Castleton Technology Plc

Castleton Hosted Services

We deliver a range of services from fully managed Desktop as a Service to Backup as a Service/ Disaster Recovery as a Service. Our cloud services are delivered from our Tier 3 ISO 27001 accredited data-centres. We deliver flexible, bespoke solutions tailored to individual customer requirements


  • Remote access to service any time, any day
  • Remote access over the Internet from any device
  • Fully managed platform
  • Automatic software updates
  • High Availability
  • Real time monitoring
  • Disaster recovery
  • Data protection to include perimeter security to systems
  • Backup management
  • Out of Hours support cover


  • Opex pricing model - No expensive infrastructure refresh costs
  • Mobile working
  • Subscription model - capital expenditure free
  • Reduced Infrastructure costs and maintenance
  • Document control of corporate data
  • Scalability & Flexibility to increase of decrease resource requirements
  • Environmentally friendly
  • Access to latest Microsoft products
  • Common desktop experience across multiple types of devices
  • Ease of access to corporate date and sharing of information


£50 to £150 per user per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

3 2 2 8 4 5 2 9 7 2 1 4 2 0 5


Castleton Technology Plc

Bid Management


Service scope

Service constraints
Subject to software vendors application compatibility, where possible the latest releases of Microsoft and VMware licensing are to be deployed. Periodically and at approved time planned maintenance of the hosted environment will be undertaken with ensuring the platform and virtual machines are meeting each technologies and manufactures patching and operating levels. In the event of a critical notification from a manufacture the affected hardware or software will be addressed. On an annual basis the customer will be encouraged to undertake a recovery test by invoking a Disaster Recovery within our isolated environment
System requirements
  • Suitable Internet connectivity speed
  • Suitable end user hardware - e.g Winterm, PC, Laptop, Tablet
  • Subscription to a desktop anti-virus product
  • Perimeter office firewall
  • Comms link redundancy subject to number of users per location
  • Robust LAN switches with redundancy subject to number of users
  • Structured cabling or a suitable wifi solution with adequate coverage
  • Mains protection of local devices, routers, firewalls and network switches
  • Adequate SLA with internet service provider to meet business needs
  • Asset register of connecting devices to include operating systems

User support

Email or online ticketing support
Email or online ticketing
Support response times
All of Castleton’s support services are initially provided by our Service Desk, which is the first point of contact for any faults or IT requests. The standard features are:
Direct access to our UK based Service Desk team via telephone, email or self-service web portal. Email & web portal access is available 24/7. Available Monday to Friday 07:300 - 21:00, excluding weekends & Bank Holidays.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
As an experienced provider of services for the Social Housing sector, we have robust processes to provide support to our customers.
We provide full end to end support; 1st, 2nd & 3rd line IT support across 5 levels of SLA, from desktop user support, to infrastructure support, management and configuration. An example of 1st line would be a password reset for an end user, and an example of 4th line would be investigation into core service failure. All levels are included within the service cost.
A nominated Service Delivery Manager (SDM) reports against service deliverables and performance. Regular Reporting-Service Management is coordinated by an Account Manager, Service Delivery Manager (SDM) and a Technical Lead. Between them, they manage Commercial Change, Service Delivery and Technical Operations respectively. As individuals and as a joint group each member is responsible for managing the customers support services. This team works closely with the customer to manage service delivery and coordinate service improvements throughout the life of the service.
The option for a technical account manager is available but this is specified within the individual customer contract.
Support available to third parties

Onboarding and offboarding

Getting started
The onboarding process is subject to the size of a clients infrastructure or desktop requirement. In most cases a staging server is located onsite that acts as a transport layer for migrating servers and associated data to our hosting platform. At an agreed date typically over a weekend the on-premise infrastructure will be powered down and hosted servers made live for user acceptance testing. Following successful testing all external services such as email delivery will be enabled.

For large organisation with many servers, the staging server environment will be transported to our data centre over an agreed weekend

We offer several levels of training
1. Onsite - To customer's ICT team on how to administrate a managed desktop to support their end users at a first line level

2. Onsite - Train the Trainer whereby we train "super users" within the business who in turn train the users

3. Onsite - Direct end user training

4. All processes are described within a documented procedure manual.
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
MS Projects
End-of-contract data extraction
The offboarding process is agreed individually with each customer and timescales will be subject to size of estate to be migrated, data will be extracted via SQL reporting.

Following consultation with the customers new service partner, an agreed method that follows industry best practice and standard formats for migrating data will be implemented. In all cases the data will be encrypted and provided to the new provider in person or by the means of a door to door delivery. All documentation to include passwords will be handed over during this transition process. Once the data has been received at the agreed date information being held on our platform will be destroyed using an approved removal tool and a copy of the removal notice confirmation will be issued to the customer.
End-of-contract process
Data is deleted and the service components are deactivated.
Data extraction is included within the price of the service.
Data migration would incur additional cost .

Using the service

Web browser interface
Using the web interface
Users can log and assign tickets, use the web portal to add notes and updates and resolve the tickets.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Via a standard browser with secure login.
Web interface accessibility testing
What users can and can't do using the API
The API is mainly used for inputting information into the system but values can be pulled from it as well if configured properly. We are able to provide documentation regarding our API. Our API is documented in a PDF document that help explains the setup for it and the basics of how it can be configured.
API automation tools
API documentation
API documentation formats
  • PDF
  • Other
Command line interface


Scaling available
Scaling type
Independence of resources
Yes. We monitor the services and scale our infrastructure as appropriate.
Usage notifications
Usage reporting


Infrastructure or application metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
Encryption of data using AES 256bit
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • Virtual machines (image level)
  • Windows VSS consistent files & databases
Backup controls
Backups are managed by ourselves as part of the service. The following are agreed with the customer on a per server/application basis;
1. Backup interval (e.g hourly, daily)
2. Data retention (e.g 1 week, 1 month, 1 year)
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Individual SLA's are provided on a per contract basis.

Any service refunds are provided on a per contract basis based on service credits.
Approach to resilience
Our service architecture is available on request.
Outage reporting
Service outages and scheduled maintenance are notified via email to designated account contacts.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
No management interfaces are provided to customers.

Support interfaces are provided to individual users and restricted based on their standard logon credentials
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Whilst we maintain the systems on behalf of our customers, the customer remains the Data Owner and as such are responsible for the implementation of appropriate controls and ensuring their staff adhere to their security policy and processes.

We are responsible for the underlying architecture and are in the process of working to ISO27001 accreditation hence our processes are based on that framework.

The Datacentre adheres to ISO27001 for physical security.
Information security policies and processes
For our Front office system, the customers are their own data owners and as such are responsible for their own security policies and processes.

For our Back Office systems, all staff adhere to our security policy (available on request). All breaches are reported to the Functional Department Heads who are responsible for reporting to our Services Director.

Our Services Director is responsible for reviewing and enforcing our security policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our change management process ensures that all changes are necessary, documented, efficiently implemented and with minimal disruption.

Each change is managed by a document which defines details of the change, the priority and impact of the change, the reason for change, risks associated with the change, a back out plan and effects of this not being implemented.

The document is submitted to our change team who review and agree if the change will go ahead based on all the above factors.
Vulnerability management type
Vulnerability management approach
Vulnerabilities for our key platforms are monitored through vendor notification.

We undertake scheduled, periodic updates of patches to our systems. Patches for critical updates are assessed independently and may be implemented ahead of the period updates.

All patches are applied in line with our change management process.
Protective monitoring type
Protective monitoring approach
We collect and log data based on activities of both systems and users. These are then reviewed and audited in near real-time. Adding both prioritisation and intelligent base lining enabled critical alerts to be raised and actioned by the correct engineer at the right time.
Incident management type
Supplier-defined controls
Incident management approach
We have defined process for logging, recording and resolving incidents. We aim to restore the service to our customers as quickly as possible, often though a fix or a work around. For common events we used pre-defined knowledge bases to allow knowledge transfer across the team. Incidents can be reported in three ways; telephone, email or via our online portal. Incidents reports vary on a customer by customer bases and are designed to meet each individuals requirements.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
How shared infrastructure is kept separate
Each customer is delivered as a private tenant.

Each private tenant is provisioned with their own private network(s), secured by VMware virtual networking to ensure no communication between customers.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
The Castleton datacentre sources all data centre power from 100 per cent renewable sources including wind, hydro and solar.

Since 2010 our datacentre provision has led the industry in sourcing all mains connected power (180 MVA) from renewables and in 2014 became the UK’s first data centre operator to receive a Climate Change Agreement (CCA) from the Government.


£50 to £150 per user per month
Discount for educational organisations
Free trial available

Service documents

Return to top ↑