Managed AWS hosting
A fully managed AWS hosting service. We can provision and configure a highly available, high performance server layout for your PHP application. Alternatively we can take over the running of your existing AWS services. We'll manage your environments, manage your backups, manage your users, audit your security, manage incidents, etc.
Features
- AWS Select Tier Consulting and Public Sector partner
- Dedicated hosting team in four timezones
- Real-time intrusion and service monitoring systems
- Rapid response to emergency security incidents
- 24/7/365 monitoring available
- Rapid scaling options available
- SLA backed support response times
Benefits
- Tailor-made for high performance / high uptime requirements
- Disaster Recovery built in
- Infrastructure changes strictly controlled
- High level of security in both software and hardware configurations
- 10 years of experience hosting some of Europe’s busiest websites
- Streamlined invoicing through a single supplier
Pricing
£180 an instance a month
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
9 2 5 6 2 1 6 7 6 8 1 7 7 6 2
Contact
Code Enigma Limited
Greg Harvey
Telephone: 020 3588 1550
Email: sales@codeenigma.com
Service scope
- Service constraints
- We can only support sites using version control. Clients and their services are required to conform to our ISO 27001 information security policies. We work as a distributed team so will not normally work onsite. Security in our hosting service is a shared responsibility between Code Enigma, Amazon Web Services (or other hosting provider), and the client.
- System requirements
-
- We're unable to support Windows servers
- Debian Linux specialists - other versions may require migration
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Our Service Desk is available 24/7 for users to submit issues, requests and report incidents. Our UK/EU based team is available from 8am to 6pm (UK). Response times are as follows:
Urgent - within 1 hour - e.g. Unavailability of the entire system.
High - within 4 hours - e.g. Unavailability of a key module or major function, causing significant business impact.
Normal - within 1 working day - Problems causing inconvenience, minor disruption or restricting performance.
Low - endeavour to respond within 2 working days - Non urgent problems, cosmetic or general enquiries for information. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Our web chat tool, Mattermost is WCAG 2.0L compliant. For meeting Web Contact Accessibility Guidelines 2.0 (WCAG), Mattermost has received a third-party “A” rating and is working towards an “AA” rating. https://docs.mattermost.com/overview/compliance.html#accessibility-compliance
- Web chat accessibility testing
- None
- Onsite support
- No
- Support levels
-
All clients have access to the same level of support and Service Level Agreement.
Code Enigma provides all clients with secure, authenticated access to our management dashboard. From this, you’re able to manage your users, access instant chat services, view live systems status dashboards and use our secure file sharing.
This also enables access to our Service Desk which is based on the open source, issue management tool, Redmine.
Our Operations team oversees contract and relationship management for all clients, including scheduling and chairing regular service reviews. These are an opportunity to review and discuss any key issues/incidents, improvement suggestions/requests and problem/root cause analysis. They are also an opportunity for qualitative feedback on how we deliver our services. The frequency of these reviews is agreed with you, but we typically meet with clients monthly. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We provide training, support and maintain a detailed FAQ.
- Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- Users have full service access and can extract their data however and whenever they wish. We can also provide final capture of data in certain formats, to be determined when contract is signed.
- End-of-contract process
- The AWS account being managed will have the billing details changed so it belongs to the user and is paid for by the user. The user may then either cancel the account or continue their services, if they so wish. If Code Enigma did not create the AWS account, we will simply cease to manage the service.
Using the service
- Web browser interface
- No
- API
- No
- Command line interface
- Yes
- Command line interface compatibility
- Linux or Unix
- Using the command line interface
- Once servers are set up clients can have full SSH access to those servers. Client administrators can decide how much access other members of their organisation may have. Client administrators have 'sudo' access on all servers, so are unrestricted in their access.
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- Each user has their own distinct and separate AWS account, there is no shared infrastructure between users.
- Usage notifications
- No
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- Memory
- Network
- Number of active instances
- Other
- Other metrics
-
- Full access to AWS CloudWatch
- Dedicated Prometheus monitoring server
- Reporting types
-
- API access
- Real-time dashboards
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- Amazon Web Services
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Disk volumes
- Databases
- Backup controls
- Users can request a change to backup schedule by raising a ticket in our service desk.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users contact the support team to schedule backups
- Backup recovery
-
- Users can recover backups themselves, for example through a web interface
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
99.99% uptime guarantee on AWS services calculated month on month:
between 99.90% and 99.99% - 10% refund
between 95% and 99.90% - 30% refund
below 95% - 100% refund
99.95% uptime guarantee per server on software, excluding planned maintenance. Credit is prorated on outages covered by the SLA. - Approach to resilience
- We use AWS autoscaling technology to ensure there is more than one server available, where budget permits. We also use AWS Availability Zones (data centres) to spread infrastructure across multiple physical premises, to guard against issues with any one data centre. We can, on demand, also run multi-region resilience, e.g. infrastructure in London and Dublin.
- Outage reporting
- Each user has their own Prometheus monitoring service and access to AWS CloudWatch alarms. Both can be configured to alert via API or email. The user will also have their own private dashboard, provided by Prometheus.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
- Access restrictions in management interfaces and support channels
- We have a roll-based user management system and separation between staff and users via a network of Groups. We use these Groups to only allow technical staff and designated user administrators access to management interfaces. Similarly, only designated Groups may access a user's support services. The user's administrators can self-manage the members of the various groups and add and remove users as they see fit.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
- Devices users manage the service through
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- NQA Certification
- ISO/IEC 27001 accreditation date
- 30/08/2023
- What the ISO/IEC 27001 doesn’t cover
- Areas of HR and Finance teams that deal with company data
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- All relevant information security policies are under document control, stored in our file management system and can be found via our Document Register. This is available to all employees. Key policies are highlighted to employees as part of onboarding and ongoing training. Links to key policies for third parties are incorporated into contracts. The members of the management team are identified through the People Chart and Roles and responsibilities documents. More extensive information relating to management responsibilities for the ISMS are given in the Management Team Terms of Reference and QMS/ISMS Management operations process. Aspects of these process are highlighted to all employees as part of general awareness training, while management have a specific awareness module on management responsibilities. We have an Access Control Policy that determines the access to information and systems based upon business requirements. The parameters for secret authentication information are set out in the Acceptable Use Policy and apply to all users (employees and third parties). The use of cryptographic controls is defined in our Acceptable Encryption Policy. The implementation of information security in development is defined in our Secure Development Policy
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Changes are defined in the Change Control Policy and the process for handling change is dependent on the context. The Case Tracker is used widely to track change requests. System changes are also tracked through commit logs in GitLab. Other supporting process documentation is linked to from the Change Control Policy. Code Enigma has defined 3 types of change: Standard changes (low risk, a risk assessment should be performed in the first instance); Emergency changes (may occur in response to a cyberattack, discovery of a vulnerability or bug, or data breach of any kind); Managed changes (follow set procedure)
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We use CVE tracking software to get alerted to vulnerability reports relating to software we operate. We aim to deploy patches within 12 hours, wherever possible and if patches are not yet available we will implement mitigations when available. All information comes from the MITRE Corporation CVE database.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We operate numerous pieces of software to identify compromises, notably rkhunter, OSSEC IPS and ClamAV. If a potential compromise is discovered the server is immediately isolated for investigation and a security incident is raised. We aim to achieve this initial response effective immediately on discovery. After that, speed of response will depend on the nature of the incident and the wishes of the user. If we have reason to believe laws have been broken it will be necessary to inform law enforcement, and the affected infrastructure may not be touched by anybody until released.
- Incident management type
- Supplier-defined controls
- Incident management approach
- We've developed a Security Incident Management Policy which includes definitions and examples of security incidents, events and vulnerabilities. There are guides for how to report an incident, and what action Code Enigma will take when a report is recorded. Reported events will be assessed on a case by case basis, and a qualified member of the Management team will determine if a reported event is an incident. In the event of an information security incident, it will be assessed and entered into the case tracker by a member of the Management team, following our Corrective and Preventive Actions (CAPA) Procedure.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- No
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- AWS is committed to running its business in the most environmentally friendly way possible and achieving 100% renewable energy usage for its global infrastructure. Higher utilization rates, energy-efficient servers and renewable energy supply of AWS data centers mean that they have an 88% lower carbon footprint compared to an average on-premise data center. AWS reached 65% renewable energy across their business in 2020 and became the world’s largest corporate purchaser of renewable energy. AWS infrastructure was found to be 3.6 times more energy efficient than the median surveyed enterprise data center. Amazon is committed to building a sustainable business for all customers and the planet. In 2019, Amazon co-founded The Climate Pledge—a commitment to be net zero carbon across the business by 2040, 10 years ahead of the Paris Agreement.
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Tackling economic inequality
- Wellbeing
Fighting climate change
We choose to base many of our services on AWS due to their commitment to be net zero by 2040. We review the data centres we use against the Green Web Foundation's hosting directory (https://www.thegreenwebfoundation.org/directory/) to look for opportunities to minimise our environmental impact. AWS' approach differs from most other green hosting companies in that it is not only based on offsetting, carbon credits, and tree planting, but also significant investment in renewable energy schemes internationally. We are exploring the prospect of using company funds to subsidise “green” home improvements for our UK employees (replacing gas boilers with heat pumps, solar panel installation, insulation improvements etc.). We reviewed our banks against https://switchit.green/ and have closed our account with HSBC. We currently bank with the Co-Operative, Nationwide, and an investment bank in the North of England, and are investigating Unity Trust and Tide because of their ethical and sustainable approach to banking. We are also official partners of the Eden Reforestation Projects https://www.edenprojects.org/partners?search=Code+EnigmaTackling economic inequality
Code Enigma is proud to be an ethical employer. It’s rooted deep in our values to be fair and open. That’s why we’re members of the Living Wage Foundation in the UK and also signed up to the Prompt Payment Code.
We have a dedicated training budget per head, enabling our employees to invest in themselves with supported time off in order to obtain further skills in their chosen field.
We are also experts in open source software, we invest heavily via both our time and our mission fund to ensure free software flourishes, which is a major way out of poverty in both the developed and developing world, providing free tools to allow people to train and learn new skills.Wellbeing
Our company Health & Safety, Dignity at Work, and Diversity & Equality policies are coupled with private health cover for our staff - committed to helping them get the help they need when they need it.
Pricing
- Price
- £180 an instance a month
- Discount for educational organisations
- No
- Free trial available
- No