only require remote management but have chosen local management, Recarta can provide training so that they can mange this locally to reduce their ongoing costs.

Training can include:
Handover documentation of remote infrastructure structures
Installation of software and hardware
Operational management
Response procedures to alerts, triage procedures and escalations
Service documentation
Documentation formats
End-of-contract data extraction
We offer data cleansing of client data.

Data can be saved to a preferred media format if requested and and sent via a secure courier service. Upon request the client can be part of this process as regards any compliance requirements.

Certification is provided as to the completion of the data cleansing act.

Contractual commitments are entered into at the start of any service that these processes will be completed for the avoidance of any ambiguity.
End-of-contract process
Dependent upon service chosen, these free of charge services are included:
Data cleansing and/or data extraction.
Removal of data access and rights.
Removal of backup software and/or agents
Removal of any backup hardware infrastructure
Final service review procedure

No additional costs are incurred post Agreement sign off.

Using the service

Web browser interface
Command line interface


Scaling available
Independence of resources
Analytical services are running constantly to assess current utilization across multiple metrics; storage, memory, CPU, Internet bandwidth, etc. This allows for constant assessment of planned and non planned for capacity and growth requirements. Overheads are never reached within any given service schedule.

In addition, segmentation of services is achieved so as allow for service concurrency. Separation of client services allows for a quality of service to be met.
Usage notifications
Usage reporting
  • Email
  • Other


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Uptime
  • Availability
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
All data is protected within physical DC locations that have mature and robust access controls. This includes processes around approved members that can gain access to site, racks, servers, etc.

All data is additionally protected by segmented IT process. For instance industry standard hypervisors are deployed to protect data. Along with networking segmentation around Virtual Routing Firewall technologies, VLANs and subnets.
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • Complete operating system instances
  • Virtual machine instances
  • Bare metal server instances
  • File structures
  • Database instances
Backup controls
Complete management can be completed by the client or Recarta. Proxy access can be provided to the local backup infrastructure and software so as to allow for this to happened.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
All communications that require security IE VPN pass phase, key dissemination, etc, is sent via password protected documentation. Relevant passwords are never sent via email.
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Virtual Routing Firewall (VRF) technology is employed at the network layer to segregate client data and traffic. Additionally VLAN and subnet segmentation is employed within the network.

Client data is secured within enterprise class vendor supplied backup device or hypervisor solutions IE VMware ESXi, IBM PowerVM, EMC DataDomain architectures.

Availability and resilience

Guaranteed availability
SLA are targeted around 4x 9s data availability. No refunds are provided.
Approach to resilience
We employ multiple layers of staff members across multiple disciplines to as to ensure there are no single points of failure as regards possible absenteeism.

All hardware and software provisioning that is being used that provides the service delivery and the service itself is all based upon a resilient design. Multiple hardware components are is place IE multi host VMware clusters, SAN storage with multiple control enclosures, dual SAN storage enclosures, dual firewall and switch devices, etc.

These components ensure service delivery consistency.
Outage reporting
Automated monitoring agents and vendors supplied functions (management GUI interfaces) automatically report outages. These alerts can be viewed within a 24/7 dashboard and/or will be sent as email and/or SMS alerts. These events are monitored 24/7 and responded to according to any agreed SLA that is agreed at the start of a service.

Identity and authentication

User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access to management interfaces and support channel functions is controlled and restricted based on individual job roles.

Recarta Managed Services systems, internal management, remote customer management, remote customer monitoring, hosted customer services, etc. the Recarta Service Desk operators have their access rights controlled to applications and operating system operational tasks as defined by their individual job role.

Access to private information will be limited to authorised persons whose job responsibilities require it, as determined by an appropriate approval process, and to those authorised to have access by government legislation.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
March 2022
What the ISO/IEC 27001 doesn’t cover
The scope of our ISMS relates to:

The provision of IT Managed Services, both hardware and software, to a range of public and private sector organisations across a range of varied and diverse arenas.

The network boundary is the section of the network used only by our staff within the office, remote staff or at client locations. This will be defined by everything which is physically in the data centres up to the firewall leading to the outside world.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essential Plus accredited.
Information security policies and processes
Recarta is Cyber Essentials and ISO27001 certified.
Recarta operates an ISMS This is in compliance with the requirements of ISO270001:2013.
These requirements are independently certified and assessed by NQA.
Recarta's ISMS define our processes, their sequence and interaction as well the measures and controls operated to ensure they are implemented, and their performance checked for effectiveness.

Our ISMS is operated, monitored, reviewed and developed to ensure it remains appropriate for our needs.
Information Security is controlled through the ongoing management of the Recarta ISMS to focus on the preservation of:


Ensuring that information is accessible only to those authorised to have access.


Safeguarding the accuracy and completeness of information and processing methods.


Ensuring that authorised users have access to information and associated assets when required.
All staff are provided with details and training on the ISMS Manual and the process for reporting any incidents.
All staff and contractors at Recarta have been communicated the importance of effective use and understanding of the ISMS. The expectations have been outlined to all staff in relation to business continuity and information security through the implementation and publication of the ISMS policy. n.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Recarta operates a change management process to ensure all changes are documented, and approved and that services are not unnecessarily disrupted, or unnecessary changes applied.
When a change is requested the following information is captured

-Summary of the proposed change, outage period,expected hours to complete, proposed date and time of change and any pre-requisites.

-Reason for Change –why the change is required

-Implementation Plan. preparation steps

-Roll Back Plan – if needed

This is then submitted to Change Advisory Board (CAB) and the customer for approval

All emails/conversations related to the change will be recorded within the ticket.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Recarta ensures Critical’ and ‘Security’ patches are installed within two weeks.

Other patches are reviewed by technical management and installed as and if appropriate.

Where the risk of system compromise is considered to be greater than the deployment of a partially tested patch, a decision may be taken to release the patch early.

Recarta carries out monthly ASV scans.

Vulnerability updates from software and hardware suppliers.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Any risk detected by Recarta's monitoring software monitoring agents will be reviewed by the IS manager.

All information security incidents must be reported as quickly as possible to the IS Manager or the SDM

Incidents will be reviewed locally in inline with SLAs and escalated and actioned as necessary and inlkne with best practice.
Incident management type
Supplier-defined controls
Incident management approach
Recarta has a pre-defined process for incident management.

Users are kept updated by the service desk throughout the incident and following resolution, an RCA report will be issued in line with SLA's
Where appropriate and identified process will be revised and amended to ensure steps are in place to prevent any reoccurance.

System audit logs are maintained and inspected as part of the RCA process.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
Other virtualisation technology used
Cisco VRF
How shared infrastructure is kept separate
Networking via Virtual Routing Firewall technologies plus VLANs and subnet segmentation.

Storage and compute hypervisor technologies are deployed to ensure segmentation via vendor supplied virtualization solutions.

The above ensures I/O traffic is separated as regards security, access and management.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
Recarta's DataCentre has gained European Union (EU) energy efficiency certification. All organisations that sign up to the Code are expected to follow the intent of it and abide by a set of agreed commitments, which encourage DC operators to seek out good Power usage Effectiveness (PuE) ratings, ensure good cooling to deliver optimum performance and resiliency, and so forth. As a Participant, our data centre's operate to a recognised level of energy efficiency, in line with the best practice Code. I Our Data Centre is now officially a Participant for SQ17, P1, and A9,”

Social Value

Fighting climate change

Fighting climate change

Recarta are working to meet the UK's goal of net zero emissions by 2050,m, and to follow the Governments's Environmental Policy and Sustainable Development Plan by working with a third party to calculate carbon emissions, offset them and ultimately reduce emissions. Recarta are committed too: 1) Reduce travel carbon footprint by offering a Hybrid and Electric fleet, encouraging carpooling and use of public transport 2) Use remote meetings/reviews where possible 3) When physical visits are required, Supplier will call upon a wide geographic spread of sales and technical staff to choose the best skilled person located close to the Buyer 4) For new hardware projects Supplier will use energy saving measures e.g. server virtualisation, cloud & recycling options. This will deliver measurable improvements on a per project basis (e.g. consolidation of 3 racks of storage into a single 4U installation) 5) Continue to promote circular economy 6) Reduce plastic waste 7) Use refill services for cleaning products 8) Encourage staff personal use of sustainable products 9) Use and promote Green Energy via renewable energy providers. Encourage staff to swap their home providers with incentive links 10) Promote a 'Paperless Office', using products to offer e-sign capabilities
Covid-19 recovery

Covid-19 recovery

Following the announcement of the Covid-19 pandemic from WHO, Recarta invoked our Business Continuity Plan. This involved the remote working of all staff. As the UK guidelines have relaxed and encouraged a return to the office, Recarta have employed a gradual, structured return to the office, with split office and remote working. Job roles and key responsibilities have been identified for all staff members, and a job role split has been put in place ensuring members of staff responsible for key services do not attend an office environment simultaneously. Activities that, in the delivery of the contract: - Improve workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions.
Tackling economic inequality

Tackling economic inequality

Recarta have a robust equal opportunity policy and Modern Slavery policy in place
Equal opportunity

Equal opportunity

Whilst respecting the Laws of the United Kingdom, the company will exercise fair working


The company will make sure that all employees are treated equally and fairly and consideration

will be taken for their aspirations and achievements in the workplace.

All people coming into contact with the company will be treated equally irrespective of race,

colour, religion, gender, sexual orientation, physical disability or any other grounds that might be

construed as grounds for discrimination, including harassment and intimidation. We are an Equal

Opportunities Company and abide by The Working Time Directive.


Recarta are committed to promoting a healthy workplace with the aim being to keep each employees wellbeing at the focus. Managers and Team Leaders conduct regular 1-2-1's with staff to ensure all each team members has the time to be heard. 1-2-1's includes conversation around current job role satisfaction, aims and goals, and any areas of concerns both within and outside the workplace. Recarta offer flexible working, both remote and time based to assist staff members with any difficulties outside of the workplace i.e. childcare Team building events are held regularly, as smaller specific team based events aswell as company wide ones. These events are held remotely and in person, to cater for all, and offer a wide range of activities.


£0.18 a virtual machine an hour
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.