Empyrean Digital Limited

Cloud Hosting Services

Our cloud hosting solution provides flexible and managed hosting solution on various cloud providers including Amazon Web Services (AWS), Azure and Google Cloud Platform (GCP). Our team has been hosting services on cloud, on premises and hybrid for a number of years, providing us with unique insight into hosting requirements.

Features

• Assessment of requirements to ensure suitable solution
• Design of the solution including servers, load balancers, etc
• Automated provisioning of the solution
• Regular updates, patching and security tests
• 24/7 server availability, multiple regions and availability zones for reliability
• Ability to support a number of technologies
• Supports containers, PaaS, Serverless, openshift and traditional virtual servers
• Support a variety of cloud providers (AWS, Azure, GCP, IBM)
• DevOps approach to server management - automation where possible
• Cyber Essentials Plus certified

Benefits

• Fully scalable – increase or decrease your service over time
• 24/7 monitoring for proactive incident resolution
• Use multiple technologies – framework and language agnostic
• 99.9% uptime
• All data is stored on encrypted storage mediums
• No requirement for you to manage on premises hosting
• Automated backups – easy recovery in the event of disaster
• Allows you to concentrate on your application rather than hosting
• Dedicated service team with automated service desk
• Solution architecture provided to ensure value for money/performance

£450 to £25,000 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nicola.tappern@empyreandigital.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

929543652451166

Contact

Nicky Tappern
07715211185
nicola.tappern@empyreandigital.com

Service scope

• Service constraints: Standard response times for support is 9-5 Mon - Fri. Out of hours will be picked up next working day. Extended hours may be provided on negotiation
• System requirements: Static IP or VPN for access to servers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 working day between 9am - 5pm
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support level is defined during requirement gathering, based on estimated amount of support required.; ; This starts typically at 1 day and can expand based on specific requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As part of engagement, we will meet with you to ensure that onboarding is as smooth as possible, during this time we will provide training and documentation as required.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: As the contract comes to the end, we will work with the buyer and any new suppliers to ensure that all data is transferred efficiently.; ; We have picked up data from other suppliers ourselves a number of times, and understand what is required in order to transfer.
• End-of-contract process: The contract includes a handover, the time assigned to this will be agreed in advance. If additional days are required for reasons outside of the suppliers control, then these days will be charged at an additional cost.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: All services are managed on separate instances.; ; We do not share underlying resource with other buyers.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Number of active instances
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: AWS, Azure, GCP, IBM

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual machines
  • Databases
  • Storage volumes
• Backup controls: All backups are managed by Empyrean, and are set up in accordance to requirements from the buyer
• Datacentre setup: Multiple datacentres
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We aim or 99.9% uptime outside of advertised maintenance periods, these periods will have a 2 week notice to ensure that buyers are prepared. Refunds are managed on an ad-hoc basis
• Approach to resilience: We can make this available on request
• Outage reporting: We have real time monitoring for any outages, and all primary contacts will be emailed, as well as a dashboard showing the current status of the service.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
• Access restrictions in management interfaces and support channels: Access will be provided to a dedicated service desk for the buyer where access will be restricted to the buyer and supplier only
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: We follow Cyber Essentials and ISO 27001 and are in the process of becoming certified in ISO 27001
• Information security policies and processes: We are Cyber Essentials Plus accredited. All staff are made aware of our security and governance policies at induction, with annual updates.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our approach to configuration management identifies which key controls are critical for the environment, and applications require this control for the operating effectiveness of these key controls in order to comply with the desired requirements. We automate all control where all changes are consistent and repeatable across all environments. This will in turn reduce any human error, engineering direct access to systems and add a layer of security and control. This is coupled with an extensive change management process, with a weekly CAB (Change Advisory Board) with various stakeholders making sure any changes are clear and documented with any risks.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process key is to identify, evaluate real time threats with reporting on security vulnerabilities in systems and all the software that runs on them. This, implemented alongside with other security tactics, is vital in our efforts to prioritise possible threats and minimise security vulnerabilities. The outcome is to regularly manage the outputs this will update automation and adding any changes identified to the regular patch cycle, this should also include any emergency security vulnerabilities notices are patched immediately on release.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: As part of our monitoring, Security and performance benchmarks will be stored and updated regularly to ensure that the site is operating at the expected level. This allows us to proactively make performance and security enhancements. As a team we will have regular reviews and as part of this process we have an on call system which will create automated alerts to engineers if any thresholds are raised. We will regularly review monitoring thresholds to make sure we have relevant monitoring, so that we don't do unnecessary call outs or even to make sure we don't miss.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management approach avoids first with Detect to Correct using proactive monitoring to alleviate major outage where possible, all on call personnel are automatically alerted. A Triage team would Identify and collate supporting information including technical and escalation points, Map out issue with the relevant internal and external teams, Course of action and mitigation steps to resolution. On fix a Root Cause Analysis report (RCA) report will be created and a problem ticket would be raised. Incident manager on duty is activated immediately, consisting of key management and customer representatives in the identity step, including any possible SLA breach.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: AWS, Azure, GCP, IBM
• How shared infrastructure is kept separate: Each organisation is provided with a virtual network.; ; In the event of containers, no underlying cluster resources are shared.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: We use data centre providers who adhere to the EU code of conduct

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  // We have made the conscious decision for our contract workforce to work from home, to reduce the need to commute and the energy demand associated with maintaining a centralised workspace.; // Despite our remote working policy there are times where travel is essential. We encourage green travel, offering electric vehicles, a cycle-to-work scheme, and advocate the use of public transport. ; // Our operations are entirely digital, utilising electronic signatures for contracts and approvals for a paperless workflow, reducing the consumption of paper and the environmental impact of printing and disposal. ; // When purchasing devices and hardware we review the energy efficiency of the equipment. For example, reading the EU energy label of monitors, to minimise power consumption.; // We use virtual servers to reduce the number of physical servers and choose our hosting providers based on their use of renewable energy sources and their commitment to reducing their carbon footprint.

  Covid-19 recovery

  // We work hard to advertise our employment opportunities where they can be accessed by people left unemployed by COVID-19, staff employed are directly involved in delivering under Gcloud contracts.; // We offer the contract workforce remote and flexible working, opening up opportunities for those in remote areas where employment opportunities are more limited.; // We sponsor a local children’s Rugby team. Helping to promote physical and mental health, alleviate the demand on health and care services and support the local community. ; // We have recently delivered an Alpha for Healthy Working Wales (part of Public Health Wales) where we have redesigned the service for digital delivery – allowing employers to support their team to improve their health and well-being.

  Tackling economic inequality

  // We offer the contract workforce remote and flexible working, opening up opportunities for those in remote areas where employment opportunities are more limited.; // We create job and training opportunities in the IT sector, a high growth area.; // We have a mentorship programme which allows us to train and support team members who are new to the industry, delivering new skills and opportunities. These programmes are supplemented by external learning and resulting qualifications.; // We are an SME and we work with other SMEs to complement our services and create supply chain capacity.; // We are implementation partners for a no-low code AI solution which has been nominated for an innovation award following our successful delivery of the tool which is being used to manage transport in a combined authority. Learning from this work is shared with our contract workforce.; // We work with a number of associates who compliment our offer, we take the time to make them part of the team so that we can work together seamlessly, creating opportunities and capacity in the supply chain.

  Equal opportunity

  // We have a number of neurodivergent staff members across our contract workforce. Our recruitment processes have been designed to be accessible for all and we encourage discussion as part of performance management and appraisal to ensure we provide an environment in which our team members can flourish.; // We are committed to encouraging equality, diversity and inclusion among our workforce. As a tech company, we are proud to say that our team is 45% female, with many holding positions at senior level. According to the ONS in 2021, 31% of UK tech jobs are held by women, meaning we are exceeding the industry average.​; // We support in-work progression of our contract workforce, actively discussing opportunities, goals and rewarding development with staff moving up the SFIA.

  Wellbeing

  // We aim to obtain work which promotes health and wellbeing in our community e.g our work for Public Health Wales, Social Care Wales, NHS Executive Wales and Sport Wales. ; // We promote the health and wellbeing of our contract workforce throughout our policies, procedures and ways of working.; // We sponsor a local children’s Rugby team. Helping to promote physical and mental health, alleviate the demand on health and care services and support our local community. ; // We have recently delivered an Alpha for Healthy Working Wales (part of Public Health Wales) where we have redesigned the service for digital delivery – allowing employers to support their team to improve their health and well-being.

Pricing

• Price: £450 to £25,000 a unit a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nicola.tappern@empyreandigital.com. Tell them what format you need. It will help if you say what assistive technology you use.