IBM United Kingdom Ltd

IBM Cloud Managed Services on z Systems

IBM Cloud Managed Services for z Systems provides a highly available mainframe platform to clients who are transforming to a cloud delivery model (Platform as a Service / z/OS). Providing agile, scalable infrastructure supporting new mobile, analytics & social workloads. Can be enhanced to customise support to fit specific requirements.


  • Server Systems Management
  • Storage Management
  • Security Services
  • Asset Services
  • Data Network Services
  • Server planning & Support (capacity planning, performance management)
  • Business Continuity / Recovery Services (Optional)
  • Print Output Services (Optional)


  • Flexibility and scalability designed to meet business needs
  • Enable consumption pricing
  • Security-rich design with standard delivery, software and state-of-art technologies
  • 30% cost reduction for on-premise IBM System z® computing infrastructure
  • Can help shift from CAPEX to OPEX model
  • Services delivered by IBM mainframe specialists
  • Allow clients to leverage innovation
  • Clients can flex MIPS capacity during peak service demand


£45420 to £45420 per unit per month

Service documents

G-Cloud 10


IBM United Kingdom Ltd

Alice Griffin


Service scope

Service scope
Service constraints Agreement to share hardware in an IBM Data Centre
Maintain Hardware and Software currency at N to N-1 - minimum entry level defined
Agreement to dynamic maintenance - concurrent with service
Agreement to a process to enable the published Service Defined Failover
Provision of rolling 12 month capacity forecast, to be updated every quarter
Compliance with CMS for z IES Certification
Requires ISV Sub-capacity Softcap license agreements
Already agreed with major vendors – generic or by account
Agreement to attach storage using FICON
Agreement to maintain Virtual Network Addressability
System requirements
  • HW and SW currency at N to N-1 - minimum
  • Requires ISV Sub-capacity Softcap license agreements pre-agreed

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Service is 24x7x365. Support response time is allocated based on impact to customer business.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels The standard service can be enhanced at an additional cost with the following options.
1) Hot Standby - Suitable for environments requiring quick recover from unplanned outages and avoidance of planned outages
2) High Availability - Suitable for environments requiring near continuous availability posture
3) Very High Availability - Based on an active-active data sharing sysplex
4) Disaster Recovery
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started User documentation and on-boarding meeting
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction IBM shall make available to CUSTOMER any Machines, Programs, Project Materials that are the property of and/or licensed to CUSTOMER.
End-of-contract process On termination of the contract for any reason IBM will provide reasonable assistance to CUSTOMER to facilitate the end of the Services (should they reach the end of their intended purpose) and/or the effective and orderly transfer of the Services back to CUSTOMER or to enable another party chosen by CUSTOMER (in this provision, a New Service Provider) to take over the provision of all or part of the Services. The following provisions shall apply without prejudicing or restricting the generality of this obligation:
It is agreed that reasonable IBM charges may apply relating to provision of exit management services and that such charges shall be agreed between the parties through the Exit Plan drafting process.

Using the service

Using the service
Web browser interface No
What users can and can't do using the API Bespoke requirements can be discussed at solution stage
API automation tools OpenStack
API documentation Yes
API documentation formats Other
Command line interface No


Scaling available No
Independence of resources Details available on request
Usage notifications Yes
Usage reporting Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Number of active instances
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach Our datacentres have a combination of physical access controls which can be different depending on location. These include
SSAE-16 / ISAE 3402 Physical access control and ISO27001 certification for physical security by Bureau Veritas
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
Backup controls Disaster recovery is available as a service option (at additional cost).
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network Other
Other protection within supplier network Each customer has one or more network security zones consisting of discrete VLANS and VRFs ensuring separation from other security zones unless selectively coupled by a firewall.

Availability and resilience

Availability and resilience
Guaranteed availability Up to 99.999% depending on on Service Options selected
Approach to resilience Details available on request
Outage reporting E-mail alerts and notifications through dashboard

Identity and authentication

Identity and authentication
User authentication Limited access network (for example PSN)
Access restrictions in management interfaces and support channels Strict separation of duties where teams perform different roles. Regular Continued Business Need verification. More details available on request.
Access restriction testing frequency At least once a year
Management access authentication Other
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BVCH SAS UK Branch
ISO/IEC 27001 accreditation date 18/08/2016
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications ISO 27018:2014

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards IBM's Inter Enterprise Security standard
Information security policies and processes Policy will be shared upon customer engagement

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach ITIL V3 compliant processes
Vulnerability management type Supplier-defined controls
Vulnerability management approach We use IBM CIRATS process to identify vulnerabilities and ensure they are addressed in a timely fashion. More details can be provided upon engagement.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Details available on engagement
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach ITILv3 compliant process.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Other
Other virtualisation technology used System z PRISM LPAR technology and disk resource group
How shared infrastructure is kept separate Detailed documentation available upon engagement

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £45420 to £45420 per unit per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑