OryxCloud Infrastructure as a Service

OryxAlign Infrastructure-as-a-Service (IaaS) removes the on-premise complexity of your infrastructure, allowing you to focus on business.

Infrastructure excels when it’s invisible, requires minimal management, is risk-free, and it scales intelligently with your changing needs. IaaS turns your IT environment into a strategic function that aligns directly to support your business.


  • Unlimited scalability
  • Managed infrastructure support, monitoring and maintenance included
  • 99.95% guaranteed availability
  • Rapid deployment
  • 24x7x365 Support & Management


  • Unlimited scalability to match operational demand
  • Highly-available IT infrastructure with security and data-protection at the core
  • Zero capex investment with maximum return
  • Managed infrastructure support, monitoring, and maintenance included as standard
  • Fully & geographically dispersed DR-protected environment


£10 per gigabyte

Service documents

G-Cloud 9



Peter Schwartz



Service scope

Service scope
Service constraints N/A
System requirements N/A

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard support hours are Monday - Friday, 8:00 AM - 8:00 PM, excluding public holidays. We also have an on-call engineer for any out-of-hours or critical faults. Out-of-hours support will be charged on an hourly basis. Response times are as follows: Critical - 30 minutes, High - 1 hour, Medium - 2 hours, Low - 24 hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels We offer standard support (8:00 AM - 8:00 PM, M-F, excluding public holidays) or 24x7 support, the cost of which depends on the number of users and the number of devices supported. We can provide either a technical account manager or cloud support engineer, based on the level of the issue.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started User documentation, on-site training if necessary
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data is requested from Account Manager, then data is provided in the format of their choice to either the customer or their new supplier with customer authorisation.
End-of-contract process Contract will include full scope of the project to be agreed upon by both parties prior to work commencing. Any out-of-scope work will be charged. User must provide notice of intent to cancel as per notice period or contract will be automatically renewed.

Using the service

Using the service
Web browser interface Yes
Using the web interface Users can request changes and report issues using the web interface.
Web interface accessibility standard None or don’t know
How the web interface is accessible Captions, correct tags, and image descriptions are used throughout the programme. It also follows meaningful sequence, use of colour, contrast, text resizing, page titled, multiple ways, language of page, and
consistent navigation.
Web interface accessibility testing N/A
Command line interface No


Scaling available No
Independence of resources Efficiency audits when scoping the project, 24x7 monitoring
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Cisco, Dell, Meraki, HP, Netgear, VMware, Microsoft

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Virtual machines
  • Databases
Backup controls Standard backups are daily, users can nominate a different schedule.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Disc encryption and separate vlan's

Availability and resilience

Availability and resilience
Guaranteed availability 99.95%
Approach to resilience Available upon request.
Outage reporting Email and text alerts to affected users.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access in management interfaces is restricted to a management network, only accessible by necessary support staff.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The British Assessment Bureau
ISO/IEC 27001 accreditation date 03/08/16
What the ISO/IEC 27001 doesn’t cover All managed technology services are covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Our reporting structure is as follows: Service Desk Engineers > Service Desk Team Leader > Service Desk Manager > Head of Operations > Technical Director; Datacentre Team > Technical Director; Project Engineers > Project Manager > Head of Operations > Technical Director We follow ISO 27001 and 9001 internal processes and perform monthly audits to ensure procedure is being followed and documented properly.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change requests are submitted through the customer portal and are assessed by the technical team to ensure suitability. Documentation is then made to track all changes made.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Potential threat awareness comes from our monitoring systems which are updated constantly. Patches are deployed as soon as they are made available and tested with existing products. Threat assessment is made by the technical team each time a threat is brought to their attention, whether through another employee, through our monitoring system, or through another channel, and preventative measures are put into place.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our monitoring system is constantly running to instantly notify us of any compromises. If a breach is detected, the system will automatically mitigate the threat by quarantining the affected files and our team will be notified. Compromises are treated as "critical" incidents and our response time is 30 minutes. Once the breach is controlled, the affected users will be notified and a mitigation and resolution plan is put in place.
Incident management type Supplier-defined controls
Incident management approach Yes, we have pre-defined processes for common events covering data, hardware, hosted, information, LAN, local clients, mail, mailbox, maintenance, mobile, monitoring alerts, phones, printers, reports, servers, software, user management, viruses, VPN, WAN, WiFi, and workstations. Users report incidents either via phone, customer portal, or email, and incident reports are tracked via our system. They are reviewed internally regularly, and can be provided to customers when requested.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Using virtualisation technologies as well as vlan's at the network layer.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £10 per gigabyte
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑