RDF Cloud Hosting Services

RDF Group Cloud Hosting Services help organisations move from traditional legacy systems and infrastructure to cloud-based architectures and applications. We support our clients to deliver cloud-based systems and services that meet the UK Government Technology Code of Practice and Digital Service Standard.


  • overall cost and risk reduction
  • change management
  • cloud strategy and adoption services
  • cloud managed service
  • Business Analysis as a Service
  • Developement as a Service
  • Project Management as a Service
  • DevOps as a Service
  • Architecture as a Service
  • Remote/On/Off site capability


  • reduce operational expense
  • secure and low risk hosting services
  • guided transition with the assistance of our consultants
  • guided transition with the assistance of our consultants
  • Gain the flexibility to address growing needs
  • All resource employed permanently mitigating any IR35 Risk
  • No utilisation or long term commitment needs
  • Remote/Onsite Capability


£250.00 to £950.00 a person a day

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at iain.marr@rdfgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

3 0 7 2 9 0 5 5 5 8 2 7 0 5 8


Telephone: 01312202645
Email: iain.marr@rdfgroup.com

Service scope

Service constraints
RDF are able to expand our offering and services to scale to client needs. Each individual project is assessed for risk, resource need and capacity.
We do not use in-house penetration testing. We hire 3rd parties to maintain objectivity in our security assessment procedures.
System requirements
System requirements will be specified during client engagement

User support

Email or online ticketing support
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
RDF Group can provide standard support Monday-Friday 8-6pm. A technical account manager or cloud support engineer will be appointed, as requested.
Support available to third parties

Onboarding and offboarding

Getting started
To help users get started, RDF provides dedicated staff to train and set up accounts for access to documents and tutorials to help our clients begin using our service. In addition, clients can nominate higher responsibility individuals and provide bespoke one to one training on more critical tasks.
A dedicated team will be available to engage regularly at the client's request.

Should an organisation require additional support as part of the on-boarding process, such as project management, detailed technical design (etc) - this can be made arranged during client engagement
Service documentation
Documentation formats
End-of-contract data extraction
Data can be extracted and supplied to users in whichever format they choose. RDF are flexible to suit our client's needs. If larger migrations are required then this can be performed with the assistance of our dedicated support team. Resource is made available on request.
End-of-contract process
Where a client chooses to terminate their subscription with RDF, we are able to provide support for data extraction and/or migration where reasonable. We will agree a point of service termination with the client when the transition is complete. At this point, our dedicated support and technical teams will cease to provide any services. We will work to ensure that this transition is seamless.

Using the service

Web browser interface
Command line interface


Scaling available
Scaling type
  • Automatic
  • Manual
Independence of resources
Our key performance indicators, detailed in client agreements are constantly checked against SLA’s to ensure compliance and We have a dedicated team for each client ensuring that software is kept up to date and security updates are applied urgently, in addition to a dedicated technical support team. We also offer managed service dedicated teams, who are employed on a PAYE basis which mitigates any IR35 risk to end customer and can be used as augmented contract resource. Our resources can be provided as teams or as individuals covering specialisms such as project management, analysis, development and DevOps.
Usage notifications
Usage reporting
  • API
  • Email
  • Other


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
Reporting types
  • API access
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • Documents
  • Emails, instant messaging conversations on in-house apps
  • Code, virtual machine data, databases
  • Call data
  • VOIP calls and data
Backup controls
Schedules, content and structure of data are agreed with the client during our initial engagement. Our teams will work with the client to ensure that their data is stored securely and backed up in accordance with their needs.
Datacentre setup
Single datacentre with multiple copies
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
SLA subject to individual contract as required.
Approach to resilience
Available on request
Outage reporting
We are able to provide a live dashboard in addition to Email alerts. Additional measures can be agreed with the client during engagement.

Identity and authentication

User authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access is only granted to users that have been approved by both RDF and the client. Any users not approved will not have access to the service and will not be given any log in details. Any approved users will be given credentials from the technical support team, and only given access to areas agreed with the client. Technical support team will only communicate with approved individuals. Any non-approved individuals will need to be approved by the nominated client management contact.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
RDF employ a third party to perform penetration testing and ensure that all software is up to date with the latest vulnerability patches analysed and implemented in an impartial manner. Gaps and vulnerabilities are logged and given a severity and urgency level, before being added to a backlog of high priority changes to be added to the system. Changes are performed in line with our SLA's with the client and reports are regularly generated to keep clients updated about changes and patches made to the system. We can also provide managed test teams to work on/offsite.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
RDF have a protective monitoring system where all logs are centralised and checked on a daily basis for security breaches using several key search filters. Alerts are sent out for high risk activity and are pro-actively responded to by the operations and security teams.
Incident management type
Supplier-defined controls
Incident management approach
Incident management processes are agreed with each client during engagement. Typically, incidents are logged with our support team and managed in accordance with our agreed SLA's. Incidents are marked with a severity and then progressed by our technical support teams.
Clients are regularly provided with reports regarding incidents, frequency and content of these reports are agreed with clients during engagement

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Energy efficiency

Energy-efficient datacentres


£250.00 to £950.00 a person a day
Discount for educational organisations
Free trial available
Description of free trial
2 Weeks free trial of all our resources

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at iain.marr@rdfgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.