Agilisys Ltd

Managed Cloud - PSN IaaS

Agilisys Managed Cloud - IaaS provides a UK hosted PSN Service Provider certificated Compute, Storage, Backup and ancillary services on a utility basis with ITIL and ISO27001 management processes. Designed for the UK public sector, supporting Official Sensitive information, the managed service ensures compliance and efficient use of resources.


  • PSN accredited, ISO:27001, Cyber Essentials Plus - OFFICIAL SENSITIVE
  • Managed resource; OS, patching, AV, backup and incident management included
  • Resilient across UK Tier-3 compliant locations
  • Compute, Storage, Backup and ancillary services on a monthly basis
  • Designed to integrate seamlessy withe Microsoft Azure & AWS
  • PSN accredited, ISO:27001, Cyber Essentials Plus - OFFICIAL SENSITIVE
  • Managed by UK based Security Check (SC) cleared staff
  • Tiered support - working hours to 24x365 response and remediation
  • Supports Windows, Linux, Unix guest OS's and Oracle CPU Pinning
  • Part of a comprehensive range of cloud services on G-Cloud


  • Agilisys are an experienced UK Public Sector cloud specialist
  • Compliant with PSN, 14 Cloud Security Principles, ISO27001 and GDPR
  • Accommodates systems that cannot be hosted on Public Cloud
  • Scales up and down flexibly on a pay-per-use basis
  • Rapidly deploy services across multiple cloud platforms
  • Straightforward, utility commoditised pricing, based on monthly usage
  • Ensures compliance with Official and Official Sensitive requirements
  • Ongoing optimisation, consolidation and right-sizing, reduces cloud spend
  • Clear, straightforward monthly cloud billing and management information


£40 a virtual machine a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

5 1 3 5 7 4 5 1 6 6 0 4 8 1 7


Agilisys Ltd Gemma Teagle
Telephone: 07792 169644

Service scope

Service constraints
Planned maintenance may take place between the hours of 22:00 and 06:00. Where maintenance is identified as potentially service impacting, 14 days notice will be provided to the customer.
The customer is responsible for, and remains liable for ensuring that their licensing is compliant with deployment in a virtualised cloud environment.
Where PSN connectivity is required, that the customer accepts the PSN Mandatory Obligations
System requirements
  • Operating systems must be x86 based.
  • Operating systems are current and receiving critical and security updates
  • Compliant with PSN Code of Connection if PSN connectivity required
  • Eset AntiVirus is provided and managed by Agilisys
  • VMWare and OracleVM hypervisors supported

User support

Email or online ticketing support
Email or online ticketing
Support response times
Reponse times within service hours as per selected management service are:
P1 15 minutes, P2 30 minutes, P3 2 hours, P4 4 hours
Gold - 24x365 Servicedesk and P1 Incident resolution in addition to silver
Silver - 24x365 Servicedesk in addition to Bronze
Bronze - 08:00-18:00 M-F Excl Holidays for all calls
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Agilisys operates a Service Desk to provide a single contact point for all service related Incidents, Requests and Changes. Our service desk agents are available as detailed within the Management Service option selected.

Our management options are selected on a server by server basis, including management of storage, backup and underlying network and security. Basic management layer is included within the cost of each infrastructure element and provides service desk, subscription support, billing and reporting. Each layer builds on the service provided by the layer below to provide service support options from basic incident management with working hours’ support, to proactive management with 24x7 support with enhanced service levels and a named technical lead for your service.

These management options can be selected on a server by server basis, to ensure that your tailored solution exactly meets your requirements. Charges apply per server, per month.

Gold - As Silver, plus enhanced Service Levels, including 24x7 incident management, named technical lead and architectural review.
Silver - As Bronze, plus managed Antivirus, patching, proactive and capacity management and 24x7 Service Desk.
Bronze - 0800:1800 Monday to Friday (excluding holidays) support, account management and no predefined support per server time limit
Support available to third parties

Onboarding and offboarding

Getting started
We support:
• new build of VMs;
• tool driven physical or virtual to virtual migration;
• professional services managed migrations.
New build is typically best for new projects or new implementations where a clean build will provide a useful break from previous environments. This is a process led by the customer unless Agilisys are also engaged to provide professional services via Lot-3.
Tool driven migration takes advantage of vendor supplied utilities that package existing deployments for migration. In this case, the customer is responsible for deploying the tool, providing the data to Agilisys then commissioning and testing once the images have been uploaded.
Agilisys offers broad migration planning and implementation capabilities via Lot-3. Our tailored approach enables us to rationalise and transform your systems, migrating them onto our own UK based cloud services, Microsoft's Azure platform or as a hybrid which Agilisys also offer via on Lot-1. Typically, we can accommodate >90% of legacy systems within our hybrid approach, removing the need for dedicated local data centres and releasing significant savings. Options include:
• Cloud Readiness, Cloud Due Diligence and Cloud Design
• Transformation, consolidation and optimisation
• Operating System upgrade
• Cloud migration tooling
• Legacy system remediation
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
The Customer should contact their Account Manager to cancel the service.

Our process extracts customer virtual machines from our service, transferred securely via network connectivity or via portable media, allowing you to import services on to another infrastructure.
Preparing and extracting images and data into a staging area at termination is included within the managed service price. The price of media and shipment of media to transfer data will be charged in addition to the managed service.
Further services are available to support offboarding of your service from the service and are accessible at the rates detailed within the accompanying SFIA rate card.
End-of-contract process
The customer initiates the off-boarding process via a service request.

The initial task is to define the scope of VMs and data to migrate - typically these will be VMs hosting applications that have undergone significant customisation or which hold valuable data, databases and stored data. Transactional services that will need to be rebuilt because of locally significant customisation (such as domain controllers, load balancers) will likely be excluded.
Data is extracted and either presented in a staging area of made available on portable media.
Once extracted and confirmed as received by the customer, data is overwritten and released back for reallocation to other Public Sector customers.

Using the service

Web browser interface
Using the web interface
Agilisys cloud services are managed by Agilisys on the customers behalf. Our self- service portal provides access to manage services across Microsoft Azure, AWS and the Agilisys IaaS platform. The portal provides access to:
• Power up/down and reboot, including console access onto virtual machines
• Self-provision virtual machines
• Manage allocated resources
• Access inventory and compliance information
• Access billing information
• Access right-sizing recommendations
Currently, environment build, network and firewall processes and co-located services are not supported on the self-service portal.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
Command line interface


Scaling available
Independence of resources
Our service is capacity managed to ensure that users are not adversely affected by other users. In addition, we provide uncontended memory and for larger customers, dedicated compute resources. We also validate designs for each client through a TDA approval process for their service, which would include performance requirements. Once in service, we proactively monitor and alert on service performance and share performance metrics with our customers.
Usage notifications
Usage reporting
  • Email
  • Other


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Backup
  • Patching
  • Anti-Virus
  • Cloud resource right-sizing recommendations
  • Security posture reporting
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
What’s backed up
  • Files
  • Retention of files after deletion for a predefined period
  • Retention of multiple versions of files
  • Virtual Machines VMWare & OracleVM
  • Databases including Oracle, SQL (Application specific backup clients)
  • Microsoft Exchange (Application specific backup client)
  • Microsoft SharePoint (Application specific backup client)
Backup controls
Application and version aware, our backup service also offers client defined backup policies. Defined on a per system basis, these include customised:
• Recovery Point Objectives;
• Version retention based on number of versions and/or retention period; and,
• Retention periods
Backups are stored locally on dedicated backup disks, independent of production storage, to ensure recovery performance and replicated to an offsite tape library for Disaster Recovery purposes. Using an incremental forever approach, we provide an effective method of rolling back services to a specific point in time, without the need to maintain multiple full backups of your systems.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
PSN connectivity is available.
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Service levels are determined by the Management Service and infrastructure selected by the user. Measured on a monthly billing period basis, these are detailed below:
Gold Management Service Levels
• Agilisys IaaS (excluding OracleVM)
• Agilisys IaaS using OracleVM 99.95%
• Service Level Guarantees
• 1% of the monthly charge for each 0.5% below the availability service level the whole actual service is delivered to.
Basic, Bronze and Silver Management Service Levels
• Agilisys IaaS (excluding OracleVM) 99.99%
• Agilisys IaaS using OracleVM 99.90%
Service Level Guarantees
• 1% of the monthly charge for each 0.5% below the availability service level the whole actual service is delivered to.
Approach to resilience
Agilisys PSN-IaaS is hosted in two UK Tier 3 Data Centres, these centres maintain ISO 27001: 2013 compliance. Both sites benefit from temperature and humidity management to industry standards, diverse power supply including substations and UPS, multiple carrier links, inert gas and Vesda smoke detection fire controls, 24/7 onsite security, car trap entrance to site, man trap entrance to data halls, secure delivery processes and areas and strict access control.
Within and between our data centres, our platform has been designed with a minimum of n+1 resilience across all infrastructure, services and connectivity (including network and storage) Where specified, we offer High Availability services, extending client networks between the two data centres, supporting active/standby services and Vmotion of guest servers. We also offer SAN replication between data centres.
We regularly undertake system and process maturity audits in relation to IaaS (amongst others) to ensure that our systems and processes remain fit for purpose and generate predictable outcomes. Where process outcome is less than optimal or generate unexpected outcomes, these are triaged and rectified, engaging change management where appropriate.
Outage reporting
Alerts are generated by our monitoring platform that are received by our 24x7 Operations Centre. SMS text alerts and email notifications are generated and dispatched to user stakeholders for affected services.

Identity and authentication

User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access to the management LAN is via a physically separate dedicated firewall with different contexts deployed to secure and separate the traffic. Management access is granted only to UK based engineers that hold current Security Check (SC) Clearances. Two factor authentication, and strict segregation of administrative privileges is used to further control access.
Management traffic is segregated using physically separate firewalls, physical switches and separate partitions within the secure switches.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
SGS United Kingdom Limited
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
All aspects of our IaaS and supporting Service Management are included within the scope of our ISO27001:2013 Accreditation.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • PSN Service Provider
  • Cyber Essential Plus
  • ISO27017
  • ISO27018

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
PSN Code of Connection
Cyber Essentials Plus
CESG 14 Cloud Security Principles
Information security policies and processes
The Agilisys IaaS Service is ISO27001:2013 certified and has appropriate governance and processes in place.
Certificate No: GB14/91147
Agilisys has a comprehensive set of policies and standards covering our services, these are supplemented with “How To” documents, which cover the range of services providing practical method statements for common procedures when implementing platform and client services.

Agilisys have invested in our own, UK based, PSN accredited cloud Infrastructure-as-a-Service (IaaS) platform that assures the security of information we host and manage for our customers.
We operate an Information Security Management System (ISMS), incorporating best practice guidance from SANS Top 20 CIS Critical Security Controls and Good Practice Guides, our architecture and ISMS is certified to ISO27001:2013, and we are a certificated PSN Service Provider, following the PSN Code of Connection for our cloud infrastructure services. Agilisys comply with the CESG 14 Cloud Security Principles and are certified against the Cyber Essentials Scheme.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our CMDB contains details of all the IT services delivered to our customers, together with relationships to the supporting services, shared services, components and Configuration Items (CIs) necessary to support the provision of the service.
Agilisys ensures the smooth running of operations using well-defined change management processes. Our Change Advisory Board (CAB) is managed to ITIL standards (assessed within the scope of ISO27001), with 98.5% of changes completing successfully.
Many of our processes are documented as standard changes, however service impacting or non-standard changes require a full change submission that may require communication with end customers via our service desk.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Agilisys engages accredited third parties to regularly conduct IT HealthChecks and conduct other testing of the IaaS and client environments. Timescales for implementing fixes and patches to address known and reported vulnerabilities are detailed in the Agilisys Patching Policy. Within VM's on Agilisys's datacenters ESET anti-malware and anti-virus is included in every virtual machine. Patches are deployed, once tested and signed off via CAB. Microsoft updates are received automatically. Other vendors (Adobe, Java, Citrix) are updates are assessed in response to alerts received.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Agilisys has comprehensive incident Management Processes and Security Operating Procedures in place.
A GPG 13 compliant Security Information and Event Management (SIEM) service has been deployed in addition to log capture on the IaaS Platform which monitors up to, but not within, tenant environments with logs filtered and supplied to our operations centre. The SIEM is configured in accordance with the our SIEM & GPG13 Protective Monitoring Audit Policy.
All firewalls (physical and virtual) and network switches are monitored by the SIEM tool and all Internet traffic is screened as part of a DDoS prevention system.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our Incident Management process is aligned to the ITIL Standard and has been audited and approved by external auditors as part of our ISO27001 certification.
Agilisys’ Service desk function provides the single contact point for all Incidents, Requests and Changes. Operating 24x7 the service desk agents provide core services, including help and advice, and Major Incident Management. Accessible by telephone and email, once an incident call ticket has been raised, the desk retains control of the call. Escalations and communications including updates are accessible via the Service desk.
Major Incident reports are provided for all P1 incidents within 5-working days.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
Oracle VM
How shared infrastructure is kept separate
As a dedicated offering for Public Sector users, our virtualisation uses edge appliances and firewalls deployed for internal tenant security separation.
Compute resources are allocated on a per-tenant basis or shared between tenants depending on load and security profile. When specified, Agilisys will implement the Key Lifecycle Manager software for key management and encryption of client disks using AES256 on Full Disk Encryption (FDE) drives.
Access to the management is via a physically separate dedicated firewalls with different contexts deployed to secure and separate the traffic, limited to UK based engineers that hold a current Security Check (SC).

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
Our datacentres adhere to the EU Code of Conduct for Energy Efficient datacentres.

Social Value

Equal opportunity

Equal opportunity

Agilisys is an equal opportunities employer


£40 a virtual machine a month
Discount for educational organisations
Free trial available
Description of free trial
Trial options are available, please contact us to discuss your requirements.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.