Advanced Data Platform and Managed Services

Servita’s industry leading architects have a proven track record of identifying and creating optimum solutions to what are often very complex business problems. Our Advanced Data Platform and Managed Services provide high performance, infinitely scalable and secure cloud-hosted data services.


  • Vertical and horizontal auto-scaling to keep response times low.
  • Advanced trace identification, monitoring, and alerting.
  • Interoperability through API/interface standards such as FHIR.
  • Connectivity Options: N3, HSCN, Janet, and many others.
  • Automated deployment, scaling, testing, and monitoring.
  • Systems integration to eliminate need for data store and management.
  • DevOps to system orchestrate fast delivery of applications and services.
  • CI/CD (Continuous Integration/Continuous Delivery or Deployment).
  • Data Exchange, in formats such as XML, and more.
  • Cloud and Solutions Architecture, giving access to cloud computing.


  • Reliably access the system due to high availability/ CI.
  • Achieve cost efficiencies, through automatic scaling around system demand.
  • Exchange information across different devices, due to platform agility.
  • Access data from multiple sources, speedily integrated and aggerated.
  • Transfer offline data to online using dataset onboarding.
  • Investigate anomalies and confirm relationships, through data interrogation.
  • Utilise our exceptionally managed service standards.
  • Support business or operational needs through fast integration.
  • Quickly and easily access information anywhere, utilising internet connectivity.
  • Safeguard data through our trace identification, monitoring, and alerting.


£7,000 to £77,000 a unit a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

5 2 0 7 7 5 8 0 8 7 7 3 8 7 2


Telephone: +447918722104

Service scope

Service constraints
Patch support for a typical Kubernetes release often comes with approximately 1 year of patch support as standard. Any upgrades to this package, which include longer timeframes of patch support, may incur a one-off upgrade fee. A further constraint surrounds the fact that Servita cloud environments are typically fully private and secure. This means that the client may need to set up a site-to-site VPN, in order to access private cloud resources.
System requirements
  • Middleware licensing (if any) to be covered by the client.
  • Minimum two EC2 per Kubernetes cluster to achieve high availability.
  • Access to the system requires an internet connection.
  • Either AWS or Azure cloud hosting accounts.
  • GitLab for VCS, IaC state storage and CI/CD pipelines.
  • ArgoCD and optionally ArgoCD rollouts for K8s CD deployments.

User support

Email or online ticketing support
Yes, at extra cost
Support response times
We respond to all tickets within the same day of their issue. In the event that tickets relate to high severity faults, we will respond, and diagnose the issue, using our technical consultants. Response times in this case, through our previous experience, have shown to take up to 2 hours. These response times do not alter with respect to weekends, as they are typical across the whole of the week, not just weekdays.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Servita provide three support levels, basic level support, developer level support, and business level support. 1. Basic level support - This level of support offers 24/7 customer service, from our internal customer engagement team, as well as support forums. These features will offer cross-applicational support to clients when needed. Further to this, the basic level of support provides 4 Core “Trusted Advisor” checks and a personal health dashboard. Associated costs: No TAM (Total Addressable Market) - Free. 2. Developer level support - Our developer level of support offers all of the support within the basic level of support, as well as one extra benefit. This additional benefit entails access to Technical and Architectural Cloud Support Associates. Here, clients can contact Associates via email, utilising one primary contact within their company. Associated Costs: No TAM (Total Addressable Market) - 5% x monthly AWS usage. 3. Business Level Support - Servita’s business level of support offers all of the support included within the developer support package, with the following additional extras: 24/7 access to PaaS Support, via email and telephone, and Case management support. Associated Costs: TAM, above £480 or cost percentage (pm). We provide Cloud Support Engineer.
Support available to third parties

Onboarding and offboarding

Getting started
Servita will conduct an initial discovery session to understand requirements, constraints, and ways of working. We will tailor our services to strike cohesion with clients and ensure desired outcomes are achieved in a way that generates high levels of customer satisfaction. The output of the initial discovery will be a Servita Methodology Matrix which plots all key deliverables, their accountable owners, their purpose and at which stage they will be delivered to which areas of the client team(s). User documentation including any system protocols and procedures would be produced in Confluence and/or Swagger and Users would be given access to Servita shared repositories as required.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Online libraries.
End-of-contract data extraction
At contract end, users can extract and export their data in JSON, CSV and SQL formats. Service and Security Management Logs can also be retained and stored according to customer requirements. Typically, Servita would co-define with the client, an exit strategy that captures the details and protocols that will be followed at contract end. Data extraction forms part of the strategy, ensuring we fully meet client expectations. To protect data integrity and security, Users are requested to provide requirements for how the data is extracted and stored in a way that complies with industry best practice and Government security policy. Servita will support the entire data extraction process including any reconciliation checks should they be required between source and target databases.
End-of-contract process
Preparation, hardening and full implementation / live service of the platform is included. Training of the base components, release and configuration management protocols and handover of the DevOps practices are included in the price. Training, TNA, Guides and strategic roadmapping for bespoke elements are subject to impact assessment and would be provisioned via Servita Consultants. Should there be a need to transition the platform and/or migrate data, Servita will work with the client to co-define an exit and migration plan that ensures all requirements are captured and agreed thus enabling a smooth and well executed transition that meets with client expectations and needs. All data, license/user accounts and technical artefacts will be delivered to the client.

Using the service

Web browser interface
Using the web interface
Users can access trace monitoring, alerting and logging components to get full visibility of activity and health across the platform. This is achieved through a selection of OpenTelemetry made available to the customer and the usage of either Azure or AWS’s native monitoring solutions.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
It is not known what accessibility standards these components adhere to.
Web interface accessibility testing
Servita have not conducted any web interface testing with assistive technology users, but we believe the software providers carried this out.
What users can and can't do using the API
Depending on requirements, API’s can made available for Users to make changes such as setting internal and external connection points / environments, setting rate limits and configuring exclusion rules. We would encourage users to gain increased interconnectivity between their systems using the platform and as such we can provide automated validation tools that check formats and expected versus actual responses. There are CLI tools for interacting with AWS, Azure and Kubernetes, but we would not give access to this to Users in order to retain platform integrity.
API automation tools
  • Ansible
  • Terraform
API documentation
API documentation formats
  • HTML
  • PDF
  • Other
Command line interface


Scaling available
Scaling type
Independence of resources
Servita work to guarantee users aren’t affected by the demand other users place upon our service in two ways. The first of these, is by ensuring that deployments are made in isolation from one another. This means that customers will be separated to ensure the performance of our service when there is collaborative demand from various areas. Secondly, we guarantee that users aren’t affected by the other user demand on the service by ensuring that clients have dedicated cloud-hosted solution provisioning. This allows us to deploy cloud resources flexibly, in order to scale up when usage spikes.
Usage notifications


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Other data at rest protection approach
Servita have a range of tools and techniques to protect data at rest, such as the below.

Semantic Keys are used to encrypt sensitive data into ciphertext while stored in a database and decrypt it to plaintext when accessed by an authorized user, and vice versa.

Data pseudonymisation and obfuscation is achieved via our iData tooling enabling Servita Data Engineers to configure data protection according to explicit business and exclusion rules.

Servita also have a range of Tokenisation and Encryption tools and methods at our disposal including AWS KMS, CloudWatch and CloudTrail for active and proactive monitoring of data protection.
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • Virtual Machines
  • Kubernetes Clusters
  • IaC States
  • Cloud Resources (EC2, RDS etc.)
  • Databases
  • File Storage
Backup controls
Servita offer clients control over which backups are performed by agreeing upon this in advance of the outset of services. However, standard resources are backed up automatically. Clients can also request changes to their back up requirements. This will be requested via email, in order to meet compliance and requirements.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Users can be refunded by a number of means including credit note repayments or discounted monthly fees subject to the terms of the agreement with the client.
Approach to resilience
Available on Request.
Outage reporting
Servita place our clients at the heart of everything we do. That is why we are committed to reporting any outages reactively and appropriately. In order to ensure that all clients are fully informed on any details surrounding service provision, we will report all outages promptly in the following forms: SMS, Email alerts, Webhooks, Public dashboards if required. This option will incur an additional cost. Outages are reported to the client immediately with service recovery updates provided at least once every 30 minutes. Service recovery updates may be provided by our Cloud Support Engineers via phone, SMS or email.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Servita restrict access in management interfaces and support channels, by using IAM to provide access control to cloud services. We also utilise RBAC (Role Based Access Control) permissions, which are assigned to all individual IAM management accounts in order to further enhance cluster level access restrictions. Finally, we implement K8 as a control across our service, with respect to this. All of these factors ensure that management interfaces and support channels have the required restricted access necessary for safe, excellent performance.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Certified Quality Systems (CQS) accredited the certification
ISO/IEC 27001 accreditation date
July 2020
What the ISO/IEC 27001 doesn’t cover
Any bespoke and/or visualisation layers to the platform would not be covered under this certification.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Security Plus
Information security policies and processes
Servita’s goal is to provide secure, scalable and future proof solutions to UK Gov. As such Servita have implemented an Information Security Management Systems (ISMS) at the forefront of their QMS, containing policies and procedures for considered and controlled management of sensitive data, systems, services and processes. Our ISMS uses the 27001 and Cyber Essential Plus standards as a baseline. Our ISMS covers every aspect of the services we provide including: Access Control, Anti-virus, Malware and Threat Detection, Backup and Recovery, Data Loss Prevention, Data Protection, Password Management, andPersonal Conduct. Servita’s Information Systems Manager is responsible for all staff inductions, information security training programmes and for ensuring all services are carried out in accordance with our ISMS. All breaches of information security, actual or suspected, will be reported to the Information Systems Manager, who is responsible for maintaining the security policy and providing advice and guidance on its implementation. All business managers are directly responsible for implementing the policy within their own areas and for adherence by their staff. It is the responsibility of each member of staff to adhere to this policy.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Servita track changes using internal change management governance, which forms part of our QMS. Our Change Control Policy is available upon request, as is demonstrations of how the policy is implemented through the platform. DevOps tooling supports a part of our change and configuration management process. This ensures a secure, yet auditable record of any changes made to the service, technology stack, or code base. Finally, all significant changes are reviewed by the Change Advisory Board, which delivers support to the Change Management Team, whose purpose is to review any requested changes and assess change/update prioritisation.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Servita will adhere to the service pack update and patching processes as defined in their ISO27001 information security policy. Patch/release deployment is pre-configured and built into our PaaS code, in order to enable release implementation at the node/pod/cluster level. This enables Servita to achieve 0 down time. Patches can therefore be deployed immediately after approval is obtained from the Change Advisory, and Information Security advisory boards. This ensures that we can reactively deploy patches where needed. Furthermore, Servita subscribe to Norton 360 and Microsoft Security Insider threat/vulnerability intel boards to remain abreast of emerging threats.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Servita PaaS holds built-in security monitoring and alerting tools, which ensure that we can protectively monitor our service. Additionally, DataDog handle all trace ID’s, logging and alerting across all nodes and pods. To enhance this further, we also utilise CloudWatch, which protects data at rest, using encryption. All security incidents are responded to immediately. In the event that a potential compromise has been detected, our policy is to notify the client. This step is taken in parallel to the performance of an in-depth risk analysis. Both the results of this analysis, and client direction will determine our action plan.
Incident management type
Supplier-defined controls
Incident management approach
Servita record and manage Incidents as per our security incident policy and response procedure, and thus operate pre-defined processes for common events. Incidents can be reported by users via email, SMS or telephone. Our Live support services team will then perform root cause analysis on any incidents that occur, with corrective and preventative action plans documented and implemented to prevent or reduce the probability of the incident reoccurring in the future. Following this, Incident Reports are then shared with clients within 24 hours of the incident occurring, using communication channels such as email, SMS and telephone.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Third-party virtualisation provider
AWS EC2 and Azure VMs
How shared infrastructure is kept separate
Servita’s service operates in a segregated from, whereby client infrastructure, including the infrastructure of the network is physically segregated from other organisations. This means that different organisations do not share the same infrastructure, and thus, do not need to be kept apart.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
In compliance to the EU Code of Conduct for Energy Efficient Datacentres, we utilise Microsoft and Amazon cloud computing, which reduces the IT load of the operation. This ensures that we reduce energy consumption in a cost-effective manner. Microsoft are committed to reducing the environmental impact caused by the energy use of their products. As such, they comply with the EU Ecodesign Directive for Energy-related Products (2009/125/EC) and its implementing regulations ("Ecodesign Directive") when applicable. Our devices comply with the European Commission's Regulation for Standby and Off Mode Power Consumption for Electronic Household and Office Equipment. In doing so, they have integrated into their strategy, methods which will reduce the energy consumed by their equipment. Similarly, businesses in Europe can reduce energy consumption by up to 80% when running applications and services through AWS cloud as opposed to operating dedicated data centres. Amazon are also committed to purchasing 100% of its energy from renewable sources resulting in a potential 96% reduction in carbon emissions for an average workload being handled in our AWS cloud platforms.

Social Value

Fighting climate change

Fighting climate change

Servita are committed to helping fight climate change and reduce waste, and work in tandem with ISO:14001 to ensure that we act sustainably to reduce our carbon footprint. As such, we have already seen huge reductions in our carbon footprint for 2022 due to our efforts to aid the government in their 25 Year Environment Plan. Recently many of our operations have adapted a more remote approach, with less people spending time in the office. This has meant that our carbon footprint has reduced significantly, as many of our staff work offsite, and do not have to travel into the office, reducing carbon emissions company wide. Additionally, with many staff members choosing to work off-site, we have been able to reduce energy consumption onsite, further reducing our business-wide carbon footprint. In office, Servita operate a shared workspace policy in our London Office, for those who desire to, or are required to, work on-site. This office not only adheres to energy saving policies but is also shared. Consequently, there are no dedicated gas or electricity utilities, reducing our energy output. Further to this, our shared workspace is managed by TOG, who mandate that all waste is segmented for recycling. This ensures that we operate excellent waste management, by recycling and reusing materials where possible. In order to monitor compliance with our Environmental Policy and Procedure, we provide training to staff around sustainable practice at induction, and within yearly refresher training. We also monitor KPIs regularly. For example, we will aim to increase the amount of waste taken to landfill year-on-year. In order to measure this, we will monitor the weekly amount of waste which has been recycled, and utilise the DMAIC (Design, Measure, Analyse, Control) method.
Covid-19 recovery

Covid-19 recovery

Servita are committed to supporting people and community recovery from the impacts of COVID-19, and as such aim to aid the wider community through our everyday operations, in the aftermath of the pandemic. In order to contribute to community recovery following COVID 19, Servita offer flexible and remote working. We place no pressure on staff to attend our on-site offices, and give them the option to work from home as they please. This means that in cases of mandatory isolation, or family members taking ill, they are able to work from home. Within the office we operate social distances guidelines, and all of our communal spaces have sanitising gel. Servita also display helpful resources around the office, on posters and bulletin boards, which include information about COVID 19, and how staff can safeguard themselves within the workplace. This means that, as we move towards COVID 19 recovery, staff can take any protective measures they desire to feel safe within the workplace. In aiding and supporting the local community in COVID 19 recovery, Servita also sponsor many local youth development events. For example, we currently sponsor a local Under 16s Football organisation. In doing so, we hope to support local organisations, such as this, to recover from the impact of COVID 19. In order to monitor and ensure compliance with COVID 19 recovery initiatives, we offer induction training which covers our COVID 19 efforts. For example, all staff receive training which covers our social distancing guidelines and how to contribute towards our goals with COVID-19 recovery. Servita also review our COVID policy and procedures once per year and regularly hold feedback sessions with staff around what is/isn’t working well for them. This informs any proposed changes to policy and procedure for future.
Tackling economic inequality

Tackling economic inequality

Tackling economic inequality is something Servita are passionate about. As such, we are committed to promoting this within all of our operations, to contribute to the betterment of wider society, and the economy. In order to internally tackle economic inequality, we offer paid leave to employees, so that they may attend sponsorships or undertake voluntary days with local community charities and organisations. Depending on contract value, Serita also allocates a percentage of net profit to charities such as Centrepoint Youth Charity, which is the leading charity for homeless people. This charity, among other things, aids young people to gain skills from training courses, in order to prepare them for future employment. Thus, in donating to them, Servita hopes to aid towards addressing economic inequality. In another effort to tackle economic inequality, we monitor fair trade closely. This is operated through Servita’s Commercial Director, Rachel Flower, who reviews and amends supply chains, to ensure that fair trade is maintained throughout. Through this, we hope to contribute to social value, by aiding in the challenging of economic inequality worldwide. Servita operate training programmes through our training partners, to help develop and foster the skills of our valued staff. Our core training programmes include: Association of Project Management – APM-P and APM-PQ, Managing Successful Programmes (MSP), AWS Cloud – Business Professional, AWS Cloud – Technical Professional, AWS Cloud – A Well-architected Solution, AWS Cloud – Data Analytics, CITI Certified – Supplier and Contract Management.


£7,000 to £77,000 a unit a month
Discount for educational organisations
Free trial available
Description of free trial
We can offer free access to monitoring and trace activity dashboards and can potentially create mock API endpoints to demonstrate functionality and/or message response types. This is subject to requirements and feasibility.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.