Cloud and Infrastructure Hosting Provision, Migration and Support

Coopers&Lloyds offers robust and best in class cloud hosting to develop, test and run your services on secure and cost effective cloud infrastructure. Designed to be flexible, for easy migration of applications and services. We support on-Cloud / Hybrid cloud hosting, Azure, AWS, Google Cloud all in UK data centres.


  • Bespoke cloud hosting solutions.
  • Infrastructure Hosting Services
  • Firewall, CDN, SSL, WAF, Vulnerability Scan, DDOS Protection, Penetration Testing.
  • Domain registration, data entry, content development.
  • Schedule backups. Online, off-line and off-site.
  • System updates, monitoring, ID and access management.
  • Lightning-fast cloud network: UK-based datacentre with gigabit connections:
  • Cloud Hosting
  • Cloud Hosting Migration
  • Cloud Hosting Support


  • Hosting of Infrastructure, quickly create and manage services and instances
  • Access to highly skilled specialist consultants and Experts
  • Improved business productivity and Cost effective design.
  • Reduce delivery and on boarding time, costs and risks
  • Site to Site VPN to vendors and third parties
  • Awareness and training specific to cloud services.
  • Provides a basis for infinite scalability seamless to end-users
  • Onsite and remote support for Cloud Hosting and Infrastructure support.
  • ITIL-based operations and Project management.
  • Cloud connectivity such as AWS and Azure


£350 to £1,250 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

8 0 4 8 7 7 3 1 6 8 7 1 0 3 7


COOPERS AND LLOYDS LTD sooriyakumar Coimbatore Rajendran
Telephone: 07868741771

Service scope

Service constraints
C & L provide overall service management to the customer. We pride ourselves on working closely with your management team to minimise the impact that these services will have on your organisation and offer a flexible and pragmatic service to identify suitable times for testing and implementation, including utilising sandbox / test environments, which would have the least disruption to your business operations.

Any constraints to be identified during initial consultation and Negotiable with Service Delivery Manager
System requirements
As Defined with Service Delivery Manager during consultation

User support

Email or online ticketing support
Email or online ticketing
Support response times
We respond to all questions within 8 business hours. Normal business hours are 09:00-5:00 Mon-Fri excluding UK holidays. We regularly respond to questions within 4 business hours, and we immediately work on all inbound questions to establish urgency and set appropriate priorities. We provide an SLA based on the clients’ requirements.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We will work with the Buyer and tailor the Chat support accordingly e.g. 24*7 support.
Onsite support
Yes, at extra cost
Support levels
We provide remote as well as on-site support with flexible fit for purpose fee structure. We provide technical account manager for each client.

Our Support offering is not driven by a standard service catalogue; instead it is tailored to meet your specific needs to provide the right level of support to meet your business requirements.
Support available to third parties

Onboarding and offboarding

Getting started
We provide a User Documentation pack for users of our Services.
All staff performing services has received extensive onsite training.
Apart from these, we also provide a handover training to customer users once the service is setup which will enable client users to get started quickly on the system.
Service documentation
Documentation formats
End-of-contract data extraction
Users may take advantage of our online data tool or make a request and data will be provided to them and in some cases, the customer is responsible for extracting all data prior to the contract end.
End-of-contract process
At the end of the contract, the access of the users to application will be removed. Customer proprietary documentation access to the users should be revoked. All the revoking steps must be documented and signed off by the customer. In Flight project, documentation and knowledge transfer is provided to the customer and the new vendor in a series of arranged sessions. All documentation regarding the customer environment is handed over to the customer.We also provide a transition to the vendor who is taking over the management of the system and the scope of services being provided under the current contract.

Using the service

Web browser interface
Using the web interface
Our web interface can be used by all clients to view, manage and respond to support tickets. Self-managed customers can also use our web interface to manage their database and uploaded files and to view their log entries.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
Basic Testing
Command line interface
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
  • Other
Using the command line interface
Resource and configuration management can be done through the command line interface. All functionalities for the resources under management are done through the provided web interface.


Scaling available
Scaling type
  • Automatic
  • Manual
Independence of resources
Our hosting environment automatically scales to accommodate usage and extensive workforce planning is undertaken to ensure suitable support resources are available during peak times.
Usage notifications
Usage reporting
  • API
  • Email
  • SMS
  • Other


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller (no extras)
Organisation whose services are being resold
Amazon, Google Cloud, Microsoft, Plesk, Cloudflare, Fastly, Sucuri, Litespeed, R1soft

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • Full solution backup
  • End to end cloud infrastructure backup.
  • Bespoke backup service considering client's RTO and RPO needs.
  • Online, off-line and off-site backup services.
  • Automated or manual backup operations as needed by client.
  • Granular backups on or off server, server of database(s)
  • Granular backups on or off solution of files
  • Routine backup testing service.
  • Backups on or off solution of email
Backup controls
Backup schedules are agreed in advance with the users. During the contract, changes to the schedule are enabled through change control
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
We offer industry standard availability. The standard SLA's are negotiated during the contract negotiation stage and we have a proven record in meeting those SLA's.Provision of support for high severity incidents (Priority 1 and 2) through on-call resources, out of hours on a 24/7 basis including weekends and Bank Holidays.P1/2 24/7 on-call service with extra costs as an optional additional service. This is not included and subject to contract or variation.
Approach to resilience
We will discuss with client to provide the resilient with a different data centre with various zones.
Outage reporting
Email alerts, API triggers, Phone alerts, Private Dashboards and Dashboards through internal TV monitors. Notifications in the web services and service update via internet.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
IP restrictions, two factor authentication of approved users and protective monitoring/logging, RBAC, Strong Password, VPN Access to the cloud OPS account
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We work on all Information Security Policies and Processes and GDPR levels of security which are well documented. Authorised users have thorough training on these policies, and we conduct regular security checks to ensure that these are being followed completely.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Both the Customer or C & L may request change to the original scope of work at any time using the Change Request (CR). All CR details are recorded in a Change Log. Each CR will be analysed in terms of impact on the original scope, schedule, cost, effort, and quality. The increased scope of work on project schedules and/or planned resources will be assessed.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We keep our services under constant review. We monitor open-source intelligence and vulnerability disclosure lists in order to discover new vulnerabilities. We also proactively seek out vulnerabilities in components we use and disclose them responsibly. We treat security updates as high-priority work. The vast majority of routine updates, including security updates, are automatically applied to production machines. We regularly carry out penetration testing, both on behalf of our clients and of our own, and use the results to harden and improve our services, and to model new potential threats and attacks.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We monitor a wide variety of metrics across our infrastructure. We also monitor for anomalous log events and review these alerts centrally. As necessary, we also carry out investigations into underlying issues, and take appropriate remedial action. We respond to these issues as they arise during business hours, at the start of business hours for non-emergency alerts, and 24/7 for critical alerts. Through Emails, monitoring tools and by automation process.
Incident management type
Supplier-defined controls
Incident management approach
We have defined incident management process where users can report incidents. Details available upon requests.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
How shared infrastructure is kept separate
We use the latest cutting edge technology to logically isolate client environments from each other while on the shared public cloud. The logical partitioning divides hardware resources among clients thereby keeping them separate and secure from each other.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
Disclosed upon application

Social Value

Fighting climate change

Fighting climate change

We at Coopers and Lloyds (C&L) are committed towards Fighting climate change.


£350 to £1,250 a unit a day
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.