Atos IT Services UK Ltd

IRIS UK Cloud Hosting

The Atos IRIS UK Cloud Hosting platform will provide you with a secure, UK based, OFFICIAL cloud hosting service, delivered from ISO-27001 certified data centres. It is available on a monthly, pay as you use subscription basis.


  • A choice of unmanaged or fully managed OS VM/Physical server
  • Delivered from UK based ISO-27001 certified data centres
  • Supported from UK locations by SC cleared staff
  • Built on flexible, scalable & continuously refreshed infrastructure
  • Capable of supporting dual UK site synchronous replication
  • Zero data loss capable infrastructure to protect your service
  • High availability architecture to ensure service continuity
  • Connectivity options of PSN (Assured&Protect) Assured Private WAN and Internet
  • Service Availability of 99.95%
  • Service Management processes follow ITILv3


  • Simple pricing for IaaS services based on server/data volumes
  • Fast and flexible scale up/down hosting platform deployment
  • Atos do all the complex platform setup for you
  • Pre-configured Virtual Machines with options ready to use
  • flexible user access and management capabilities
  • Built on a shared, secure, multi-tenanted platform supporting many customers
  • Deep feature set including strong security controls/service protection options
  • Support delivered from the UK by security Check cleared staff


£80.00 per virtual machine per month

  • Free trial available

Service documents

G-Cloud 10


Atos IT Services UK Ltd

Ray Stevens


Service scope

Service scope
Service constraints “Planned Maintenance” means any pre-planned maintenance of any infrastructure or core platform relating to the services
- Scheduled at weekends between 01:00 Saturday and 23:59 Sunday

- “Emergency Maintenance” means any emergency maintenance of any of the infrastructure relating to the services
- Whenever possible Emergency Maintenance of Atos’s infrastructure will happen between the hours of 01:00 Saturday and 23:59 Sunday (UK local time)
System requirements
  • PSN Connectivity (where required)
  • PSN Code of Connection agreement and compliance
  • Accreditation or Assurance of end to end service
  • Appropriate contact details for Atos staff members
  • Must meet and agree the IRIS UK Terms and Conditions
  • Agree to the Acceptable Use Policy

User support

User support
Email or online ticketing support Email or online ticketing
Support response times "Priority 1 - 95% in 4 Support Availability Hours
'Priority 2 - 95% in 8 Support Availability Hours
'Priority 3 - 95% in 2 Support Availability Days
'Priority 4 - 95% in 5 Support Availability Days
'Service Request Handling Window - 5 days 10 hours
Mon-Fri 08.00–18.003
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.0 AAA
Web chat accessibility testing None or don't know.
Onsite support No
Support levels Options of Standard (08:00-18:00 M-F) or Enhanced (08:00-18:00 M-F + 24x7 for P1 Incidents). Cost difference between support levels varies depending on the selected offering. Managed IaaS offerings are supported by our Cloud Engineers, and Platform team
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started All standardised configuration and customer service provisioning costs are included within our monthly service charge, and cover the following activities:
-Mobilise and engage the Cloud Services Deployment team ready for deployment
-Establish baseline security and base infrastructure configuration
-Deploy from Gold Builds your chosen Virtual/Physical machines
-Create initial user accounts (5 accounts included in on boarding price)
-Pre-configure Network connectivity and assign network bandwidth
-Service Transition Planning / Non Functional Platform Testing
-Setup and configure patching and monitoring (if appropriate)
-ITHC – Annual Health Check of our underlying Cloud platform and associated Atos managed services
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction All customer supplied hosted data will be made available for migration, or deleted, at the end of the service or (for backups / archives) at the end of the backup / archive retention cycle (or at the point when off-boarding occurs, or if the appropriate data protection plan lapses). All commercial customer information will be held until the end of the reporting cycle (monthly), until all payments have been received, and then held as required for reporting / regulatory purposes (including log files).
End-of-contract process Off-boarding is based on a common approach with the following activities included within the standard Atos IRIS UK Cloud Hosting monthly charges, although we understand each client off-board may be different and we work with our customers to ensure a successful outcome.
-Server decommissioning will be undertaken in a manner compliant with security best practices
-Storage decommissioning will be undertaken in a manner compliant with security best practices
-All customer data, unless the optional data destruction service is purchased, will be deleted using commercial processes
-All customers supplied physical media or appliances will be returned or securely disposed of before or at the end of the service as required
-Certifying that the Off-boarding process has successfully completed the actions required, in accordance with the agreed Information Assurance controls.
-Final invoicing and account closure

Using the service

Using the service
Web browser interface Yes
Using the web interface Provisioning of new services including new servers, network VLANs and network security rules
- Day 2 operations - including modification, deprovision, storage additions
-Dashboard view of provisioned servers including provisioned specification 'and near real time operational monitoring information across virtual and physical platforms
'-Network visualisation view, showing how servers have been provisioned across networks, zones, and datacentres
'-Capacity snapshot of customer servers, updated every 15 minutes
'-Access to view/download your latest monthly billing summary report
'-Customisable shopping basket to enable environments to be designed, planned, and priced before being provisioned
- Standard Service Requests (SSR)
Web interface accessibility standard None or don’t know
How the web interface is accessible Our web based facilities are delivered to be compatible with all major, in support, web browsers, and as such can be used with external accessibility tools if required.
Web interface accessibility testing Our web based facilities are delivered to be compatible with all major, in support, web browsers, and as such can be used with external accessibility tools if required.
Command line interface Yes
Command line interface compatibility Linux or Unix
Using the command line interface For un-managed IaaS, the customer has full CLI access and privilages. For managed IaaS, the customer has delegated access to CLI with sufficient privilages to manage their software deployments.


Scaling available Yes
Scaling type Automatic
Independence of resources N/A
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types CPU
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Other
Other data at rest protection approach Data at rest is encrypted at the Storage Layer
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Foundation Backup media based with a pooled passive standby server.
  • Hot standby Hot standby server in Secondary Cloud environment.
  • Virtual Machine Auto Recovery SAN based replication of entire VM.
Backup controls The customer may request different backup schedules via our Self Service Portal or submission of a ticket request.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Service Availability SLA of 99.95%
Approach to resilience IRIS UK is deployed across UK data centers using network, storage and compute virtualisation technologies to deliver active/active services across data centers and zero data loss DR. All physical building blocks are N+1 resilient.
Outage reporting Text and email alerts, contact through Account representative.

Identity and authentication

Identity and authentication
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Management is via dedicated virtual management LAN. Access to these LANs is controlled via 2FA. Only selected ports are permitted for management traffic
Access restriction testing frequency At least once a year
Management access authentication 2-factor authentication
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Ernest and Young
ISO/IEC 27001 accreditation date 11/12/2017
What the ISO/IEC 27001 doesn’t cover ISMS provided upon request
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards CSA CCM version 3.0
Information security policies and processes Atos has in place a full set of security policies and procedures. Atos staffs are required to follow the procedures, this requirement is covered in the Security Operating Procedures (SyOps) that administrators are required to sign

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Atos utilise the ITIL methodologies for the management of change and configuration management, supported by our Service Now tooling. This allows for the controlled assessment, execution and testing of changes to the service, whilst upholding a full audit trail of changes.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Atos has processes and procedures in place covering operational security. Changes that impact security are covered at the Security Working Group. Atos processes are ITIL compliant. All assets are recorded automatically in a Configuration Management Database (CMDB), this allows the assets to be track through their lifespan.
Protective monitoring type Supplier-defined controls
Protective monitoring approach 24x7 Security Operations Center monitors the platform for threats using Intrusion Detection, Intrusion Protection and Security Information and Event Management technologies.
Incident management type Supplier-defined controls
Incident management approach Atos has pre-defined incident management process to cover common security events and a generic security incident management process to cover the remaining types of incidents

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Dedicated Network Zones with segregated firewalls. Separation is achieved at a number of different layers depending of the services consumed. Within the cloud separation is achieved using different SDNs per customer at the network layer, ESXi hosts provide separation at the compute layer and separate VMDKs at the storage layer (or LUNs if separate physical hosts). Ingress and egress to the cloud SDN can be via shared networks (e.g. PSN) or via dedicated networks, e.g. customer WAN with a firewall context providing separation.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £80.00 per virtual machine per month
Discount for educational organisations No
Free trial available Yes
Description of free trial The free trial will consist of a small number (typically less than 5) of virtual machines and associated storage to enable a trial to be conducted for 30 days.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑