Proof of Concept : Low cost Web Hosting Platform for Cloud Apps and Low Utilisation Reqs
Simple Quick access to a hosting environment for Proof of Concept testing.
This also has an option for ongoing low utilization sites that do not have excessive GDPR implications or requirements; eg a simple static website.
Features
- Allows easy testing of software under consideration
- For the department with limited IT capability but requiring maximum_outcomes.
- Compatible with 'off-the-shelf' Comercial solutions.
Benefits
- Enables the utilisation of low cost, high performance commercial solutions.
- Suitable for Wordpress, Opencart, Magento, wiki, PHP and eCommerce applications
Pricing
£200 to £1,300 an instance a month
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
9 9 7 3 8 2 3 3 5 1 6 3 7 4 8
Contact
Answers and Solutions ltd
Christopher Wainwright
Telephone: 02920733722
Email: Christopher.Wainwright@letsdiscuss.co.uk
Service scope
- Service constraints
-
PHP is the most popular programming language for creating cloud apps. This is service only supports such apps. If you require PoC testing for Python or .Net apps a suitable environment can be built possible but at extra cost.
The PoC environment is not a production platform so has been made available for a 4 week trial duration. Longer trials can be undertaken using our regular hosting platform.
The inclusion of a SSL certificate is predicated on your use of one of our spare domain names. Otherwise an SSL certificate will need to be purchased from us. - System requirements
- App written using the PHP language (most are)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Online support requests will be acknowledged and users will be able to view the status of tickets.
4hrs of ticketed support requests are available
It should be noted that support is not a substitute for training. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- No
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- The entire system is being provided to help you evaluate other software systems. Our support extends to helping you load the software, provided it has an installation process supported by its publisher. 1 hr of application installation support is included in the 4hrs of total support.
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
- We will provide on-boarding and requirements gathering service via a zoom consultation and email.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
This is a Proof of concept service /// Low Utilization hosting service. Our expectation is that the Buyer will only upload test data of no value. The Low Utilization buyer will take a backup of all data prior to exit.
On exit, all data will be deleted - End-of-contract process
- The contract is ended. Data is deleted.
Using the service
- Web browser interface
- Yes
- Using the web interface
- To maintain system security, we will not supply logon credentials until after system setup. After the order has been validated and finalised the service does not take long to setup.
- Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
-
The interface has been well designed. Our company selected the platform in question several years ago based on the quality of the interface. Eight years on, it remains superior to others on the market, and we continue to use it on account of the quality that it was built-in.
I cannot however at this time advise whether it has been formally certified to the standards above.
A new interface is planned for released during the lifetime of G-Cloud. - Web interface accessibility testing
-
1 in 12 men are colour blind and we are very aware of this issue. We tested all the available interfaces with a colour blind user. We use the system our user preferred.
There are several interfaces on the market, the one we selected and offer to clients is the best we could find; we also tested it for clarity and simplicity, ensuring the options and features are logically located and easily found.
Most vendors submitting offerings to G-Cloud will be offering cPanel or Plesk branded systems, systems we rejected for technical reasons as well as the inferior interface. - API
- No
- Command line interface
- No
Scaling
- Scaling available
- No
- Independence of resources
- Buyers requiring independence of resource should choose our private hosting platform
- Usage notifications
- Yes
- Usage reporting
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- Disk
- Network
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Hardware containing data is completely destroyed
- Equipment disposal approach
- In-house destruction process
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- The DR system replicates the entire platform.
- Backups should otherwise be taken by the Buyer
- Backup controls
- This will depend on the software chosen by the Buyer
- Datacentre setup
- Single datacentre
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- The buyer will be eligible for one free days hosting for every hour the service was inaccessible to the buyers users, capped at 100% of the days in a free month. Planned maintenance events taking place at weekends or overnight are excluded. Details are in the service description document.
- Approach to resilience
- This is a low cost service. The setup is resilient, but that is not part of our SLA for this service.
- Outage reporting
- A public dashboard available to customers will indicate any outages.
Identity and authentication
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- This is managed via strict controls to logon credentials
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Public key authentication (including by TLS client certificate)
- Username or password
- Devices users manage the service through
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- You control when users can access audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- You control when users can access audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- WorldPay
- PCI DSS accreditation date
- 31/12/2019
- What the PCI DSS doesn’t cover
- We do not store CC details on our servers; CC details are processed by our bank on their PCI DSS certified servers. Our PCI certification was issued with this processing method declared. Most payment processing applications handover to an external CC payment provider, who accepts payment before handing purchase approval back to the application that you would be running on our system. This means that our PCI DSS certification is suitable for eCommerce solutions used by most organisations . If you want to store people CC details on our servers, that can be arranged and our PCI DSS would be amended to suit. Your software solution would need to be PCI DSS compliant. Using a 3rd party processor such as Worldpay [or one of their numerous competitors] is by far the best way to handle PCIO DSS aspects of Credit Card processing.
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
-
Good Practice security governance is practiced. Our Physical server(s) are located in a restricted access datacentre. Strong passwords are enforced and stored safely.
ID's of clients appointed officers are stored and will be used to validate requests for support and assistance. - Information security policies and processes
- The staff at our office do not have physical access to the hardware, ensuring that data at rest is protected.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- This test environment is maintained separately from our production environment.
- Vulnerability management type
- Undisclosed
- Vulnerability management approach
- This is a low cost service. The setup benefits from our approach to vulnerability management, but that is not part of our SLA for this service.
- Protective monitoring type
- Undisclosed
- Protective monitoring approach
- For security reasons, we do not publish details of protective actions taken since such details substantially increases the risks we face.
- Incident management type
- Undisclosed
- Incident management approach
- This is a low cost service. The setup is resilient, but that is not part of our SLA for this service.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- KVM hypervisor
- How shared infrastructure is kept separate
- This service is hosted on several VPS machines.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
Renewable or nuclear energy is used as much as possible at our datacentres. Coal derived power has virtually been eliminated, and will be gone completely during the lifetime of a G-Cloud contract.
The biggest consumption of energy within the Datacentre is server hardware. Server virtualisation minimises the number of physical servers permanently running. Our equipment is housed in multiple 3rd party datacentres. On request, datacentre space is available in northern (arctic) climates, and we can locate your service in Finnish DC's.
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Our services help climate change by reducing and where appropriate, reducing or even eliminating the volume of home-office commuting necessary. Our data-centres are powered by suppliers who use renewable energy.Covid-19 recovery
Large in-person meetings by people traveling long distances carries a high risk of spreading Covid-19. Through digital communications, our services are helping towards the recovery through reducing mixing between widely spaced geographical locations.Tackling economic inequality
We encourage our staff to do pro-bono work for UK-based charities because it allows them to assume high levels of responsibility and thus gain experience not easily obtained in a high-consequence workplace. Staff who are undertaking such activities are still paid a salary; this has multiple benefits. It benefits the people who use the services of the charity being supported. It also benefits the individual who can strengthen their skills in a safe environment.
We also employ people in the regions of the UK still affected by the post-industrial economies. We are able to redistribute economic activity and thus enhance the economic well-being of people in these economically disadvantaged areas.
We actively look for SME sized organisations when seeking suppliers and sub-contractors because they offer better value for money, and are usually staffed by highly motivated individuals. Contracts awarded to Answers and Solutions will help the UK Government in its drive towards its leveling up agenda.Equal opportunity
Answers and Solutions are committed to equal opportunities and do not discriminate in any way. We provide opportunities for people whose family commitments make it easier for them to fit their work duties around family duties through not prescribing fixed working hours; we work to goals achieved and not the number of hours spent watching the clock. We allow staff to take extended time off during school holidays or when other caring duties require that.Wellbeing
Self-fulfilled individuals will always make good employees, good employees make for conscientious staff, and that is always good for a Buyer.
We encourage al of our staff to develop their skills and stretch their abilities. We encourage our staff to do pro-bono work for UK based charities because it allows them to assume high levels of responsibility and thus gain experience not easily obtained in a high-consequence workplace. We pay our staff while they do such work.
Pricing
- Price
- £200 to £1,300 an instance a month
- Discount for educational organisations
- No
- Free trial available
- No