Equiniti ICS Ltd

SQL Server as a Service; SQL Server Database Support; Server Managed Services

Equiniti offers a Cloud-based SQL Server-based solution, server as a service, a comprehensive application hosting service which will provide the SQL Server-based solution within a private virtual cloud with dedicated virtual servers running the complete range of services required. Available as Official or Official-Sensitive


  • Database Systems Architecture and Design
  • Database Implementation and Configuration
  • Software Development around the SQL Server Database
  • SQL Server based application hosting
  • Data Migration
  • Database Administration Services


  • SQL Server delivers comprehensive high-end datacentre capabilities
  • Complex database and business intelligence requirements
  • High Availability design
  • Scale on demand from devices to datacenter to cloud
  • Support for reporting services


£1150 to £2635 per unit per month

Service documents

G-Cloud 9


Equiniti ICS Ltd

Julie McMenemy

02890 567 232


Service scope

Service scope
Service constraints No constraints identified
System requirements Licences

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 4 hours critical, one working day for other enquiries/issues.

Support is provided in standard office hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels Standard Equiniti support and maintenance agreements provide guaranteed acknowledgement or resolution of issues within the agreed service level.

Equiniti’s standard response times are as follows:

• Response time target for accessing screens of the system will be within 3 seconds for a minimum 99% of the time.
• Response time target for simple searches for information and displaying results within the system will be within 5 seconds 95% of the time (response times exclude network latency)
• Standard system availability target of the service is 99.99%.

We provide a single contact point for all problems including advice on all aspects of the solution, be it hardware or software.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Equiniti works closely with the customer to produce an implementation plan which incorporates:

• Timescales and resource requirements
• System configuration including user setup and organisation specific static data and content
• System verification
• User training on the system
• Project management and governance
• Communication to users and stakeholders

We provide the necessary expertise and guidance to ensure a smooth implementation and go-live, and subsequently to provide ongoing system support and service management.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data extraction is carried out by Equiniti
End-of-contract process The exit process will focus essentially on the transfer of information from the service provider’s systems to the new service provider. We can commit the following:

a) The necessary resources will be available to ensure that the migration data is in an industry standard form (e.g. csv) such that it can be adopted by the replacement service provider. These resources are part of the Service Provider’s technical team and the structure of the data and the nature of our software enables the extract of data in this format to be readily achievable.

b) the Service Provider will work with the Customer and the replacement provider in ensuring that the relevant documentation and procedures are available. Additional documentation other than that already provided by the Service Provider as part of the Agreement will be produced and charged for on a time and materials basis.

Using the service

Using the service
Web browser interface No
Command line interface No


Scaling available No
Independence of resources Server CPU, Memory and network activities are continually monitored. System administrators will be alerted if a threshold is breached allowing the appropriate action to be taken.
Usage notifications No


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach At rest data encrypted on SAN
Data sanitisation process Yes
Data sanitisation type Hardware containing data is completely destroyed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Active Directory Services
  • SQL Databases
  • Files
Backup controls Users do not control backups - this is a System Administrator function.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We have high availability SLA's (up to 99.99%) agreed with clients and refund through a service credit regime where we don’t meet guaranteed levels of availability.
Approach to resilience 2 data centres, 1 production and 1 DR. SAN performs real time replication of data between sites.
Hyper-V Clusters with minimum of 4 nodes per cluster.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication
  • Limited access network (for example PSN)
  • Username or password
  • Other
Other user authentication Microsoft Active Directory Services
Access restrictions in management interfaces and support channels Access is restricted through the use of Microsoft Active Directory Services and firewall rules.
Access restriction testing frequency At least once a year
Management access authentication
  • Limited access network (for example PSN)
  • Username or password
  • Other
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 SGS United Kingdom Limited
ISO/IEC 27001 accreditation date 12/02/2017
What the ISO/IEC 27001 doesn’t cover Temp
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations ISAE 3402

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Equiniti Group Information Security Policy - all staff are mandated to complete policy compliance training annually.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Equiniti follows a change management approval process. Changes are assessed as a part of this process, which includes all potential security impacts.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach The data centres are accredited to ISO/IEC 27001 standard.

Regular assessment of threats are carried out through ITHC, risk assessments, user event tracking.

System Centre 2012 is used for operating system patch deployment. All patches are approved and then deployed using automated and scheduled processes. The patching schedules are agreed with clients.

Vulnerabilities to the service are reviewed and patches are applied in accordance with the vendor’s best practices.

Information concerning potential threats are sourced from Microsoft, HP Equipment, Government and Security blogs.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach A SIEM product is used to collate and analyse log files as part of their audit policies. Server logs, SQL Audit Logs, WAF logs and firewall logs are sent to the SIEM Server which is configured to alert and report as required. Reports are generated using GPG13 guides.

Potential compromised are reported to the IT Security Management team who will assess the incident and issue guidance on the next action.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Equiniti has a defined approached to major IT incident management which may be escalated to the Crisis Management Team, which includes incident management and incident communication. This is invoked and owned by Equiniti IT Service management overseen by Equiniti senior management. The team nterfaces with Information security incident and all Equiniti support teams.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Hyper-V
How shared infrastructure is kept separate Separate VLAN for each organisation.
Separate SAN CSV Disks presented to Hyper-V Host servers.
Firewall rules restrict access to VLANs.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £1150 to £2635 per unit per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑