Just After Midnight

Website Hosting Architecture

Specialist AWS/Azure Cloud Hosting design, build and management services for web and applications. Expert architects will devise the best solution for your needs including timescales and budget. We will design every aspect of your hosting environment and manage everything from design and build to procurement, ongoing management, support and maintenance.

Features

• Provider agnostic web and application hosting expertise
• Skilled, experienced engineers designing cost effective, appropriate, needs based solutions
• 24/7 Managed service with UK/Australia/Singapore/US/SA based teams
• Managed AWS / Azure Cloud Consulting for ongoing optimisation
• IAAS, PAAS or Hybrid
• Remote access view
• 24/7 “Eyes on” monitoring with SLA Options
• Code and content author/editor support
• Migration planning and support
• Infrastructure and application support and maintenance

Benefits

• Review and understand current in-house practices and systems
• Independent cloud hosting provider offering unbiased advice and agency support
• Experienced hosting architects and engineers to provide optimum solution(s)
• Security first approach to projects
• Fully managed to reduce client staff overheads
• Collaborate with in-house/agency teams and upskill as appropriate
• Provision of application level support as part of managed hosting
• Each customer has their own, dedicated infrastructure, no shared services
• Experienced in multiple CMS and application specific issues
• Easy to reach, by phone, email or text 24/7

£600 to £1,300 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@justaftermidnight.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

909793707212947

Contact

Becky Willis
02032909247
gcloud@justaftermidnight.io

Service scope

• Service constraints: Standard cloud hosting constraints.
• System requirements: Not applicable.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We have 24/7 1st and 2nd line support teams across global offices so response times are unaffected by weekends/public holidays. We offer tiered levels of support which can be adjusted to individual client needs. Just After Midnight defines SLAs for both response and target resolution times. General, indicative SLAs are: P1 issues: Initial acknowledgement within 15 minutes and a target resolution time of 4 hours. P2 issues: Initial acknowledgement within 30 minutes and a target resolution time of 12 hours. We also provide P3 and P4 support levels. Clients can request specialist SLAs for events/expected traffic peaks eg application window.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support levels are less relevant to designing an architecture - for which we review what is needed and provide a fixed fee quote based on day rates equivalent to the amount of work we believe will be involved. ; There are too many variables to provide standard costs but we include single or multiple environments, licensing and implementation eg SSL and CDN etc. ; We do however, provide commitments to complete the work to agreed timescales and our 24/7 teams make this easier to complete where there are tight timescales.; Each client has a dedicated Technical Account Manager and Solutions Architect on hand to provide support as required. As it is cloud based hosting, onsite visits are rarely required. However, for consultancy and if any on premise work is required then this can be discussed.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Just After Midnight engages with clients in face to face meetings where possible as well as voice/video conferencing to undertake full scoping and onboarding activities. We look at the background, issues, any constraints and concerns and what a client wants and needs to achieve. We agree access and what level of input/collaboration is required to provide everything from architecture design, build and management to in/out of hours support or fully managed 24/7 support. We work with you to understand your brief and challenge it to ensure we are working towards the optimum solution for you. We work as independently or collaboratively as fits best with your needs and can provide documentation and upskilling for internal teams. We also provide training for any systems such as our ticketing system so you are fully equipped.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: This needs to be requested from Just After Midnight (following notification of termination of contract if prior to end of contract) and can be provided in any format as required. If there are server-side applications then the content and data will be transferred in the most appropriate method agreed eg, encrypted disk, via SFTP or other. This happens within 7 days of the request unless the hosting is being transferred and this is not required as they would own it.
• End-of-contract process: The fixed contract price will cover activities and deliverables against key requirements which can include the architecture, requirements gathering, review of any setups in place, performance and security requirements/constraints, stack preference and training. All deliverables will be agreed - this may be a documented design and spec for the architecture or full build. At the end of the contract, no additional costs will be incurred for decommissioning services. However, there is the option to extend for additional work or create a new agreement for new services eg support. Clients will be given content and data as per the end of contract data extraction response and can be provided in any format as required. If there are server-side applications then the content and data will be transferred in the most appropriate method agreed eg, encrypted disk, via SFTP or other. This happens within 7 days of the request unless the hosting is being transferred and this is not required as they would own it. If there are handover / training activities required at the end of the contract not included as part of the original requirements, then there may be an additional cost.

Using the service

• Web browser interface: Yes
• Using the web interface: During consultancy pieces, we can share documents with a client using Google Docs or other agreed mechanism which may be web interface accessible. We also have provision to manage requests through tickets and we can provide access to our ticketing system. Clients would be given log in credentials and can access the interface to edit and manage tickets as necessary. Users can create and modify tickets using simple point and click actions, but cannot delete tickets. If users require tickets to be deleted this will need to be done by an administrator. Server access is granted on user request with strict security precautions, ie IP restrictions and Two-factor authentication.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Just After Midnight has not undertaken any specific interface testing with assistive technology users. However, we use Zendesk which has been evaluated to WCAG 2.1 AA or EN 301 549 standards as of December 2019. The guidelines can be found here: https://www.w3.org/TR/WCAG21/
• API: Yes
• What users can and can't do using the API: The code can be used to integrate it. Limitations are that it is predefined and has parameters and variables which cannot be edited.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
• Other API automation tools:
  • AWS Cloud Formation
  • ARM Templates
  • Any other which may be appropriate as determined by design
• API documentation: Yes
• API documentation formats: PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
• Using the command line interface: By downloading CLI and then using the tools to gain access. Limitations would be the predefined commands and that it is not openly accessible to anyone and is set up on an individual user account basis. The command functions cannot be edited.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Each client has highly personalised needs.; Once on-boarded with Just After Midnight, you will be supported by a dedicated technical account manager and support team whose expertise best suit your needs. They will personally work with you to ensure that your needs are understood and addressed and help guide you towards the best options for your business. This ensures each client receives the individualised service we pride ourselves on. In addition, Just After Midnight is a growing business and taking on new people as and when needed as our client base expands to ensure that all clients are properly serviced.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics: Automated scripts failure reports
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: AWS, Azure and other Cloud hosting, CDN and SSL providers

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Virtual Machines
  • Databases
  • Cold Repositories
  • Scripts
  • Replicating back-up
  • Snapshot image backup
  • All data backed up is encrypted
• Backup controls: Backups can be scheduled and set up on a request basis and/or manual backups can be undertaken regularly or ad hoc. Different things can be set to different schedules. This would be discussed during the requirements gathering activities to specify what needs to be backed up. Just After Midnight always has 24/7 "eyes on" teams in addition to monitoring alerts. Planned deployments will have personnel specifically alerted to the backup who will monitor the back up in order to ensure it has been undertaken as required. The retention policy will be defined by the client as to their individual requirements.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLAs are less relevant for fixed consultancy/architecture design services but in scoping the work with you we will agree delivery timelines.; We have teams available 24/7 to answer queries and SLAs are negotiable. For follow on support, Just After Midnight commits to SLAs regarding response times and target resolution times. The exact timings vary with requirements for support and priority levels eg P1 response may be 30 minutes and target resolution 2 hours and P2 response time of 1 hour and target resolution 4 hours. Standard SLAs on provision of service work back to back with AWS, which offers 99.99% on the server level. Availability on a server-side level may be negotiated but no higher than those committed to by the provider - eg AWS, Azure; which both offer 99.99%.
• Approach to resilience: This information is available on request.
• Outage reporting: Outage reporting is not usually needed whilst Just After Midnight is providing architectural review/design/build services. It will however, be offered once the solution has been set up and we begin managing/supporting the hosting. Monitoring is set up to trigger alerts into Just After Midnight's dashboard software as well as raise a ticket in our ticketing system and raise an alert in our critical alerts comms channel. These take the form of an in-house dashboard, APIs from the monitoring software as well as multiple comms channels. Incident reports are created by our team when an outage occurs. This will be sent to you within 24 hours of the incident with details of the outage, the actions taken to resolve it and the root cause (if known) and recommendations by Just After Midnight.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Active Directory is also supported.
• Access restrictions in management interfaces and support channels: Each user has a role and these are permissions based controlled, whether this is in email, through the interfaces, support channels, servers and all other access channels regardless of how they are authenticated. All methods of authentication are encrypted as data in transit.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Authentication Process
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The British Assessment Bureau
• ISO/IEC 27001 accreditation date: 28/08/2018, latest 06/10/2023
• What the ISO/IEC 27001 doesn’t cover: Third party tools and services are not covered.; ; The certification covers Just After Midnight's services: 24-hour web support, monitoring, cloud managed services and consultancy information security management and processes. All four of JAM's global regions have been audited and certified.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: One Compliance Cyber Limited
• PCI DSS accreditation date: 03/11/2023
• What the PCI DSS doesn’t cover: We are Level 4 accredited
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Third party organisations have relevant security certifications

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: "As per ISO 27001 - including:; ISMS; Data Protection Policy; Information Security Policy; Maintaining Security Event and Incident Log; Access Control Policy; Information Transfer Policy; ; Policies are regularly reviewed and are part of the orientation process for new starters. Employees have clauses in contracts regarding information security and associated responsibilities.; ; Day to day - risk assessment methodologies are in place and used to assess new projects and specific as well as general risks against best practice and internally approved policies.; ; We have a Head of Information Security and Technical Director who manage information security, review and enforce processes, oversee training and highlight to the management team any issues regarding information security or changes/actions required for information / approval as appropriate."

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We operate a change management process and can adapt this to align with client processes to ensure any changes to scope or other elements are documented and signed off. ; Configuration and Changes are subject to risk assessment including security impact and are scheduling for regular review. Approval from the technical director and senior management team as appropriate. Our processes align with ISO 27001.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Just after Midnight has anti-virus and malware protection, which are updated to the latest versions along with regular patching of OS levels. We undertake monthly vulnerability scanning for ourselves and for clients where agreed. We are also subscribed to live feeds informing of vulnerabilities to keep up to date with any potential issues. We have an emergency process to address and deal with any breaches including our internal senior management team and client communication where appropriate. Our in-house engineers are available 24/7 meaning any potential compromises are addressed and managed in minutes. Any penetration testing results are reacted to accordingly.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Just After Midnight uses proactive and reactive methods. Our systems are protected by anti-virus and MFA encryption. Logs are regularly reviewed and monitoring tools are set up to trigger alerts for anything performing outside of expected parameters including potential Ransomware/malware attacks. As our teams work 24/7 any potential compromise is reacted to within minutes. Dependent upon the incident, it is rectified by the most appropriate measures, eg rolling back to a "safe version" and implementing additional protective measures . If appropriate, relevant clients/third parties are contacted. We also subscribe to a number of feeds that inform us of new threats.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident managers provide 24/7 'eyes on' monitoring to all applications and websites. We use decision trees agreed with the client during onboarding to guide our incident managers through the correct 1st and 2nd line support processes and procedures to respond to queries, alerts, and incidents. They are hosted on our internal platform 'Mission Control.' Our 24/7 monitoring ensures we are usually aware of incidents before you. Should you notice an issue before us, you will have a dedicated support email and phone number to contact us 24/7.; Incident reports are issued summarising incident, root cause and recommendations where appropriate.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: We use cloud hosting rather than on-premise datacentres. Studies have shown that Cloud hosting is significantly more energy efficient than traditional datacentres.; We predominantly use Azure and AWS. Azure states that "For localized deployments, Microsoft Cloud is between 79 to 93% more energy efficient than a traditional on-premise datacenter". Also, that accounting for renewable energy, carbon emissions from Azure Compute are 92-98% lower than a traditional on-premise datacenter" and AWS which states that "customers only need 16% of the power as compared to on-premises infrastructure. This represents an 84% reduction in the amount of power required." and "Combining the fraction of energy required with a less carbon-intense power mix, customers can end up with a reduction in carbon emissions of 88% by moving to the cloud and AWS."

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity

  Fighting climate change

  Specific targets will be agreed with each customer at contract commencement, such as dedicated hours to a cause or green consultancy. However, at a business delivery level, Just After Midnight will deliver wider benefits. Our services are carried out remotely, reducing carbon emissions. Public transport is encouraged for any mandatory travel. This ensures that customers working with us will have low supply chain carbon emissions. The services provided will also enable our customers to reduce their carbon emissions. For example, reduction of hardware and datacentre reliance through hosting and management. We proactively work with clients to migrate to cloud from on premise and datacentre provisioning with regular optimisation reviews to reduce environmental impact as far as possible. Resources used will be maximised through replicated use, reducing overall impact on the environment.; We review the carbon emissions of our suppliers and their commitment to reducing their own, so our supplier chain output is a consideration during selection. We also try to use local suppliers of hardware, office supplies, courier services wherever possible and proactively engage in recycling practices in the office with minimal waste. We are an online business and printing is rare. We are currently developing a more in-depth carbon reduction plan along with further improving our environmental policies and practices. Therefore, through working with Just After Midnight, customers are reducing carbon emissions through a greener supply chain, and through reduction of their own infrastructure.

  Covid-19 recovery

  Specific targets will be agreed with each customer at contract commencement, such as dedicated hours to CV/interview training, work placement targets, or (re)training.; Just After Midnight is a growing business and always looking for new team members. We have always, naturally, been set up to work remotely and the impacts of going into full time remote working from the first lock down were minimal. However, we made conscious efforts to have team calls every day to ensure people were not left isolated and individual check-ins, so people had someone to talk to if needed. This has continued with ongoing remote working. We are committed to ensuring the mental wellbeing of our team and support is always on offer.; Our remote working capability means that anyone needing to shield is not excluded. Flexible hours to work around health issues is an option we are always willing to discuss and work with individuals on. We proactively offer services to help (potential) customers to continue to provide their services through additional help and support from our own team. Working with Just After Midnight enables flexibility to effective and reliable remote working for customers. Therefore, those most vulnerable will have better access to IT services and allow efficient social distancing. Furthermore, Ultima is committed to the mental health of those working with us.

  Equal opportunity

  Specific targets will be agreed with each customer at contract commencement, such as targeted training, and placements. At a fundamental level, Just After Midnight’s workforce is based on people with the right skills and potential for the role regardless of disabilities or backgrounds or gender. We proactively aim to balance our team across all areas of the business. For example, we take on junior engineers whom we provide mentoring, on the job training and the opportunity to attain certifications for relevant skills. We offer remote working, so mobility issues are not an obstacle to working with or for Just After Midnight. ; We are measuring equality and pay to help ensure any gaps reflect only the roles and level of experience and not gender or background. We proactively work with individuals to upskill them and help them to progress higher paid work through within the business through training leading to additional responsibilities and opportunities.; Just After Midnight is committed to ending modern slavery. This is demonstrated through our Modern Slavery Policy, and we are careful to check supplier practices as well as our own. Therefore, by working with Just After Midnight, customers are actively reducing risks associated to modern slavery via their supply chain.

Pricing

• Price: £600 to £1,300 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@justaftermidnight.io. Tell them what format you need. It will help if you say what assistive technology you use.