Just After Midnight

Amazon Web Services (AWS) Cloud Consultancy

Audits, reviews, assessments and recommendations through to full design and provisioning of your AWS environment and management as well as 1st and 2nd line support services. We can help start or optimise your Cloud journey and work independently of or collaboratively with your in-house team.


  • AWS Advanced partner
  • Specialist AWS Managed Cloud Consulting
  • AWS Infrastructure review/design
  • Third-party licensing and security provisioning
  • IAAS, PAAS or Hybrid
  • 24/7 service desk availability with our global team
  • Migration planning and support
  • Code and content author/editor support
  • CMS website hosting specialisms
  • 24 Hr Incident Management - “Eyes on” up-time monitoring


  • AWS Cloud experts offering independent advice and support
  • Collaborative approach with your team
  • Security first approach to projects
  • Available 24/7 with dedicated cloud consultants and account managers
  • Services include recommendations for security and third-party products
  • Fully managed to reduce customer staff overheads
  • Web platform experts on hand to offer the best advice
  • Best solution devised for customer specific needs
  • Each customer has their own dedicated infrastructure, no shared services
  • Ongoing AWS optimisation, management, support and maintenance services available


£550 to £1,050 a person a day

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@justaftermidnight.io. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

8 3 4 6 6 9 4 1 2 1 9 8 4 4 8


Just After Midnight Becky Willis
Telephone: 02032909247
Email: gcloud@justaftermidnight.io

Service scope

Service constraints
Standard AWS cloud hosting constraints.
System requirements
Not applicable.

User support

Email or online ticketing support
Email or online ticketing
Support response times
For consultancy services, this may depend on the urgency of a request. Emails are usually responded to same day and tickets, if used as part of the project to generate higher urgency are usually acknowledged within 15 minutes as standard SLA.
We have a 24/7 service desk providing 1st and 2nd line support across global offices so response times are unaffected by weekends/public holidays. We offer tiered levels of support which can be adjusted to individual customer needs. Just After Midnight defines SLAs for both response and target resolution times.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
AWS Cloud consultancy is a highly individualised service at Just After Midnight.
Consultancy services are usually on a fixed fee basis and can range from assessment and recommendations through to full AWS architecture design and build. Requirements and size of the project will dictate the activities and costs and will be tailored to each customer.

Beyond the consultancy element, we can manage pre-agreed AWS hosting contracts, or supply, manage, support and maintain the AWS cloud service on your behalf along with a selection of add-ons, including critical support requests such as out-of-hours deployments and infrastructure related service requests.
Costing differs from case to case, and options will vary from percentages to fixed fees.

Every customer will be given a dedicated technical account manager and AWS cloud support engineer who will work with them to consult on your cloud approach, design a detailed architecture (IaaS, PaaS or FaaS) and perform all the necessary processes to get your solution up and running.
Support available to third parties

Onboarding and offboarding

Getting started
Just After Midnight engages with customers to do a full scoping exercise. We find out the background, issues, any constraints and concerns and what a customer wants and needs to achieve. We agree access levels to enable us to review and potentially optimise the setup and agree what form of recommendations / reporting is required. Just After Midnight also works together with customer teams and offers ad hoc training as required.
Service documentation
Documentation formats
End-of-contract data extraction
This needs to be requested from Just After Midnight (following notification of termination of contract if prior to end of contract) and can be provided in any format as required. If there are server-side applications then the content and data will be transferred in the most appropriate method agreed eg, encrypted disk, via SFTP or other. This happens within 7 days of the request unless the hosting is being transferred and this is not required as they would own it.
End-of-contract process
Most consultancy contracts are fixed term with fixed deliverables and we generally provide reports/recommendations on our findings which we prefer to present face to face or via video/teleconference. No notice period is required to end a contract on its completion date and a sign off for deliverables and contract completion will be issued to the customer. Any materials or code owned by the customer and have been in use by JAM will be returned/destroyed as instructed.

Using the service

Web browser interface
What users can and can't do using the API
The code can be used to integrate it. Limitations are that it is predefined and has parameters and variables which cannot be edited.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
Other API automation tools
AWS Cloud Formation
API documentation
API documentation formats
Command line interface
Command line interface compatibility
  • Linux or Unix
  • Windows
Using the command line interface
This is not really relevant to this service, but may be downloaded and used to access servers/hosting environment.


Scaling available
Scaling type
  • Automatic
  • Manual
Independence of resources
Each customer will have highly personalised needs. Once onboarded with Just After Midnight, you will be supported by a dedicated member of our support team whose expertise best suit your needs. They will personally work with you to ensure that your needs are understood and addressed and help guide you towards the best options for your business. This ensures each customer receives the individualised service we pride ourselves on. In addition, Just After Midnight is a growing business and taking on new people as and when needed as our customer base expands to ensure that all customers are properly serviced..
Usage notifications
Usage reporting
  • Email
  • Other


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Automated scripts failure reports
  • Uptime (if agreed and set up to be measured)
  • Page Load (if agreed and set up to be measured)
  • Traffic (if agreed and set up to be measured)
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Cloud hosting including AWS and Azure, CDN and SSL providers

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • Files
  • Google Docs
  • Databases
  • Cold Repositories
  • Scripts
  • Proof of Concept environments
  • All data backed up is encrypted
  • Email and Tickets raised
Backup controls
Backups for elements of a consultancy service tend to be limited to documentation - which if using a common version such as Google Docs is version controlled and backed up constantly. Scheduled backup of a proof of concept can be set up on a request basis. This and any other specific requirements can be discussed during the scoping exercise and agreed with the customer. The retention policy will be defined by the customer as to their individual requirements.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
For consultancy services, we are available as standard during business hours though we may handover to our Singapore / Australia / US offices to continue working to a tight deadline. We have teams available 24/7 to answer queries via our service desk and SLAs are negotiable. Standard SLAs on provision of service will back to back with AWS, which offers 99.99% on the server level. The availability and SLAs for Just After Midnight will depend on the service required but SLAs are available and our usual response time to tickets raised is within 15 minutes with 1st and 2nd line support teams on hand to address any issues.
Approach to resilience
This information is available on request.
Outage reporting
Outage reporting is not usually needed whilst Just After Midnight is providing DevOps consultancy services to customers. It will however, be offered once the solution has been set up and we begin managing/supporting the hosting. Monitoring is set up to trigger alerts into Just After Midnight's dashboard software as well as raise a ticket in our ticketing system and raise an alert in our critical alerts comms channel. These take the form of an in-house dashboard, APIs from the monitoring software as well as multiple comms channels. Incident reports are created by our team when an outage occurs. This is sent to the customer within 24 hours of the incident and details the outage, the actions taken to resolve it and the root cause and recommendations (if known) by Just After Midnight.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
Active Directory is also supported.
Access restrictions in management interfaces and support channels
Each user has a role and these are permissions based controlled, whether this is in email, through the interfaces, support channels, servers and all other access channels regardless of how they are authenticated. All methods of authentication are encrypted as data in transit.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
Authentication process
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
The British Assessment Bureau
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Third party tools and services are not covered by Just After Midnight's own ISO 27001 certification. However, we do work with suppliers who undertake their own certifications.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • Third party organisations have relevant / appropriate security certifications.
  • Just After Midnight is currently working on PCI compliance attestation

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
As per ISO 27001 - including ISMS, Data Protection Policy, Information Security Policy, Maintaining Security Event and Incident Log, Access Control Policy and Information Transfer Policy.

Policies are regularly reviewed and are part of the orientation process for new starters with annual refreshers. Employees have clauses in contracts regarding information security and associated responsibilities.

Day to day - risk logs are used to assess new projects and specific as well as general risks against best practice and internally approved policies.

We have a Head of Information Security and Technical Director who manage information security, review and enforce processes, oversee training and highlight to the management team for follow-up any issues regarding information security or changes/actions required for information / approval as appropriate.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We operate a change management process and can adapt this to align with client processes to ensure any changes to scope or other elements are documented and signed off.
Configuration and Changes are subject to risk assessment including security impact and are scheduled for regular review. Approval from the technical director and senior management team as appropriate. Our processes align with ISO 27001
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Just after Midnight has anti-virus and malware protection, which are updated to the latest versions along with regular patching of OS levels. We undertake monthly vulnerability scanning for ourselves and for customers where agreed. We are also subscribed to live feeds informing of vulnerabilities to keep up to date with any potential issues. We have an emergency process to address and deal with any breaches including our internal senior management team and customer communication where appropriate. Our in-house engineers are available 24/7 meaning any potential compromises are addressed and managed in minutes. Any penetration testing results are reacted to accordingly.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Just After Midnight uses proactive and reactive methods. Our systems are protected by anti-virus and MFA encryption. Logs are regularly reviewed and monitoring tools are set up to trigger alerts for anything performing outside of expected parameters including potential Ransomware/malware attacks. As our teams work 24/7 any potential compromise is reacted to within minutes. Dependent upon the incident, it is rectified by the most appropriate measures, eg rolling back to a "safe version" and implementing additional protective measures . If appropriate, customers/third parties are contacted. We also subscribe to a number of feeds that inform us of new threats.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our incident managers provide 24/7 'eyes on' monitoring to all applications and websites. We use decision trees agreed with the customer during onboarding to guide our incident managers through the correct 1st and 2nd line support processes and procedures to respond to queries, alerts, and incidents. They are hosted on our internal platform 'Mission Control.' Our 24/7 monitoring ensures we are usually aware of incidents before you. Should you notice an issue before us, you will have a dedicated support email and phone number to contact us 24/7.
Incident reports are issued summarising incident, root cause and recommendations where appropriate.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
We use Cloud hosting rather than on-premise datacentres. Studies have shown that Cloud hosting is significantly more energy efficient than traditional datacentres.
We predominantly use Azure and AWS. Azure states that "For localized deployments, Microsoft Cloud is between 79 to 93% more energy efficient than a traditional on-premise datacenter". Also, that accounting for renewable energy, carbon emissions from Azure Compute are 92-98% lower than a traditional on-premise datacenter" and AWS which states that "customers only need 16% of the power as compared to on-premises infrastructure. This represents an 84% reduction in the amount of power required." and "Combining the fraction of energy required with a less carbon-intense power mix, customers can end up with a reduction in carbon emissions of 88% by moving to the cloud and AWS."

Social Value

Fighting climate change

Fighting climate change

Specific targets will be agreed with each customer at contract commencement, such as dedicated hours to a cause, green consultancy, or activities in the local area. However, at a business delivery level, Just After Midnight will offer wider benefits. Our services are carried out remotely, reducing carbon emissions. Public transport is encouraged for any mandatory travel. This ensures that customers working with us will have low supply chain carbon emissions. The services provided will also enable our customers to reduce their carbon emissions. For example, reduction of hardware and datacentre reliance through hosting and management. We proactively work with clients to migrate to cloud from on premise and datacentre provisioning with regular optimisation reviews to reduce environmental impact as far as possible. Resources used will be maximised through replicated use, reducing overall impact on the environment.
We review carbon emissions of our suppliers and their commitment to reducing their own so our supplier chain output is a consideration during selection. We also try to use local suppliers of hardware, office supplies, courier services wherever possible and proactively engage in recycling practices in the office with minimal waste. We are an online business and printing is rare. We are currently developing a more in depth carbon reduction plan along further improving our environmental policies and practices. Additionally, for every new member of staff hired, Just After Midnight will plant one tree to offset their carbon footprint. Therefore, through working with Just After Midnight, customers are reducing carbon emissions through a greener supply chain, and through reduction of their own infrastructure.
Covid-19 recovery

Covid-19 recovery

Specific targets will be agreed with each customer at contract commencement, such as dedicated hours to CV/interview training, work placement targets, or (re)training.
Just After Midnight is a growing business and always looking for new team members. We have always, naturally been set up to work remotely and the impacts of going into full time remote working from the first lock down were minimal. However, we made conscious efforts to have team calls every day to ensure people were not left isolated and individual check ins so people had someone to talk to if needed. This has continued with ongoing remote working. We are committed to ensuring the mental wellbeing of our team and support is always on offer.
Our remote working capability means that anyone needing to shield is not excluded. Flexible hours to work around health issues is an option we are always willing to discuss and work with individuals on. We proactively offer services to help (potential) customers to continue to provide their services through additional help and support from our own team. Working with Just After Midnight enables flexibility to effective and reliable remote working for customers. Therefore, those most vulnerable will have better access to IT services and allow efficient social distancing. Furthermore, Ultima is committed to the mental health of those working with us.
Equal opportunity

Equal opportunity

Specific targets will be agreed with each customer at contract commencement, such as targeted training, and placements. At a fundamental level, Just After Midnight’s workforce is based on people with the right skills and potential for the role regardless of disabilities or backgrounds or gender. We proactively aim to balance our team across all areas of the business. For example, we take on junior engineers whom we provide mentoring, on the job training and the opportunity to attain certifications for relevant skills. We offer remote working so mobility issues are not an obstacle to working with or for Just After Midnight.
We are measuring equality and pay to help ensure any gaps reflect only the roles and level of experience and not gender or background. We proactively work with individuals to upskill them and help them to progress higher paid work through within the business through training leading to additional responsibilities and opportunities.
Just After Midnight is committed to ending modern slavery. This is demonstrated through our Modern Slavery Policy and we are careful to check supplier practices as well as our own. Therefore, by working with Just After Midnight, customers are actively reducing risks associated to modern slavery via their supply chain.


£550 to £1,050 a person a day
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@justaftermidnight.io. Tell them what format you need. It will help if you say what assistive technology you use.