Rock It

ROCK Cloud & Platform Services

ROCK Cloud is a highly-resourced multi-cloud environment, engineered and managed solely by our in-house teams. ROCK Cloud operates within full-private, hybrid and co-location cloud environments, and is inherently flexible to clients’ needs. Each client receives a totally isolated, secured environment, scoped collaboratively to ensure precise fit for their requirements.


  • Managed in-house, allowing it to flex to clients’ needs
  • Multi-cloud
  • High availability
  • Built on Dell EMC Ready Node hardware platform
  • N-2 resourcing
  • Protected through four-hour critical on-site response for hardware
  • 10GE, NX10GE, 40GE and 100GB point-to-point connectivity options available
  • Protected by Advanced Gateway Security Suite enabled virtual firewall
  • Tier 3+ datacentre, including comprehensive connectivity and UPS options
  • All power provided from renewable sources


  • More resilient infrastructure
  • Higher uptime
  • More consistent experience
  • Enhanced protection against physical and digital attacks
  • Responsibly resourced with lower impact on carbon emissions
  • More closely aligned with your organisation
  • Improved user experience and productivity
  • Further options for ongoing development
  • Dynamically scale environments to bespoke specifications
  • Consumption and usage reports available as standard


£335 to £1,500 a unit a day

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

8 7 6 9 4 5 2 4 0 8 4 5 6 9 4


Rock It Ian Elsbury
Telephone: 0344 310 0585

Service scope

Service constraints
We practice full transparency and any constraints will be identified through discussions with individual buyers. With the changeable nature of cloud solutions and projects, we operate in this manner to ensure that buyers are always aware of any constraints and impact, prior to contract commencement.
System requirements
Client must provide validation of software and application licensing

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our standard SLA includes a response time of fifteen minutes. This allows the incident or request to be reviewed and confirmation of the assigned priority.

We work with buyers to create a bespoke SLA which meets their needs, depending on their requirements. Response will include (at minimum) this acknowledgement, and assigned priority and ETA to incident resolution. Typical response time are:

P1 – 15 Minutes
P2 – 1 Hour
P3 – 4 Hours
P4 – 24 Hours
P5 – 72 Hours
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Support levels are tailored to each individual buyer, and agreed through a contractual SLA. To provide the most cost-effective solution, we work collaboratively to identify requirements, and define an industry-leading SLA to cover response and resolution.

Technical Account Managers and Cloud Support engineers are available in both dedicated and named capacity, which is again provided based on buyers’ individual needs.

Please refer to our provided Service Definition document for further detail on the levels of support which we offer and any related costs. Should you have any further requirements or queries, please contact ROCK directly to discuss.
Support available to third parties

Onboarding and offboarding

Getting started
We offer a seamless onboarding managed over four stages. This includes needs analysis and discovery, implementation planning and requirements, risk assessment and proof of concept or evaluation as applicable. We provide a highly-personalised service for the initial onboarding, including the use and assignment of named engineering resources fixed to the account for the duration of the mobilisation.

Needs analysis and discovery
We assign a dedicated contact to review the organisational requirements, and validate the delivery of these through the ROCK Cloud Service.

Implementation planning
We outline the project with a robust onboarding and mobilisation plan, with resourcing and expenditure considered at each gate.

Risk assessment
We assess a number of critical considerations including continuity of service, cyber security, and access information sharing to evaluate the risks prior to onboarding.

Proof of concept / evaluation
We provide limited use proof of contept environments allowing for validation of the service and user accaptance testing prior to completing the onboarding, and progressing into BAU support.
Service documentation
Documentation formats
End-of-contract data extraction
We allow for a number of means of data extraction, which is considered at the point of onboarding, and agreed prior to project sign off. The approach is adjusted inline with the intended use and function of the environment, with priority and additional considerations made when hosting live or core operational infrastructure.

We allow for a month’s grace period for all live environments for the purpose of offboarding, allowing the provider to consider and migrate or rebuild the environment on an alternative platform. Alternatively, we can support the client in this process, by utilising our engineering resource to perform the migration or rebuild to the destination of choice. Migrations are typically managed through Zerto replication, however alternative applications will be considered inline with the hosting setup.

Alternatively, ROCK facilitate the seeding of data to locally-encrypted storage media provided by the client. We will provide an indication of the specification and capacity, and assist in local encryption as required. We will provide seeding through a range of outputs including export of the individual hosted assets as OVF, OVA or VMDK formats.
End-of-contract process
We provide access to the hosting environment, connectivity and the resources allocated to the tenancy. Additional support is included for the facilitation of management of the platform, and supporting and assisting in access and delegation of control to supported users and groups, as defined during the onboarding process.

All other aspects of the hosted infrastructure will be defined and agreed throughout the onboarding process, with typical additional service inclusions comprising of Managed Boundary Security, Managed IT Service, Managed Backups, Managed Disaster Recovery.

Using the service

Web browser interface
Command line interface


Scaling available
Scaling type
Independence of resources
The ROCK Cloud platform provides a guarantee of resource availability specific to each individual client. We offer further resilience to mitigate potential impact using technologies such as dedicated connectivity, or bandwidth management and client specific QoS policies. All hardware is provisioned with a minimum standard of N+1 allowing for overall platform resilience.
Usage notifications
Usage reporting
  • Email
  • Other


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
What’s backed up
  • Virtual Machines
  • Files
  • Folders
  • Volumes
  • Databases
  • Windows Operating Systems
  • Microsoft Active Directory
  • Microsoft Exchange Servers
Backup controls
ROCK offer a consultation during the initial needs analysis to determine the backup requirement. We will consider and design a scalable plan allowing for customised RPO\RTO objectives for alternative workloads, while considering the storage and levels of resiliency needed.
Datacentre setup
Single datacentre with multiple copies
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We provide a 99.99% infrastructure-availability guarantee, excluding instances of planned and emergency maintenance. Where ROCK are required to perform emergency maintenance, we will (at a minimum) communicate this in advance through email. We will also endeavour to alert the primary account contacts, providing additional notes and guidance on the nature of the maintenance being performed.

We offer service credits proportional to the size and scale of the hosted environment, up to a maximum threshold of 10% total monthly cost. Clients will be eligible for service credits where ROCK have been unable to meet the agreed SLAs.
Approach to resilience
Our Tier 3+ datacentre setup contains a number of layers of resilience, including physical and digital security measures, diverse routing of communications, power, and 2N (N+N) topology. This provides a completely independent, mirrored system which can fully cater for operational needs, should the primary system go offline for any reason, and caters for additional demand as well as potential hardware failure.

The datacentre also benefits from a direct and private 400kV SuperGrid connection, supported by regularly tested and highly-resilient generators and UPS systems. Additionally, the datacentre utilises over 99% renewable energy from hydro, tidal and wind sources, removing reliance on foreign imports for energy, oil or gas.

For physical security, the site is protected by military-grade fencing, multiple infra-red CCTV towers and digital tripwires. Traffic management is in place at both the entrance and exit, utilising double-airlock gates. In addition, ten-ton anti-ram-raid blocks are installed between road systems and entrances.
Outage reporting
Service outages are configured to immediately alert the Cloud Support team, which generates a unique client incident onto our ITSM automatically. Each automatic incident will be sent to a predefined recipient list within the client's environment, and includes details such as the incident response number and the assigned engineer.

Each incident raised in this manner is then updated by the engineering team throughout the investigation, supporting and assisting the clients with any and all relevant updates. This would include details of the outage, the planned remediations, and the expected resolution timeline.

Following this process, we will also provide a root cause analysis, and provide further details into additional mitigations activities pursued by us, or available to the client.

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
We leverage point in time authentication, where our engineers and support personnel raise requests for change, which are validated by an independent team. Should the change request be approved, the permissions are temporarily granted, allowing the engineers to authenticate using their unique user name and password and two factor authentication code. Following the change period, any elevation and access is revoked, and further changes will need to be re-submitted for approval.
Access restrictions in management interfaces and support channels
We strictly control access and have delegation of access enabled. One specific team have the permissions necessary to change user permissions and access to the management interface, while an alternative team configures the changes. Permission management teams are prohibited from change access themselves, effectively restricting the degree of access available to any single account. We have robust auditing controls in place, where all such change requests are logged and recorded within our change request system, which is regularly reviewed by our Service Delivery Director for compliance.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
We control access to the support teams through a combined and strict approach including point in time authentication.
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
NDC Certification Services
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Third parties providing services to ROCK
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We follow a number of external and internal policies, processes and practices in order to safeguard information security for our internal operations and for buyers. Our internal policies include:
• Password
• Information security
• Access control
• Data security
• Data protection and retention of records
• Endpoint security
• Clear desk, clear screen
• Remote working
• Internet and email usage
• Business continuity and disaster recovery
• Recruitment and selection
These policies and procedures cover a wide range of information-security related operations, for both our systems and our clients’ individual systems. This includes the setting of user passwords within industry standard recommendations, verification and access for users (leveraging zero-trust and least privilege operations), use of portable media (blocked unless specifically required by role), adherence to data protection legislation and standards (and reporting procedures for any real or perceived breaches), BPSS verification of employees, and confidentiality of user, company and other critical data. Our business continuity and disaster recovery further safeguards service delivery in a number of areas.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes run through ITIL 4 change enablement and service configuration management, ensuring they meet forecast needs, are appropriately authorised, controlled and documented. This is governed by four primary principles:
1. Changes are planned and realised to provide demonstrable value and are effective, safe and controlled
2. Changes are (without exception) authorised
3. The practice does not attempt to unify all changes
4. The practice provides focus on balancing factors including risk control, value, throughput and compliance
Service configuration management further ensures that we retain accurate and reliable information regarding configuration of services and the configuration items which support them
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We leverage an industry-leading vulnerability threat detection agent, which performs monthly scans of our infrastructure environment. Each of these reports are reviewed by our cloud support team, who rationalises the report and builds in additional actions needed to address and update the service. This includes the application of new patches, or vulnerabilities identified through third parties and informed to us through the vulnerability service provider.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have a bespoke, internally designed threat monitoring process, which triggers immediate alerts to the cloud management and support teams. Alerts are raised automatically within our ITSM solution, and are investigated within 15 minutes.
Incident management type
Supplier-defined controls
Incident management approach
Our incident management practice is aligned with ITIL 4 to provide effective response and resolution for incidents. This practice ensures that we have defined processes for investigation, management and resolution of incidents, providing not only efficient but consistent service delivery regardless of the incident or the engineer responding.

Users report incidents by phone, email or our online client portal, as well as in person where we provide on-site resources. Incidents are available for viewing within the online portal at any time (with user access restricted to relevant tickets only)

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
How shared infrastructure is kept separate
ROCK Cloud and been designed and built using the leading VMware technologies, including vSphere, vSAN, vDirector, and NSX-T. All clients are provided a unique tenancy within the platform, which is specifically designed to isolate and segregate the independent environments. Access to each tenancy must be delegated through ROCK support, which includes multiple tiers of validation and verifications which are then implemented through an alternative team.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
We predominantly host the infrastructure from the CWL1 Campus (Formally Next Generation Data - NGD). The campus runs on 100% renewable energy, and is highly regarded as having one of the lowest power usage efficiency ratings in Europe.

Social Value

Fighting climate change

Fighting climate change

Every procurement and service we operate is designed to offer carbon reduction for our clients, and we practice responsible and sustainable delivery of service, including procurement and decommissioning, wherever possible.

We have numerous systems in place in order to reduce or offset our own carbon usage. We have reduced paper usage by 80% over the past two years, with this number increasing moving forward with our aim of becoming 100% paperless.

Our heating systems leverage Air Source Heat Pumps in order to eliminate fossil fuel usage within our heating systems. We also consider use of lighting:

• Dimmable and energy saving LED lights
• Motion sensors to automatically switching lights on or off

ROCK support all principles of the UK government’s sustainable technology strategy, and retain partnerships with providers such as Dell who work with the Responsible Business Alliance. Every procurement supports the strategy, seeking to:

• Minimise waste
• Embrace circular economy concepts
• Ensure efficient and sustainable resource allocation
• Social, legal and ethical compliance with our supply chain
• Decrease our carbon footprint, and encourage suppliers to do the same

ROCK advocate reduced consumption within every consultancy, especially significant within two recent projects: For one client, a UK wildlife trust, ROCK designed and implemented a VDI environment, recommending the use of energy-efficient, thin client devices, and migration to Microsoft OneNote, providing a number of benefits:

• Thin clients require reduced energy on a per-device basis
• “Hot Desking” reduced the overall device requirement
• ROCK migrated users to Microsoft OneNote, significantly reducing the need for printing (enforced by reducing user access to printers)

With savings circa 110w per device and 550w per server, total electrical savings per year have totalled thousands of kWh, providing significant reduction to tonnage of carbon emissions.
Covid-19 recovery

Covid-19 recovery

We continue to provide our clients with support, guidance and leadership in the implementation of secure agile working. We aim to help our client to adjust to “the new normal”, through close, consultative projects which analyse their current operations, and provide recommended solutions in order to provide secure and effective remote or flexible working.

During the initial stages of the Codiv-19 pandemic we offered all of our clients with a free home-working audit in order to evaluate their capabilities. With full reports and assistance delivered to hundreds of clients at the time, we continue to provide assistance to organisations and users regardless of their location. Cloud-based infrastructure has been instrumental in providing our clients with agile and remote working capabilities during the pandemic.

In addition to providing this assistance in adapting to new working conditions, we have also provided consultancy to reduce client overheads, identifying where licence usage could benefit from alternative licences, reduced licence numbers or leverage education, not-for-profit and government discounts through providers such as Microsoft, Bitdefender and others.
Tackling economic inequality

Tackling economic inequality

We provide multiple routes to work which aims to upskill local communities throughout the UK, and provide dignified employment to tackle economic inequality. In addition to recognising official certifications, we also consider demonstrable experience and references within our recruitment, offering the opportunity for progression and development.

In addition to this, we also provide a number of departments through our accessible apprenticeship program, focused on providing positive STEM representation for under-represented groups, and upskilling the local workforce.

We provide the time and funding for our team members to undergo formal third-party training wherever we identify that this might provide added value for our clients. This includes a huge variety of training courses, providing certified knowledge and experience in a number of areas. Some of the latest of these include:

• ITIL 2 Foundation / Practitioner
• PRINCE2 Foundation / Practitioner
• AgilePM Foundation / Practitioner
• CIPD Level 3 / 5
• Microsoft Azure
• VMware
• Mimecast

These capabilities are provided by a number of our internal teams, including our Service Desk, Consulting team and Projects team. All of these teams (as well as the majority of ROCK’s teams and departments) support training and employment opportunities through ongoing personal development, with access provided for apprenticeships in order to upskill the local workforce
Equal opportunity

Equal opportunity

ROCK believe in tackling inequality wherever it is found. We believe that tackling inequality is also about the welfare of employees, with our own mission to keep the workplace free from harassment, bullying, and all forms of discrimination. During employee onboarding we request that our new team members provide us with information to allow us to feed into our EDI metrics. This form is optional, but it is one that helps us reach our aim of providing truly inclusive employment, and aligning our strategies to achieve this.

We have a dedicated equal opportunities and diversity policy that is regularly updated, to ensure that we are keeping abreast of any additional inequalities or policy changes. This policy is required reading for every new employee during their induction process. The policy states our organisational commitment to providing equal opportunities, and routes for raising a complaint should a team member feel they or a colleague are facing discrimination. We review our equal opportunities and diversity policy annually at a minimum, as with all policies, practices and procedures.

All ROCK facilities are available to all employees in equal measure. Lifts are available to provide access to upper floors in both buildings, and there is step-free access to all ROCK facilities within our HQ. Our employment practices provide a 0% gender pay gap, and every employee at the same level is provided with the same salary. Salaries are reviewed bi-annually to ensure adherence to this practice.

Our approach does not end at “non-discriminatory,” we promote an actively anti-discriminatory culture. We understand that treating everybody equally is not necessarily the same thing as treating everybody fairly, and we regularly assess our organisation using the CIPD’s “inclusion health checker” tool. We also recognise the significant part that unconscious bias can have within ROCK and every workplace.


We provide our teams with consistent support for their ongoing physical and mental wellbeing. Recent advancements include subsidised wellbeing memberships, providing financial support for all of our team members to access gym or yoga classes, or any physical and mental wellbeing services.

We offer our teams a number of wellbeing benefits, over and above legal requirements, to ensure their needs are considered. In addition to benefits such as employment protection, life assurance, access to mental health assistance and financial planning. All of these services are designed to support our team members both inside and outside of the office. Over this, we provide flexible working to allow our teams to provide a working schedule which includes blended home working.

We also provide regular dynamic workload reviews, working with our teams to ensure that they are set with SMART targets. This ensures that their ongoing work targets are achievable and realistic, measuring working capacity and shifting workloads where required.

We also understand that real life doesn’t always run to plan, and support our team members by providing dynamic and flexible working, which lets them flex their work around challenges in their home life. Team leaders work dynamically with our teams where needs change, allowing them to flex in a number of ways outside regular arrangements:

• Time-off in lieu
• Ad hoc working from home
• Equality with maternity, paternity and adoption leave

We acknowledge that every team member is different, and have many varied needs to ensure a healthy work life balance and safeguard employees’ wellbeing. We tailor our approach per-employee and per team, to provide a fair and egalitarian approach to working life.


£335 to £1,500 a unit a day
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.