Bramble Hub Limited

Bramble Hub xc360 - 360 Cloud

Provide for individual applications, through to full server hosting, as well as platform and workspace as a cloud service. We can deliver just OS or email, database, file storage, backup, dr and support for the entire cloud solution as well as design bespoke cloud solutions to suit specific needs.


  • Managed and supported by technology experts
  • Bespoke service design to suit needs
  • Automatically patched and updated operating systems
  • Provider Independent to meet customers needs
  • Scalable based on Usage needs and performance requirements
  • Highly secure and multi layer protection
  • Windows, Vmware, Hyper-V, Linux, Xen and much more
  • Enterprise monitoring through solarwinds, Kaseya, and in-built tools
  • Multisite protection and redundancy
  • IASME and CyberEssentials Certified


  • Scalable to suit your technology needs
  • Flexible support to provide just the right level of assistance
  • Highly Available
  • Highly Secure
  • UK based Support and UK Based Service
  • Uptime Guarantees


£42.00 per user per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

2 2 2 1 5 5 8 8 5 3 5 5 8 9 8


Bramble Hub Limited

Roland Cunningham

+44 (0) 2077350030

Service scope

Service constraints
Scheduled maintenance maybe carried out periodically and notified in advance and always outside of normal operating hours. Systems and services maybe unavailable during these times.
System requirements
  • Provision of 3rd Party software licencing
  • Subscription to any 3rd Party Assurance / Support Services

User support

Email or online ticketing support
Email or online ticketing
Support response times
Dependant on nature of questions. Support related issues are responded to under 10minute , 45minute and 2hour SLA's. Non support related questions are responded to within 2 hours where possible.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Our Support Is provided by way of number of devices or users accessing the cloud services and if provided for, are all inclusive for onsite visits - however are dependant on the cloud service we are supporting access to and are dependant on the coverage hours. As standard, email, live chat, customer portal and phone support are included.

Customer Account managers are assigned as standard and annual reviews held at a minimum. Reporting and technical account managers are also available dependant on the service.
Support available to third parties

Onboarding and offboarding

Getting started
We provide a welcome pack detailing the services being provided, we introduce the service and support teams to the users, provide hand holding and onsite training where required and provide an in depth user guide for all features. Web based knowklegebase access is also provided to allow users to find useful guides when required.
Service documentation
Documentation formats
End-of-contract data extraction
A complete handover process is initiated which provides for complete data extraction on either removable media or via secure transfer protocols.
End-of-contract process
On contract cease a data dump is taken of all data and provided to the customer.

Using the service

Web browser interface
Using the web interface
Our Service is managed by our team of experts and although access to administrative tasks, such as managing users, accounts and files and applications can be provided, we typically carry these tasks out on request through proper controls and procedures. The web Interface is just an interface into the platform, it does not allow for changes to be made.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Through SSL and optionally through 2 factor authentication.
Web interface accessibility testing
Command line interface


Scaling available
Independence of resources
State of the Art load balancing ensutes resources are kept well distributed to reduce impact on other users, additionally our infrastructure is always under provisioned to allow for spikes and iunexpected peaks. Smart Monitoring identifies potential performance impacts and experts are immediately notified to investigate and resolve.
Usage notifications
Usage reporting


Infrastructure or application metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • File
  • Virtual machines
  • Configurations
  • Databases
  • EMails
  • Application files
  • Physical servers
Backup controls
To elimintate missing backups users cannot control or change backup schedules or targets.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
SLA's are determined and agreed specific to each project based on the individual requirements of each project and customer and the capabilities of the teams and resources we have in place. We can cater for a number of varied SLA provisions. As standard we offer helpdesk services available via phone or email direct to an engineer.
Approach to resilience
Specific service / Solution resiliency information is available on request and entirely dependant on the hosting solution designed and provided for.
Outage reporting
Email alerts are provided as standard and additional reporting available dependant on the criticality of the service provided.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Management interfaces are never publicly presented and are only accessible via specific IP addresses. Usernames and passwords for access are only provided to individuals who access is required and are changed frequently to avoid breach - where feasible 2FA is always enforced and brute force protection enabled. These passwords are of a minimum length and complexity and are only ever stored in secure password tools.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
IP access restrictions
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We have an internal Information Security policy covering most every aspect of Infoirmation security, each employee is fully versed with the policies and undergo training to ensure the policy is adhered to. We conduct regular security checks, both via automated means and manual checks. we follow a cycle of continuous improvement, and ensure any new tools and services meet our stringent security parameters before engaging.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Changes to configurations / software and tooling go through a cycle of impact testing on replicated systems without impact to end users. Once performance and baseline functional standards are met these changes are rolled out to a small group of customers for testing. Once approved a schedule of rollout to the remaining customers is agreed and executed.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerability scanning and patch management are performed on backend infrastructure and Operating systems on a weekly basis and patches installed on a 2 weekly cycle. Where critical patches or zero day vulnerabilities are identified these are analysed immediately to determine whether immediate patching is required, which begins with testing on replicated systems and evaluating risks to end users.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have a defined process for disclosure and analysis of any breaches and will investigate and analyse with the appropriate teams. Based on the breach severity updates to clients maybe provided as soon as the full details of the breach and impact are identified.
Incident management type
Supplier-defined controls
Incident management approach
We have a defined process for any outages and will update clients via agreed methodologies (typically via phone, email and our cutomer portal) - outage reports are then completed within 24 hours of all resolutions.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Energy efficiency

Energy-efficient datacentres


£42.00 per user per month
Discount for educational organisations
Free trial available
Description of free trial
30 day full trial available of all services.

Service documents

Return to top ↑