zsah Limited

zsah Cloud Hosting Services

GDPR compliant cloud management services providing web hosting, IaaS, PaaS, SaaS - with UK 24/7 support. Can work in partnership with your own IT systems and teams with private cloud or public cloud service providers e.g. AWS (Amazon Web Services), Microsoft Azure, Google Cloud in a hybrid cloud environment.


  • Managed public, private and hybrid PAAS and IAAS cloud solutions
  • World class UK data centres (tier 3/4), 99.99% availability
  • 24/7 managed service from UK based support team
  • Fully scalable server and networking solutions covering all technologies
  • Full connectivity solutions including leased and dedicated lines, LAN/WAN extensions
  • ISO9001 / ISO 27001 / Cyber Essentials accredited services
  • Technology accredited team including VMWare, Microsoft, Cisco, CCNA, HP
  • Full range of customised SLAs and response times
  • Remote access: mobile solutions; Genesys, Avaya; SkypeforBusiness (Lync), etc
  • Technologies provided include Windows, Linux, SQL, Intel, AMD etc


  • UK based 24/7 support provides availability and incident management
  • Reliable, easy to reach, rapid incident response and support
  • GDPR compliant UK based data centres
  • Scalable solutions tailored to your requirements; optimised cost
  • Maximise efficient use of computer resources; low carbon footprint
  • Database services and support to maximise efficiency and resilience
  • Disaster recovery options to reduce risks to your operations
  • Legacy technologies support and migration – mitigate risks and costs
  • Technology refresh / asset management – reduced costs / OPEX
  • All industry technologies supported to reduce need for migrations


£55 a virtual machine a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@zsah.net. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

2 0 4 6 7 9 8 2 0 5 7 2 5 5 6


zsah Limited David Kennedy
Telephone: 020 7060 6032
Email: sales@zsah.net

Service scope

Service constraints
Services have no constraints - zsah can tailor all services to specific requirements, including working alongside other IT systems and infrastructure, including AWS, Azure and others. Services are fully scalable and are supported 24/7. We can work with AWS, Azure and also we can manage the AWS and Azure platforms.
System requirements
  • No specific system requirements; can be tailored to any need
  • No minimum requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Severity 1 incidents are responded to within 15 minutes during normal service hours in our standard contracts, but response times and service hours can be amended or customised as required.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
None to date
Onsite support
Yes, at extra cost
Support levels
Support is based on customer requirements and can be tailored.
Zsah IT engineers provide Level 1, 2, and 3 support including technical support, hosting queries, service management handling, and data backup plans.
Tiered support comes as part of the package. Inclusive on-site support is negotiable depending on frequency.
We have a team of highly skilled cloud support engineers that hold various vendor certifications including Microsoft, Cisco, VMware, Oracle, Sybase, Prince 2, Scrum.
We provide a dedicated technical account manager along with cloud support engineers, and a support ticket system.
Support available to third parties

Onboarding and offboarding

Getting started
A full range of support options is available from zsah’s UK support team, from ad-hoc support and technical questions to full implementation and live support (under G Cloud Lot 2). Based on client requirements, all authorised users will be provided with documentation and training as required on how to access services. This includes topics such as how to use online ticket support system. If needed, onsite or online training can be provided.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
As defined / required by client
End-of-contract data extraction
All end of contract processes will be defined and agreed as part of our standard contract. The client can either extract data themselves or we provide secure transfer of their data at the end of the contract. zsah is completely flexible regarding how data extraction can be provided and will provide the appropriate level of support if and when required, depending on the client's own in-house capabilities.
End-of-contract process
If a customer decides not to renew the their contract, they send us confirmation in writing. Once we receive notice from the customer and they confirm they have all the data they require, services are switched off such as VM's and storage space. Data is removed as required and any further support is provided if required. All end of contract costs for termination are included, unless specific support is required for migration to a new platform. In the latter case, this can also be provided at competitive rates under G Cloud 9 Support Services.

Using the service

Web browser interface
Using the web interface
All aspects of the service can be managed by the customer via the web, using the Via vRealize automation tool. Changes and facilities that can be managed by users in this way include:

VM Deployment
Client virtual switch creation
Client firewall creation
Client storage creation
VM XVLAN assignment
VM IP address pool
Web interface accessibility standard
WCAG 2.1 A
Web interface accessibility testing
Internal testing carried out 2018
What users can and can't do using the API
Users can set up and manage the service using the "Via vR" automation tool. Changes that can be made using this tool include:

VM Deployment
Client virtual switch creation
Client firewall creation
Client storage creation
VM XVLAN assignment
VM IP address pool
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation
API documentation formats
Command line interface


Scaling available
Scaling type
Independence of resources
Clients specifications are allocated according to their requirements to ensure that performance levels are met and are not affected by demands from other users. In addition, limits can be placed on resources if required. If users require changes to capacity or performance, these are achieved via a straightforward request to the zsah service desk.
Many clients have a zsah service based on their own dedicated infrastructure, ensuring that there is no impact on the service from external demands.
Usage notifications
Usage reporting
  • API
  • Email
  • Other


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Any metrics can be provided, to suit client's requirements
  • Metrics provided include service usage, capacity, etc.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
What’s backed up
  • Files
  • Virtual Machines (VMs)
  • Databases and data
  • Configurations
  • User authorisations
Backup controls
This is done through managed services. Users can contact the help desk support team and send a request depending on their requirements. Backup schedules are agreed as per the contract.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
VLAN's, VXLAN's and correctly secured and configured switching/routing devices ensure data privacy. Data encryption is generally not used within the main platform, unless for inter-VLAN communications such as SNMP-to-monitoring devices which would be encrypted. IPSec is also used.

Availability and resilience

Guaranteed availability
Zsah guarantees 99.99% uptime and availability, 24 hours a day, 365 days per year. Service credits are provided for Priority 1 and 2 incidents if the SLA is missed as per agreed contract.
Approach to resilience
Zsah's hosting services are delivered from highly resilient and secure Data Centre facilities located in London and Manchester (plus Singapore for some international clients who require local presence in the Far East). We own everything else outright from the racks to switches, servers and storage. Our "gridz" platform is an enterprise cloud platform that we can lift and put anywhere in the world.

Levels of resilience can be fully configured to an individual client's requirements. Generally, the service provides fully redundant hardware such as servers, switches, clustering for hardware servers, automatic failover for VM's, High Availability, vMotion. Further details available on request.
Outage reporting
All outages are reported to customers via dashboard, email, phone and twitter, or as defined by the client.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Only authorised users can access management interfaces and support channels using strong passwords via SSL. Access details are restricted and stored in an encrypted password application. Only authorised users have access to that application.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Exova BM Trada
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Everything is covered in the ISO/IEC 27001 certification.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
UK Government Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
UK Government recommended Cyber Essentials.
Information security policies and processes
Zsah's information security policy and process is aligned with and certified to ISO/IEC 27001:2013.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All components are configured as per clients' requirements and are monitored regularly. If changes are required, the client requests a change via a Change Request. Once reviewed and approved by zsah change management (including a review of any potential security impact), the changes are then implemented. The status of all Change Requests is communicated to the client and is available to review.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability and Penetration Testing is carried out on a regular basis. Patches can be deployed as soon as a threat is identified. We are signed up to key vendors and third party organisations who send out regular alerts. We also have a regular patching schedule every 2 months.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We ensure that your business and daily operations run smoothly via our support team. This means that we consistently monitor the network to ensure everything is running without any problems and should a problem arise then we can address it before users are affected.

Our monitoring is constant over 24 hours throughout the year. If issues arise the zsah support team are contactable at any time to resolve problems on the system.
Incident management type
Supplier-defined controls
Incident management approach
Zsah's incident management procedure conforms with ISO/IEC 27001: 2013.

Pre-defined processes for common events depend on the type of event, whether it is an incident or not. Events that are classified as incidents include malware infections, excessive spam, information system failures, Denial of loss of service.

Users report to the Information Security Management representative and then an appropriate action is taken quickly after discussed with management.

A thorough review is carried out following all incidents and all findings are detailed in a report including root cause analysis.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
How shared infrastructure is kept separate
This is via VLAN's and VXLAN's. Firewalls are available as shared or dedicated; physical or virtual.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
The primary data centre from which zsah hosts its Cloud Services is Telehouse North2, which has won awards for its energy efficiency, achieved through a number of methods, including an innovative cooling system delivering market leading power usage efficiency figures. In 2017, the Data Centre was awarded Data Centre Energy Efficiency Project of the Year.


£55 a virtual machine a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@zsah.net. Tell them what format you need. It will help if you say what assistive technology you use.