Skip to main content

Help us improve the Digital Marketplace - send your feedback

Answers and Solutions ltd

Proof of Concept : Low cost Web Hosting Platform for Cloud Apps and Low Utilisation Reqs

Simple Quick access to a hosting environment for Proof of Concept testing.

This also has an option for ongoing low utilization sites that do not have excessive GDPR implications or requirements; eg a simple static website.

Features

  • Allows easy testing of software under consideration
  • For the department with limited IT capability but requiring maximum_outcomes.
  • Compatible with 'off-the-shelf' Comercial solutions.

Benefits

  • Enables the utilisation of low cost, high performance commercial solutions.
  • Suitable for Wordpress, Opencart, Magento, wiki, PHP and eCommerce applications

Pricing

£200 to £1,300 an instance a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Christopher.Wainwright@letsdiscuss.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

9 9 7 3 8 2 3 3 5 1 6 3 7 4 8

Contact

Answers and Solutions ltd Christopher Wainwright
Telephone: 02920733722
Email: Christopher.Wainwright@letsdiscuss.co.uk

Service scope

Service constraints
PHP is the most popular programming language for creating cloud apps. This is service only supports such apps. If you require PoC testing for Python or .Net apps a suitable environment can be built possible but at extra cost.

The PoC environment is not a production platform so has been made available for a 4 week trial duration. Longer trials can be undertaken using our regular hosting platform.

The inclusion of a SSL certificate is predicated on your use of one of our spare domain names. Otherwise an SSL certificate will need to be purchased from us.
System requirements
App written using the PHP language (most are)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Online support requests will be acknowledged and users will be able to view the status of tickets.

4hrs of ticketed support requests are available

It should be noted that support is not a substitute for training.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
No
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The entire system is being provided to help you evaluate other software systems. Our support extends to helping you load the software, provided it has an installation process supported by its publisher. 1 hr of application installation support is included in the 4hrs of total support.
Support available to third parties
No

Onboarding and offboarding

Getting started
We will provide on-boarding and requirements gathering service via a zoom consultation and email.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
This is a Proof of concept service /// Low Utilization hosting service. Our expectation is that the Buyer will only upload test data of no value. The Low Utilization buyer will take a backup of all data prior to exit.

On exit, all data will be deleted
End-of-contract process
The contract is ended. Data is deleted.

Using the service

Web browser interface
Yes
Using the web interface
To maintain system security, we will not supply logon credentials until after system setup. After the order has been validated and finalised the service does not take long to setup.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
The interface has been well designed. Our company selected the platform in question several years ago based on the quality of the interface. Eight years on, it remains superior to others on the market, and we continue to use it on account of the quality that it was built-in.

I cannot however at this time advise whether it has been formally certified to the standards above.

A new interface is planned for released during the lifetime of G-Cloud.
Web interface accessibility testing
1 in 12 men are colour blind and we are very aware of this issue. We tested all the available interfaces with a colour blind user. We use the system our user preferred.

There are several interfaces on the market, the one we selected and offer to clients is the best we could find; we also tested it for clarity and simplicity, ensuring the options and features are logically located and easily found.

Most vendors submitting offerings to G-Cloud will be offering cPanel or Plesk branded systems, systems we rejected for technical reasons as well as the inferior interface.
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
Buyers requiring independence of resource should choose our private hosting platform
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • Disk
  • Network
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
In-house destruction process

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • The DR system replicates the entire platform.
  • Backups should otherwise be taken by the Buyer
Backup controls
This will depend on the software chosen by the Buyer
Datacentre setup
Single datacentre
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The buyer will be eligible for one free days hosting for every hour the service was inaccessible to the buyers users, capped at 100% of the days in a free month. Planned maintenance events taking place at weekends or overnight are excluded. Details are in the service description document.
Approach to resilience
This is a low cost service. The setup is resilient, but that is not part of our SLA for this service.
Outage reporting
A public dashboard available to customers will indicate any outages.

Identity and authentication

User authentication
Username or password
Access restrictions in management interfaces and support channels
This is managed via strict controls to logon credentials
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
WorldPay
PCI DSS accreditation date
31/12/2019
What the PCI DSS doesn’t cover
We do not store CC details on our servers; CC details are processed by our bank on their PCI DSS certified servers. Our PCI certification was issued with this processing method declared. Most payment processing applications handover to an external CC payment provider, who accepts payment before handing purchase approval back to the application that you would be running on our system. This means that our PCI DSS certification is suitable for eCommerce solutions used by most organisations . If you want to store people CC details on our servers, that can be arranged and our PCI DSS would be amended to suit. Your software solution would need to be PCI DSS compliant. Using a 3rd party processor such as Worldpay [or one of their numerous competitors] is by far the best way to handle PCIO DSS aspects of Credit Card processing.
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Good Practice security governance is practiced. Our Physical server(s) are located in a restricted access datacentre. Strong passwords are enforced and stored safely.

ID's of clients appointed officers are stored and will be used to validate requests for support and assistance.
Information security policies and processes
The staff at our office do not have physical access to the hardware, ensuring that data at rest is protected.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
This test environment is maintained separately from our production environment.
Vulnerability management type
Undisclosed
Vulnerability management approach
This is a low cost service. The setup benefits from our approach to vulnerability management, but that is not part of our SLA for this service.
Protective monitoring type
Undisclosed
Protective monitoring approach
For security reasons, we do not publish details of protective actions taken since such details substantially increases the risks we face.
Incident management type
Undisclosed
Incident management approach
This is a low cost service. The setup is resilient, but that is not part of our SLA for this service.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
KVM hypervisor
How shared infrastructure is kept separate
This service is hosted on several VPS machines.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Renewable or nuclear energy is used as much as possible at our datacentres. Coal derived power has virtually been eliminated, and will be gone completely during the lifetime of a G-Cloud contract.

The biggest consumption of energy within the Datacentre is server hardware. Server virtualisation minimises the number of physical servers permanently running. Our equipment is housed in multiple 3rd party datacentres. On request, datacentre space is available in northern (arctic) climates, and we can locate your service in Finnish DC's.

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Our services help climate change by reducing and where appropriate, reducing or even eliminating the volume of home-office commuting necessary. Our data-centres are powered by suppliers who use renewable energy.

Covid-19 recovery

Large in-person meetings by people traveling long distances carries a high risk of spreading Covid-19. Through digital communications, our services are helping towards the recovery through reducing mixing between widely spaced geographical locations.

Tackling economic inequality

We encourage our staff to do pro-bono work for UK-based charities because it allows them to assume high levels of responsibility and thus gain experience not easily obtained in a high-consequence workplace. Staff who are undertaking such activities are still paid a salary; this has multiple benefits. It benefits the people who use the services of the charity being supported. It also benefits the individual who can strengthen their skills in a safe environment.

We also employ people in the regions of the UK still affected by the post-industrial economies. We are able to redistribute economic activity and thus enhance the economic well-being of people in these economically disadvantaged areas.

We actively look for SME sized organisations when seeking suppliers and sub-contractors because they offer better value for money, and are usually staffed by highly motivated individuals. Contracts awarded to Answers and Solutions will help the UK Government in its drive towards its leveling up agenda.

Equal opportunity

Answers and Solutions are committed to equal opportunities and do not discriminate in any way. We provide opportunities for people whose family commitments make it easier for them to fit their work duties around family duties through not prescribing fixed working hours; we work to goals achieved and not the number of hours spent watching the clock. We allow staff to take extended time off during school holidays or when other caring duties require that.

Wellbeing

Self-fulfilled individuals will always make good employees, good employees make for conscientious staff, and that is always good for a Buyer.

We encourage al of our staff to develop their skills and stretch their abilities. We encourage our staff to do pro-bono work for UK based charities because it allows them to assume high levels of responsibility and thus gain experience not easily obtained in a high-consequence workplace. We pay our staff while they do such work.

Pricing

Price
£200 to £1,300 an instance a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Christopher.Wainwright@letsdiscuss.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.