Meridian IT

Managed Cloud Services

Meridian's Cloud Services for IBMi, IBM Aix, IBM Power Linux and Intel environments offers high performance, scalable platforms. Our Cloud infrastructure resides in secure UK datacentres and is an integral part of the Group’s international managed services capability; offering Cloud compute, resilience, Cyber Security and AI Cloud solutions.


  • Real time data replication and validation between systems and sites
  • IBMi , AIX, Windows, Linux, VMware Hyper-V, Veeam, HP-UX
  • Fast recovery of systems in cloud by experienced recovery specialists
  • Provide a strong flexible approach for application modernisation and development
  • Customised service providing remote monitoring through to full systems management
  • Software Asset Management and Project Management
  • Highly resilient infrastructure means more uptime for your business
  • Single, private and Multi tenant cloud solutions
  • Production and DR environments with 24x7x365 monitoring
  • Specialist support for laboratory information management system (LIMS)


  • Flexible Capacity, Secure, UK Data Centres, Resilient carrier class connectivity
  • Fast, automated, dynamic storage, limitless capacity, data secure UK DCs
  • Reliable, tailored service fast recovery for systems and data
  • Providing the highest level of systems availability for continuous business
  • Efficient approach to providing 7x24 support for critical systems
  • Software compliance and optimisation to reduce vendor penalties and costs
  • Image recognition and Machine Learning platform
  • Security - Endpoint protection to ensure integrity of your organisation
  • Cyber Security - Malicious Software Identification


£243 per unit per month

  • Free trial available

Service documents

G-Cloud 11


Meridian IT

Andy Haley

01564 330650

Service scope

Service scope
Service constraints Meridian IT will indicate patch management and security update when necessary which may require a short service outage upon agreement with the customer.
System requirements
  • Applications and services supported on IBM-Power, HPE and Intel systems
  • Applications and services supported on Intel x86 systems

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Severity 1 Critical impact to Business / System resulting in business critical applications being unavailable. 1 Hour response 24x7 Severity 2 Severe impact to Business / System resulting in use of business critical applications being restricted / slow. 4 Hour response 24x7 Severity 3 Some Business impact / inconvenience but business processes able to continue. 1 working day response Severity 4 Minimal or no Business impact. Perhaps requests for information or explanation. 3 working day response.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Support levels as determined by account manager in liaison with Service Desk, as per standard support criteria. Severity 1: Critical impact to Business / system down resulting in Business critical applications being unavailable, 1 hour response – 24*7;
Severity 2: Severe impact to Business / system resulting in use of Business critical applications being restricted/slow, 4 working hours response;
Severity 3: Some Business impact/inconvenience but Business processes able to continue, 1 working day response;
Severity 4: Minimal or no Business impact. Perhaps requests for information or explanation, 3 working days response.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A Cloud readiness assessment followed by a workshop to fully understand requirements. This would be carried out by experienced consultants using ‘best will discover’ the entire connected infrastructure of a business including all hardware and software components. The raw data is transformed into a management view via an augmentation process so that a clear hierarchy and structure of ownership is presented along with an analytical view of usage and costs.The discovery phase of the service will provide an assessment of which components of the IT infrastructure can be delivered through private or public cloud consumption. It also assesses the business impact of moving to a cloud services so that a holistic view can be taken as to the appropriate level of transformation required to achieve the optimum business results. The customer would be allocated a Service Delivery Manager and Project Manager, who would agree a plan with the customer that would highlight relevant service levels and agreements, along with the various alerts and responses that would be addressed by the Meridian Support Cloud.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Client Data will be returned within a reasonable period, normally 60 days in agreed format, upon receiving written instructions from the Client prior to termination or expiration of current agreed contract.
End-of-contract process Offering dependant.

Using the service

Using the service
Web browser interface Yes
Using the web interface Users can log in request new services and browse services offered. Can liaise with Account Manager to add more resource under hosting contract or increase response times determined by severity levels.
Web interface accessibility standard None or don’t know
How the web interface is accessible Access can be discussed with account manager and appropriate measures set in place.
Web interface accessibility testing None to date.
What users can and can't do using the API Application Programming Interfaces can be established in liaison with Service Desk to allow access to Cloud services such as AWS under our hosting terms.
API automation tools
  • Ansible
  • OpenStack
  • Terraform
  • Other
Other API automation tools
  • Arcad DROPS
  • Jenkins
  • Kubernetes
API documentation No
Command line interface No


Scaling available Yes
Scaling type Automatic
Independence of resources IBM & Intel Infrastructure Platform (hardware and software), virtualisation with cloud backup and network redundancy.
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Regular reports
  • Reports on request


Supplier type Reseller (no extras)
Organisation whose services are being resold Node4, Equinix, Pulsant, TechData, Dell, Lenovo, HPE, Effective Security Ltd.

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Node4 as a datacentre protects its data under the controls of ISO 27001 which covers a wide range of security policies, procedures and risk asset register, physical controls externally and internally. Option of managed security solution that understands your threat landscape and areas of weakness.
Immediate awareness and response to any threats by applying threat analysis and reporting (both automated and manual) to your business
SIEM technology, with intrusion detection, vulnerability management services, application penetration testing and external vulnerability testing continuously being performed.
Delivered at three levels: essential, enhanced and elite to accommodate any business requirement.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • All data
  • Evault Cloud Backup
  • Veeam Backup
Backup controls Bespoke backup schedule and data retention available.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks Network controls – All servers are protected by Firewalls with strict access rules and sensitive information transmitted via VPN connections.
Data protection within supplier network Other
Other protection within supplier network Network controls – All servers are protected by Firewalls with strict access rules and sensitive information transmitted via VPN connections. Devices and services are logically grouped based and are assigned to Virtual LAN’s which provides network segmentation. Policies and procedures are in places internally to transfer data and are also in line with InfoSec classification.

Availability and resilience

Availability and resilience
Guaranteed availability Typically handled by Service Credits:-eg: Contractor warrants that it will resolve all properly notified Incidents classified as Critical or High within the Target Resolution Time specified in Section 2.3. If Contractor does not resolve these Incidents within the Target Resolution Time, then the Maintenance Fee shall be automatically reduced by the percentage set out below and Contractor shall disburse the respective amounts to Customer:
• by 5% if Contractor fails to resolve more than 10% of notified Incidents within the Target Resolution Time;
• by 20% if Contractor fails to resolve more than 20% of notified Incidents within the Target Resolution Time;
• by 30% if Contractor fails to resolve more than 30% of notified Incidents within the Target Resolution Time;
• by 50% if Contractor fails to resolve more than 40% of notified Incidents within the Target Resolution Time;
• by 60% if Contractor fails to resolve more than 50% of notified Incidents within the Target Resolution Time. Bespoke to each customer.
Approach to resilience Multiple data centre locations for high availability and data replication ensures availability within agreed SLAs. Tier 3 Data Centre. Cloud data is replicated between sites. All other specific information can be obtained upon request.
Outage reporting SMS, email (automation).

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication In line with customer requirements.
Access restrictions in management interfaces and support channels Username and password requirements, employees only.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 14/04/2016
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications ISO/IEC 27001 Information Security

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes All security policies are overseen by Managed Services Directors within the Group. Within the UK the Managed services Director and Managing Director input to Group Policies which can be disclosed upon pre-sales engagement.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach ITIL
Vulnerability management type Undisclosed
Vulnerability management approach Meridian IT work with Effective Security Ltd., Node4 and Equinix.
Protective monitoring type Undisclosed
Protective monitoring approach Available on request.
Incident management type Undisclosed
Incident management approach Available on request.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Other
Other virtualisation technology used VMware. Also PowerVM, is a feature of IBM POWER servers and is required for support of micro-partitions and LPAR virtualisation features. Support is provided for IBM i, AIX and Linux. PowerKVM is open source server virtualization that is based on the IBM POWER8 technology. It includes the Linux open source technology of KVM virtualization, and it complements the performance, scalability, and security qualities of Linux.
How shared infrastructure is kept separate Virtualisation using PowerVM or Vmware.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres We use World Class Datacentre facilities with energy accreditation:ISO 50001
ISO 50001, the most current version being ISO 50001:2011, specifies requirements for establishing, implementing, maintaining and improving an energy management system, whose purpose is to enable an organization to follow a systematic approach in achieving continual improvement of energy performance, including efficiency, use and consumption. It has been designed to be used independently, but it can be aligned or integrated with other management systems.


Price £243 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Same as full version with limited use and defined timescales.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑