ZALTEK LIMITED

Website Hosting

Zaltek Digital's cloud hosting service provides scalable, reliable, and secure infrastructure for businesses to host their applications, websites, and data. It offers flexibility, cost-efficiency, and accessibility, and we support all platforms including WordPress, Drupal, Laravel, Umbraco, custom code, large scale apps, and more.

Features

• Built-in redundancy and frequent backups
• Ability to scale resources up or down based on demand
• High uptime guarantees based on service history
• Support for various operating systems and languages
• Fast load times and low latency
• Cost efficient pricing models
• Real-time monitoring and analytics
• Comprehensive support services and documentation
• Adherence to industry standards and regulations
• Security Patching

Benefits

• Expert, on-demand support from Zaltek
• Utilise data centers in other regions for global reach
• Stay updated and secure with the latest technologies
• Lower environmental impact with eco-friendly data centers
• Tailor your hosting environment to your specific needs
• Access and manage from anywhere with an internet connection

£100 to £999 a server a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at annmarie@zaltek.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

484886094915466

Contact

Ann-marie Middleton
07917152994
annmarie@zaltek.co.uk

Service scope

• Service constraints: No Constraints
• System requirements:
  • N/A
  • N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to respond to all queries within one hour. ; Our offices are closed at weekends, however we will still respond to critical issues at this time.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: We operate with a single high-priority support model for all users, with access to engineers and account managers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Getting started with our cloud hosting service is quick and seamless. Upon signup, users are guided through a straightforward onboarding process tailored to their needs. They'll create an account and select a suitable plan, with options designed to accommodate businesses of all sizes.; For those requiring more flexibility, our advanced settings allow for customization of resources, security configurations, and scalability parameters. Additionally, comprehensive documentation and responsive support are available every step of the way, ensuring users have the assistance they need to succeed.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: When a contract ends for our cloud hosting service, we prioritize a smooth transition for users, including the extraction of their data. We provide a straightforward process for exporting data, ensuring that users retain control and accessibility to their information.; ; Firstly, we can utilize data export tools within the platform's dashboard, enabling us to extract user files, databases, or other stored content in a structured and organized manner.; ; Additionally, our support team is available to assist users throughout the process, offering guidance on best practices and addressing any concerns or questions they may have. We understand the importance of data integrity and security, and we ensure that the export process adheres to strict protocols to safeguard user information.; ; Depending on user preferences and the volume of data, we offer multiple export options, including direct downloads, encrypted transfers, or assistance with migrating data to another hosting provider. Our goal is to facilitate a seamless transition for users, maintaining transparency and respect for their data ownership rights.; ; Ultimately, we aim to exceed user expectations by providing comprehensive support and resources to ensure a positive experience, even when the contract concludes.
• End-of-contract process: At the end of the contract for our cloud hosting service, users undergo a structured offboarding process. They receive notifications well in advance, detailing the contract's expiration date and outlining steps for data extraction and account closure.; ; Included in the price of contract termination is assistance with data extraction and migration. Our support team is available to guide users through exporting their files, databases, and other content, ensuring a smooth transition. Additionally, users retain access to basic support services during this period, including assistance with account closure and billing inquiries.; ; However, certain services or features may incur additional costs as part of the contract ending. For example, users may opt for extended support options beyond the standard offboarding assistance, such as priority support or extended access to platform resources. Additionally, users requiring assistance with complex data migration or customization may incur consulting fees.; ; Our goal is to facilitate a positive offboarding experience while ensuring transparency regarding any additional costs incurred. We strive to provide users with the support and resources they need to seamlessly transition away from our service, while minimizing any unexpected expenses.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: We utilise several techniques and react proactively to resource issues by using the following technologies: scalability, load balancing, cacheing, and performance monitoring. These tools are used by us exactly when they are needed, so that we do not increase costs and environmental impact due to computational power draw.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: Direct call

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Databases
• Backup controls: If users have backup requirements which are not sufficiently covered by the service's included backup configurations, these can be discussed and implemented during the onboarding process.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Network monitoring services
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Network monitoring services

Availability and resilience

• Guaranteed availability: For our cloud hosting services, we guarantee a high level of availability, typically exceeding 99.9%. This commitment is outlined in our Service Level Agreement (SLA), specifying uptime targets and corresponding refunds for any service disruptions.; ; Our SLA typically includes provisions for compensation in the event that we fail to meet our guaranteed levels of availability. Users may be eligible for refunds or service credits proportional to the duration and severity of the downtime experienced. Our goal is to ensure transparency and accountability, providing users with confidence in the reliability and performance of our services.
• Approach to resilience: Our cloud hosting services prioritize resilience through redundant infrastructure, fault tolerance, and geographic redundancy. Data centers are equipped with redundant hardware to mitigate single points of failure, and fault-tolerant architectures ensure service continuity despite hardware or software issues. Data replication across multiple geographic regions safeguards against localized disasters or outages. Load balancing techniques optimize performance by distributing traffic across servers and data centers.; ; Regular backups and comprehensive disaster recovery plans further ensure data integrity and business continuity. Physical security measures, such as biometric access controls and surveillance systems, safeguard against unauthorized access and malicious activities.; ; In the event of service disruptions, our SLA outlines compensation for users based on the duration and severity of downtime, emphasizing our commitment to high availability and customer satisfaction. By prioritizing resilience at every level, we provide users with a reliable and resilient cloud hosting environment, supporting their business needs with continuous access to data and services.
• Outage reporting: We primarily use email alerts for outage reporting. Our hosted services are paired with contstant performance and uptime monitors, which are able to report to us when specified criteria is met. For example, high CPU or memory useage is reported to us within one minute, so that we can investigate and react. Service outages are prioritised and reported to us with high importance so that we can rectify as immidiately as possible.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Role-Based Access Control (RBAC): Access privileges are assigned based on job roles, limiting access to only necessary functions and data.; Multi-Factor Authentication (MFA): Users are required to authenticate using multiple factors such as passwords, biometrics, or tokens, adding an extra layer of security beyond passwords alone.; IP Whitelisting: Access to management interfaces may be restricted to specific IP addresses or ranges, reducing the risk of unauthorized access.; Audit Logs: All access and activities within management interfaces are logged and regularly audited for any suspicious behavior.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Compliant FM
• ISO/IEC 27001 accreditation date: 05/04/2023
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our cloud hosting service adheres to stringent information security policies and processes to safeguard user data and maintain confidentiality, integrity, and availability.; ; Our security policies cover areas such as access control, data encryption, incident response, and ongoing risk assessments. Regular audits and assessments ensure compliance with these policies, with oversight from our dedicated security team.; ; Our reporting structure includes clear channels for reporting security incidents or concerns, enabling swift response and resolution. Incident response protocols outline procedures for identifying, containing, and mitigating security breaches, with communication channels established to keep users informed throughout the process.; ; To ensure policies are followed, we conduct regular training and awareness programs for employees, emphasizing the importance of security best practices and compliance. Additionally, access controls and monitoring tools are implemented to enforce policy adherence and detect unauthorized activities.; ; Our ISO 27001 certification validates our commitment to information security management, providing assurance to users that their data is handled with the highest standards of security and confidentiality. Through these comprehensive policies, processes, and certifications, we strive to maintain the trust and confidence of our users in our cloud hosting service.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We track service components throughout their lifecycle using robust tracking systems. Changes undergo thorough assessment for potential security impact before implementation, including risk analysis and testing in isolated environments. Our dedicated security team reviews all proposed changes to ensure alignment with security policies and industry best practices, safeguarding against vulnerabilities and ensuring the integrity of our services.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process for cloud hosting involves continuous threat assessment through automated scanning tools and manual reviews. We promptly deploy patches to mitigate identified vulnerabilities, prioritizing critical issues. Information about potential threats is sourced from industry-leading threat intelligence feeds, security advisories, and vendor notifications. This proactive approach ensures swift response to emerging threats, minimizing exposure and enhancing the security posture of our services. We gather threat information from partnered security suppliers and product release notes.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We identify potential compromises through continuous monitoring of network traffic, system logs, and anomaly detection. When a potential compromise is detected, our automated systems trigger immediate alerts to our team for investigation.; Upon confirmation of a compromise, we respond according to predefined incident response procedures. This includes isolating affected systems, containing the breach, and initiating forensic analysis to determine the extent of the compromise and the impact on data integrity.; Our response to incidents is priortised, with a focus on minimizing downtime and data loss. We aim to acknowledge and address incidents within minutes to hours, depending on severity.
• Incident management type: Supplier-defined controls
• Incident management approach: Pre-defined procedures exist for common events, ensuring swift and effective responses. Users report incidents through dedicated channels, such as our support portal or direct communication with our team.; ; Upon receiving an incident report, our team initiates investigation and containment efforts. Communication channels are established to keep users informed throughout the incident lifecycle, providing updates on progress and resolution steps.; ; Following incident resolution, we provide detailed incident reports outlining the root cause, impact analysis, and steps taken to mitigate future occurrences. These reports are shared with users via our communication channels, ensuring transparency and accountability in our incident response practices.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: From our preferred datacenter's website:; ; In 2017 we became one of the first website hosts to be powered by 100% renewable electricity from the sun, wind and sea. This means no shady carbon offsetting, just a direct relationship between our UK datacentre and Ecotricity to power the facility with energy generated by 100% renewable sources. As we’ve expanded into additional facilities around the world we made sure they were powered entirely by renewable energy too. All of our datacentres have achieved a PUE rating of 1.2 or less. PUE stands for Power Usage Effectiveness and is the ratio of the total amount of energy used by a datacentre to the energy delivered to computing equipment. The closer to 1 the better. Our new flagship UK datacentre has a PUE of just 1.05, meaning that for every watt of energy spent only 5% is used on building infrastructure like power and cooling, with the rest reaching the servers.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are actively combating climate change through various initiatives and practices: Carbon Reduction Strategies: Implementing carbon reduction strategies across operations, such as energy-efficient technologies, renewable energy sources, and sustainable practices like recycling and waste reduction, significantly reduces carbon emissions. Green Supply Chain Management: Partnering with suppliers who adhere to environmentally responsible practices and sourcing materials locally or from sustainable sources minimizes carbon footprint throughout the supply chain. Innovation and Research: Investing in research and development of innovative technologies and solutions for clean energy, sustainable agriculture, and carbon capture advancements contributes to the broader fight against climate change. Collaborative Partnerships: Collaborating with other organizations, research institutions, and governments to share knowledge, resources, and best practices amplifies impact and accelerates progress towards common climate goals.

  Covid-19 recovery

  Employee Well-being: Prioritizing employee well-being through flexible work arrangements, mental health support services, and vaccination incentives ensures a healthy and resilient workforce, contributing to overall societal resilience. Economic Recovery: Supporting small businesses, entrepreneurs, and job creation initiatives through financial assistance, mentorship programs, and capacity-building efforts stimulates economic recovery, mitigating the socio-economic impacts of the pandemic.

  Tackling economic inequality

  We tackle economic inequality through a multifaceted approach that addresses systemic barriers and empowers marginalized communities: Diversity and Inclusion: Implementing robust diversity and inclusion policies ensures equitable representation and opportunities for individuals from diverse backgrounds within your organization. This fosters a more inclusive workplace culture and promotes economic empowerment at all levels. Fair Wages and Benefits: Paying fair wages and offering competitive benefits, including healthcare, parental leave, and retirement plans, ensures employees can meet their basic needs and achieve financial stability, narrowing income disparities within the workforce. Supplier Diversity: Partnering with diverse suppliers, including minority-owned, women-owned, and small businesses, strengthens local economies and promotes economic opportunities for underrepresented groups, fostering inclusive economic growth. Transparency and Accountability: Maintaining transparency in pay practices, promotion decisions, and corporate governance ensures accountability and helps identify and address disparities in opportunity and compensation. Collaborative Partnerships: Collaborating with government agencies, non-profit organizations, and other stakeholders amplifies impact and facilitates a coordinated approach to tackling economic inequality, leveraging resources, expertise, and networks to create lasting change.

  Equal opportunity

  We are committed to fostering equal opportunity through a comprehensive approach that promotes diversity, equity, and inclusion: Diverse Recruitment: Implementing inclusive recruitment practices ensures diverse candidate pools and equitable hiring processes. This includes outreach to underrepresented groups, unconscious bias training for hiring managers, and standardized interview protocols to mitigate bias. Equitable Policies: Developing and enforcing policies that promote fairness and equity in all aspects of employment, including recruitment, compensation, benefits, and career advancement opportunities, ensures equal treatment for all employees regardless of background. Training and Education: Providing ongoing diversity, equity, and inclusion training for employees at all levels cultivates awareness, empathy, and understanding of diverse perspectives, fostering a culture of respect and inclusivity. Workplace Accommodations: Offering reasonable workplace accommodations for employees with disabilities or unique needs ensures equal access to opportunities and promotes a supportive and inclusive work environment. Leadership Commitment: Demonstrating visible leadership commitment to diversity, equity, and inclusion initiatives through top-down support, accountability, and allocation of resources fosters a culture where equal opportunity is a core organizational value.

  Wellbeing

  Work-Life Balance: Promoting work-life balance through flexible work arrangements, remote work options, and clear boundaries between work and personal time allows employees to manage their responsibilities effectively while prioritizing self-care and personal interests. Social Connection: Fostering social connection and camaraderie through team-building activities, virtual social events, and employee recognition programs strengthens relationships among colleagues, enhances morale, and combats feelings of isolation or loneliness, especially in remote work environments. Professional Development: Investing in professional development opportunities, such as training programs, skill-building workshops, and mentorship initiatives, empowers employees to grow and advance in their careers, enhancing job satisfaction and overall well-being. Leadership Support: Modeling and promoting a culture of well-being from the top down, with visible leadership support and participation in wellness initiatives, demonstrates organizational commitment and encourages employees to prioritize their own well-being. Feedback Mechanisms: Establishing open channels for feedback and communication, such as anonymous surveys, focus groups, and regular check-ins with managers, allows employees to voice their concerns, provide input on wellness initiatives, and feel heard and valued by the organization.

Pricing

• Price: £100 to £999 a server a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at annmarie@zaltek.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.