Bramble Hub Limited

Bramble Hub xc360 - 360 Cloud

Provide for individual applications, through to full server hosting, as well as platform and workspace as a cloud service. We can deliver just OS or email, database, file storage, backup, dr and support for the entire cloud solution as well as design bespoke cloud solutions to suit specific needs.


  • Managed and supported by technology experts
  • Bespoke service design to suit needs
  • Automatically patched and updated operating systems
  • Provider Independent to meet customers needs
  • Scalable based on Usage needs and performance requirements
  • Highly secure and multi layer protection
  • Windows, Vmware, Hyper-V, Linux, Xen and much more
  • Enterprise monitoring through solarwinds, Kaseya, and in-built tools
  • Multisite protection and redundancy
  • IASME and CyberEssentials Certified


  • Scalable to suit your technology needs
  • Flexible support to provide just the right level of assistance
  • Highly Available
  • Highly Secure
  • UK based Support and UK Based Service
  • Uptime Guarantees


£42.00 per user per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11


Bramble Hub Limited

Roland Cunningham

+44 (0) 2077350030

Service scope

Service scope
Service constraints Scheduled maintenance maybe carried out periodically and notified in advance and always outside of normal operating hours. Systems and services maybe unavailable during these times.
System requirements
  • Provision of 3rd Party software licencing
  • Subscription to any 3rd Party Assurance / Support Services

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Dependant on nature of questions. Support related issues are responded to under 10minute , 45minute and 2hour SLA's. Non support related questions are responded to within 2 hours where possible.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Our Support Is provided by way of number of devices or users accessing the cloud services and if provided for, are all inclusive for onsite visits - however are dependant on the cloud service we are supporting access to and are dependant on the coverage hours. As standard, email, live chat, customer portal and phone support are included.

Customer Account managers are assigned as standard and annual reviews held at a minimum. Reporting and technical account managers are also available dependant on the service.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a welcome pack detailing the services being provided, we introduce the service and support teams to the users, provide hand holding and onsite training where required and provide an in depth user guide for all features. Web based knowklegebase access is also provided to allow users to find useful guides when required.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction A complete handover process is initiated which provides for complete data extraction on either removable media or via secure transfer protocols.
End-of-contract process On contract cease a data dump is taken of all data and provided to the customer.

Using the service

Using the service
Web browser interface Yes
Using the web interface Our Service is managed by our team of experts and although access to administrative tasks, such as managing users, accounts and files and applications can be provided, we typically carry these tasks out on request through proper controls and procedures. The web Interface is just an interface into the platform, it does not allow for changes to be made.
Web interface accessibility standard None or don’t know
How the web interface is accessible Through SSL and optionally through 2 factor authentication.
Web interface accessibility testing None
Command line interface No


Scaling available No
Independence of resources State of the Art load balancing ensutes resources are kept well distributed to reduce impact on other users, additionally our infrastructure is always under provisioned to allow for spikes and iunexpected peaks. Smart Monitoring identifies potential performance impacts and experts are immediately notified to investigate and resolve.
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • File
  • Virtual machines
  • Configurations
  • Databases
  • EMails
  • Application files
  • Physical servers
Backup controls To elimintate missing backups users cannot control or change backup schedules or targets.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability SLA's are determined and agreed specific to each project based on the individual requirements of each project and customer and the capabilities of the teams and resources we have in place. We can cater for a number of varied SLA provisions. As standard we offer helpdesk services available via phone or email direct to an engineer.
Approach to resilience Specific service / Solution resiliency information is available on request and entirely dependant on the hosting solution designed and provided for.
Outage reporting Email alerts are provided as standard and additional reporting available dependant on the criticality of the service provided.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Management interfaces are never publicly presented and are only accessible via specific IP addresses. Usernames and passwords for access are only provided to individuals who access is required and are changed frequently to avoid breach - where feasible 2FA is always enforced and brute force protection enabled. These passwords are of a minimum length and complexity and are only ever stored in secure password tools.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication IP access restrictions
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have an internal Information Security policy covering most every aspect of Infoirmation security, each employee is fully versed with the policies and undergo training to ensure the policy is adhered to. We conduct regular security checks, both via automated means and manual checks. we follow a cycle of continuous improvement, and ensure any new tools and services meet our stringent security parameters before engaging.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Changes to configurations / software and tooling go through a cycle of impact testing on replicated systems without impact to end users. Once performance and baseline functional standards are met these changes are rolled out to a small group of customers for testing. Once approved a schedule of rollout to the remaining customers is agreed and executed.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Vulnerability scanning and patch management are performed on backend infrastructure and Operating systems on a weekly basis and patches installed on a 2 weekly cycle. Where critical patches or zero day vulnerabilities are identified these are analysed immediately to determine whether immediate patching is required, which begins with testing on replicated systems and evaluating risks to end users.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have a defined process for disclosure and analysis of any breaches and will investigate and analyse with the appropriate teams. Based on the breach severity updates to clients maybe provided as soon as the full details of the breach and impact are identified.
Incident management type Supplier-defined controls
Incident management approach We have a defined process for any outages and will update clients via agreed methodologies (typically via phone, email and our cutomer portal) - outage reports are then completed within 24 hours of all resolutions.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres No


Price £42.00 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial 30 day full trial available of all services.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑