Skip to main content

Help us improve the Digital Marketplace - send your feedback

Answers and Solutions ltd

Hosting of Websites, WordPress and Cloud Apps. A Shared Service

To install 3rd party cloud apps your administrator needs servers online and in the cloud. These servers require workspace(s) and tooling. This service provides both, allowing the installation and manage the majority of cloud solutions. Complementing our Web software, Cloud and Consulting service, you can take "hosting_only" or multiple services.


  • ------ Solution managed via Microsoft's Windows Internet browser. -----
  • Fully scaleable; Server Clustering and Storage networks give vast capacity
  • Our Graphical Interface makes deploying low-cost Cloud apps easy.
  • Suitable for WordPress, Auction software, Service Desk Systems.
  • Suitable for time and attendance systems and almost anything else.
  • All the underlying infrastructure for your Website or other application.
  • Pen Testing. PenTesting during Onboarding available for GDPR security
  • Vulnerability Scanning


  • Enables the utilisation of low cost, high performance commercial solutions.
  • The Commercial sector frequently uses these Commercial Solutions.
  • 95% of the top million websites are on Linux Servers.
  • Our Graphical Interface for Linux means anyone can easily setup.


£500 to £1,000 an instance a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

4 8 3 9 9 2 2 8 9 8 2 0 2 6 5


Answers and Solutions ltd Christopher Wainwright
Telephone: 02920733722

Service scope

Service constraints
Being a shared system, you are unable to alter Operating System settings, and many management settings cannot be changed. Those are available on our Private Hosting service.

None of the entry level email systems available offer GDPR compliant messaging, ours is no exception. This can be turned on if requested. A chargeable GDPR compliant email system can be added as an extra.
System requirements
  • You will need suitable domain name(s)
  • You will need suitable SSL Certificates (We can provide these)

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Online support requests will be acknowledged and users will be able to view the status of tickets. It should be noted that support is not a substitute for training.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
The entire system will be hosted off-site, and all system parameters can be "configured over the wire". However, the line between an underlying platform and the installed application can get blurred. If required, we are able to provide the initial support required by most users to quickly setup and configure their systems. Chargeable telephone support, arranged via the ticking system is by appointment.

This is charged at our hourly rate to ensure that those employing highly skilled staff are not being asked to subsidize those who require onsite training.

Re: Support to 3rd parties. This raises security, authorisation and data protection issues. Support to 3rd parties is therefore provided in limited circumstances to assist integration of a 3rd party system, rather than explaining how to alter our platform. We do not support API programming. 3rd party support only is provided to named staff and is billable.

Support should not be confused with training. When appropriate, we may signpost people to appropriate supplier resources.
Support available to third parties

Onboarding and offboarding

Getting started
We will provide onsite requirements gathering and service expectations consultancy. This will allow the configuration engineer to build they system with the correct configuration, and to generate appropriate documentation. If the buyer has domain name details, we will set these up on the system and install any software chosen from our software services schedule. We will return to site a few days later to provide onsite training. The remit of onsite training covers operation of the hosting platform, rather than any installed cloud apps. Service(s) for installed cloud apps are attached to the subscriptions to those apps. We can also offer a data migration service should a customer be coming to us from a previous supplier.
Service documentation
Documentation formats
End-of-contract data extraction
Data transfer to a new location will always be possible. Basic end of contract costs are included in the setup fee.

The incoming service buyer may install their equipment or subscribe to appropriate services as part of their onboarding and our exit plan.

The standard monthly transfer data transfer allowance is of course provided free of charge during month 12.
End-of-contract process
The provision of professional services at our datacentre will probably be required. This shall be charged as per the pricing document.

We will offer free of charge storage of data backups made during the contracted period for a further 60 days. Once the data is 60days old it will be stale and will be deleted.

Using the service

Web browser interface
Using the web interface
To maintain system security, we will not supply logon credentials until after system setup. After the order has been validated and finalised the service does not take long to setup. From then on, users can make configuration changes to those settings relevant for most types of website hosting.

Users can create internet domains, subdomains, domain pointer records etc and upload most typical website application software etc. They can create FTP accounts for multiple staff if required. Users can make backups, but cannot restore without our assistance. This is to avoid "accidents".

Note #1: Domains must first be registered elsewhere.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
The interface has been well designed. Our company selected the platform in question several years ago based on the quality of the interface. Eight years on, it remains superior to others on the market, and we continue to use it on account of the quality that it was built-in.

I cannot however at this time advise whether it has been formally certified to the standards above.

A new interface is planned for released during the lifetime of G-Cloud. 12
Web interface accessibility testing
1 in 12 men are colour blind and we are very aware of this issue. We tested all the available interfaces with a colour blind user. We use the system our user preferred.

There are several interfaces on the market, the one we selected and offer to clients is the best we could find; we also tested it for clarity and simplicity, ensuring the options and features are logically located and easily found.

Most vendors submitting offerings to G-Cloud will be offering cPanel or Plesk branded systems, systems we rejected for technical reasons as well as the inferior interface.
Command line interface
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
There are few if any reasons to use the command line interface. We provide a competent application which includes PHPAdmin as standard. Because this is a shared platform, we do not allow the use of the CLI. This is because we do not want to see your system compromised.

If you wanted to access these commands you could subscribe to our Privet Hosting Platform instead. Software licensing and other costs then need to be borne by you on a sole basis rather than a shared basis. Virtualization is taken to the next level.


Scaling available
Independence of resources
This service is scaled to suit the expected workload. Virtualisation technology offers many advantages, including fast and rapid scaleability. The solution we use also supports clustering and so can spread its workload across multiple physical servers if required.

Thresholds will be set on parameters such as network traffic and maximum emails sent per hour to mitigate against mis-use by a small few.
Usage notifications
Usage reporting
  • Email
  • Other


Infrastructure or application metrics
Metrics types
  • Disk
  • Network
  • Other
Other metrics
Qty of MySQL databases, FTP Accounts, Domains and subdomains
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
In-house destruction process

Backup and recovery

Backup and recovery
What’s backed up
  • The Platform has an internal backup system.
  • The DR system replicates the entire platform.
  • Databases can be backed up to an agreed schedule.
  • The backup stategy shall be agreed between supplier and buyer.
Backup controls
This will depend of the software chosen during setup consultation
Datacentre setup
  • Multiple datacentres
  • Single datacentre with multiple copies
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
An IPsec or TLS VPN gateway can be configured at extra cost. If required, this would also indicate that the client has security concerns above the usual run-of-the-mill and may need one of our other solutions with higher levels of isolation implemented.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Our networks systems are within a datacentre with the minimum of physical access. Virtual networking can be deployed, but if required, this would also indicate that the client has security concerns above the usual run-of-the-mill. They may need one of our other solutions with higher levels of isolation implemented.

Availability and resilience

Guaranteed availability
The buyer will be eligible for one free days hosting for every hour the service was inaccessible to the buyers users, capped at 100% of the days in a free month. Planned maintenance events taking place at weekends or overnight are excluded. Details are in the service description document.
Approach to resilience
The approach to resilience within the datacentre and our equipment therein is based on the elimination of single points of failure. In techno-speak this is called n+1 , which means that if an item failed a spare one takes over. Full details on request
Outage reporting
A public dashboard available to customers will indicate any outages.

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
There are two levels here. The management interfaces to the clients side and those interfaces with heightened permissions that we use to administer the client side.

The customer logon screen to our PaaS requires two entries in addition to the password, making it very secure. 2 factor authentication is available.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
Other techniques are available with our private hosted system that we cannot implement on a shared platform
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
PCI DSS accreditation date
What the PCI DSS doesn’t cover
We do not store CC details on our servers; CC details are processed by our bank on their PCI DSS certified servers. Our PCI certification was issued with this processing method declared. Most payment processing applications handover to an external CC payment provider, who accepts payment before handing purchase approval back to the application that you would be running on our system. This means that our PCI DSS certification is suitable for eCommerce solutions used by most organisations . If you want to store people CC details on our servers, that can be arranged and our PCI DSS would be amended to suit. Your software solution would need to be PCI DSS compliant.

Using a 3rd party processor such as Worldpay [or one of their numerous competitors] is by far the best way to handle the GDPR aspects of Credit Card processing.
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Good Practice security governance is practiced. Our Physical server(s) are located in a restricted access datacentre. Strong passwords are enforced and stored safely.

ID's of clients appointed officers are stored and will be used to validate requests for support and assistance.
Information security policies and processes
The staff at our office do not have physical access to the hardware, ensuring that data at rest is protected.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We operate a minimal environment for the common stack which minimises the numbers and types of software patches we need to install. Software patches are those recommended by the relevant supplier(s).

Clients requesting bespoke configurations are placed on fully segregated platforms. A necessary consequence of this is that clients may need to upgrade during the lifetime of a contract if bespoke settings are required after initial setup.

A test environment is maintained separately from our production environment for the purpose of software patch testing.
Vulnerability management type
Vulnerability management approach
We have selected products recognized within the industry as having an appropriate level of security and vulnerability management. Vulnerability management is based upon notification to us by our suppliers and the installation Patches.

The biggest vulnerability comes from clients installing outdated and un-patched software, rather than the PaaS platform. Segregation of shared resource minimizes risks, but if this is a concern customers may signup for the fully isolated VPS service we also offer.

Clients on the shared platform are required to notify us of applications prior to deployment. Legacy apps carrying requiring depreciated infrastructure may need hosting on a VPS.
Protective monitoring type
Protective monitoring approach
For security reasons, we do not publish details of protective actions taken since such details substantially increases the risks we face.
Incident management type
Incident management approach

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
KVM hypervisor
How shared infrastructure is kept separate
Virtualization keeps systems separated. Within the Platform segregation is further enforced by the operating system.

Data in transit will also be encrypted via SSL

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
Renewable or nuclear energy is used as much as possible at our datacentres. Coal derived power has virtually been eliminated, and will be gone completely during the lifetime of a G-Cloud contract. The biggest consumption of energy within the Datacentre is server hardware. Server virtualisation minimises the number of physical servers permanently running. Our equipment is housed in multiple 3rd party datacentres. On request, datacentre space is available in northern (arctic) climates, and we can locate your service in Finnish DC's.

Social Value

Fighting climate change

Fighting climate change

Climate change is minimised by reducing CO2 emissions. We use an energy provider that has minimized its reliance on fossil fuel power generation and sources as much nuclear energy as possible. Renewable energy is included in the mix (hydro, solar and wind). Any shortfall is topped up by a small top up from fossil fuels. We also minimise power consumption by using shared infrastructures for some clients, and where a client requires a non-shared infrastructure, we minimise energy consumption using virtualisation techniques.

All hardware purchases are required to meet current energy efficiency targets.
Covid-19 recovery

Covid-19 recovery

As part of our commitment to CO2 reduction and our commitment to Covid-19 recovery, we allow home working and use virtual meeting technologies as much as possible.
Tackling economic inequality

Tackling economic inequality

We place as much business as possible in areas that are short of opportunities. The economic advantages are obvious, but additional business advantages include those that accrue from having a stable workforce.
Equal opportunity

Equal opportunity

We provide equal opportunity and recruitment is based solely on ability. Individuals are free to hold any personal view they wish and no discrimination is permitted on those grounds


All staff are encouraged to have a healthy work-life balance. Staff are encouraged to exercise regularly and hold diverse interests. We offer a salary sacrifice scheme for all physically active recreational activities that meet this requirement, and undertake occasional team-building events in pursuit of the wellbeing criteria.


£500 to £1,000 an instance a month
Discount for educational organisations
Free trial available
Description of free trial
This is a free demonstration, not a free trial. The system is reset every fortnight. Installations generating abusive traffic levels will be deleted without notice. 30-day free trial if a day's training is purchased. No access to the email / advanced features. Logon credentials provided on enquiry.
Link to free trial
Provided On Request

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.