Skip to main content

Help us improve the Digital Marketplace - send your feedback

Nomensa Ltd

Google Cloud Platform managed service

Nomensa offer full-service solution for services on GCP. We provide support including initial designs, implementation of services, on-going support, and improvements. We build using Cloud Run, Cloud Armor, Cloud CDN and IAM for sustainable and green hosting of various applications.

Features

  • As much or little involvement for your team
  • Sustainable hosting, including zero and very low CO2 emissions regions
  • Horizontal and vertical auto-scaling, as appropriate
  • Service desk for single point of contact
  • Long- and short-term roadmap planning
  • Flexible investment on improvements
  • Active monitoring and incident response

Benefits

  • Ensure service reliability without a dedicated in-house team
  • Manage operational risk related to technical diversity
  • Experienced engineers who can provide strategic advice and recommendations
  • Scalable, reliable, performant services
  • Security patching and remediation of issues
  • Security focus aligned to NCSC cloud security guidance
  • ISO27001 and CyberEssentials Plus certified
  • Cost-effective, flexible approach

Pricing

£100 to £2,000 an instance a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@nomensa.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

8 3 5 4 7 0 0 7 4 1 1 1 8 3 1

Contact

Nomensa Ltd Stuart Pollock
Telephone: 0117 9297333
Email: gcloud@nomensa.com

Service scope

Service constraints
Solution dependent - to be confirmed based on requirements
System requirements
Solution specific - to be confirmed with client

User support

Email or online ticketing support
Yes, at extra cost
Support response times
1 hour
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We provide three tiers of support, offering in-hours service, out-of-hours for P1 incidents only and out-of-hours service. These include all appropriate skills and is based on the 'Live Service' lot 3 service and the SFIA rate-card.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
As a managed hosting service, we provide experts to seamlessly migrate you to our hosting environment. This will include determining your exact needs and preferences that will determine which underlying provider is the best fit for you. Our engineers will deploy a dedicated hosting infrastructure for you, and set up CI/CD code deployment.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • PPT
  • Diagrammatic
End-of-contract data extraction
We will export data and transmit this to you, or work with a new supplier to transfer directly.
End-of-contract process
An export of customer data is included. Additional engineering time follows our SFIA rate-card. Any additional services would be agreed in advance.

Using the service

Web browser interface
No
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
We use automatic horizontal scaling of compute and IO, coupled with monitoring of databases to manually scale vertically. We use a CDN and caching to minimise load on services.
Usage notifications
No

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
Firewall activity
Reporting types
Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Google Cloud Platform

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
In-house
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
The underlying hosting fabric manages the physical security of data. Any aspects held by Nomensa, such as infrastructure as code and contract administrative are stored on encrypted drives.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Code artifacts
  • Database
  • Uploaded media
Backup controls
Backups are set-up by Nomensa on the underlying hosting fabric according to user needs.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We pass on guarantees of underlying GCP service
Approach to resilience
We use containerisation to supply self-healing compute, which automatically restarts in the event of issues. We use infrastructure as code to allow disaster recovery to alternate zones or regions, in the event of major outages. More details are available on request.
Outage reporting
We produce monthly reporting on outages. We can offer email alerts or more frequent notification if requested.

Identity and authentication

User authentication
  • Username or password
  • Other
Other user authentication
Service is fully managed, all access is through support channels.
Access restrictions in management interfaces and support channels
We use Jira Service Desk's accounts system to restrict access to open tickets.
Access restriction testing frequency
Never
Management access authentication
Other
Description of management access authentication
No direct management access
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
01/11/2023
What the ISO/IEC 27001 doesn’t cover
Our ISO27001 accreditation covers all of our services
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
No
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We hold CyberEssentials Plus and ISO27001. We have an ISMS that is responsible for managing security policies and processes. We internally and externally audit our compliance.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Infrastructure is defined as Infrastructure-as-Code, which follows our secure development policy and is versioned. Security impact is evaluated through a combination of expert review and automated checkers.
Vulnerability management type
Undisclosed
Vulnerability management approach
We use software bill-of-materials generation and scanning to evaluate threats. We will work with you to ensure that vulnerabilities are patched or mitigated according to severity and priority.
Protective monitoring type
Undisclosed
Protective monitoring approach
Client-specific monitoring as agreed.
Incident management type
Undisclosed
Incident management approach
Incident management through support-desk.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
We use third-party datacentres that comply.

Social Value

Social Value

Social Value

  • Tackling economic inequality
  • Equal opportunity

Tackling economic inequality

Tackling economic inequality: Nomensa are gold-accredited Investors in People, demonstrating our emphasis on learning and development and ensuring this has impacts beyond our business and into the local community. We continue to work closely with local schools, colleges, universities and other organisations to help build the local digital skills economy for the current and next generation. Recognising the benefits of a diverse workforce, we’re committed to creating employment opportunities, particularly for those facing barriers to employment. Each year, two interns join us as part of Hargreaves Lansdown’s Strive Internship, which offers paid internships to BAME students. Organisational growth has enabled us to increase the number of apprenticeship, graduate and internship roles we offer. Since 2013, 52 apprentices, interns and graduates have developed their skills and progressed their careers with us. We also partner with charity Envision, who work with young people from less advantaged backgrounds to “make change happen whilst building their skills beyond the classroom”. Envision is a UK based charity that empowers young people from less advantaged backgrounds who are underrepresented in the world of work to develop essential skills and confidence through tackling social issues affecting their community. This year our mentor team won Mentors of the Year across the programme as well as the group of young people winning the overall award for Envision finalists 2023/24. As part of our commitment to social responsibility and community involvement, we have our Employee Volunteer Day initiative. Employee Volunteer Day is an opportunity for all employees to take a day off from work to support a charitable cause of their choice. So far, our volunteering hours include: • Supporting Bristol University outreach to school’s program providing coding and development support to events for school children. • Volunteering at career days. • Support on steering groups for Vocscur’s LGBTQ+ partnership.

Equal opportunity

Equal Opportunity: We recognise the importance of a diverse workforce and are committed to providing a working environment that is free from discrimination. We promote the principles of equality and diversity across everything we do and work to ensure that our workforce is not only representative of UK population but treated fairly and equally. As part of our E&D policy, we encourage applications and provide the support for candidates regardless of sex, race, disability, age, sexual orientation, gender reassignment, religion or belief. We know our work to meet this ambition is never finished and constantly strive towards identifying improvements to our people, processes, supply chains and environment. We continue to proactively monitor, evaluate and improve our offering, but we currently have in place the following processes: • Inclusive recruitment training and use of inclusive practices, including blind CVs, utilising alternative recruitment networks that aim to support underrepresented groups (e.g. Technojobs) and providing specialist support throughout the recruitments process, being recognised as a Disability Confident Committed company. • Early careers paths established using apprenticeship route (Level 3-Level 6) and exploring opportunities for structuring new and existing roles in line with T-level and higher apprentice frameworks. Attracting typically under-represented groups within the sector, our initiatives have already seen 52 Graduates/Apprentices since 2013. • Intern schemes, including already participating in Hargreaves Lansdown’s Strive Internship, which aims to offer up to 75 paid internships to minority ethnic students, alongside the Envision mentoring scheme, where we provide mentoring to local schools, recently winning mentors of the year 2024 and the group of young people we mentored from Digitech winning the overall event. • Employee-led working groups and assigned individuals leads, including a equality diversity and inclusion group, who proactively monitor, plan and implement new initiatives, schemes and processes.

Pricing

Price
£100 to £2,000 an instance a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@nomensa.com. Tell them what format you need. It will help if you say what assistive technology you use.