EntServ UK Ltd part of the DXC Technologies Group

DXC Technology Hybrid IT Cloud Services

DXC Hybrid IT Integration Solutions (HITS) enables IT to become a Cloud Service Broker. Business users are able to consume cloud services from multiple providers via a unified catalogue, while IT gains visibility and control over their use, reducing staff workload and optimising budget for cloud services.


  • Hybrid IT Integration Solutions
  • Cloud Brokerage Service
  • Migration and transformation services
  • Managed Container Platform as a Service (PaaS)
  • Aggregated self-service catalogue for IT and Cloud Services
  • Managed hybrid services in a fully integrated solution
  • Hybrid IT Integration Solutions (HITS) delivered as consumption-based
  • Customised Approval Workflows
  • Advanced Financial Management


  • Provides a seamless integration between cloud consumption and ITIL practices
  • IT Department can become a Cloud Service Broker (CSB)
  • Provides automated governance of your defined corporate and regulatory policies
  • Visibility of spending across the services portfolio
  • Increased agility
  • Automated and integrated cloud services provisioning options
  • Robust governance and compliance enablement
  • Enterprise-grade brokering capability
  • Suitable up to OFFICIAL-SENSITIVE
  • Supported by UK Government SC and DV resources


£10000 per instance per year

Service documents

G-Cloud 11


EntServ UK Ltd part of the DXC Technologies Group

DXC Frameworks Team

+44 (0)560 303 4826


Service scope

Service scope
Service constraints The HITS solution is appropriate for organisations that use ServiceNow.
System requirements ServiceNow ITSM

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response time of less than 15 minutes for Priority 1 tickets
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels DXC provides enterprise level support on a 24x7 basis, backed by a comprehensive Service Level Agreement (SLA). The service includes Change, Configuration, Problem, Incident and Event Management.
The target managed Cloud platforms will additionally receive Endpoint Protection and Anti-Malware / Anti-Virus, Patch Management, Access Management. Data backup and restoration.

A designated Cloud Support Engineer is assigned to each customer.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started DXC will provide a comprehensive package of technology and account support to help new customers onboard to the service.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction The provision of the underlying cloud platforms can be novated to the new supplier without the need to extract data. As any other data is held on a dedicated HITS management platform (based on a dedicated ServiceNow instance) this can be readily extracted at the end of the contract.
End-of-contract process DXC provides notice of impending end of contract period. User can then recover data by a variety of means. DXC close services at end of contract, data is retained post contract until user confirms data has been recovered.

Using the service

Using the service
Web browser interface Yes
Using the web interface Users can manage all aspects of the service using the DXC Management Portal.
Web interface accessibility standard None or don’t know
How the web interface is accessible Users can manage all aspects of the service using the DXC Management Portal.
Web interface accessibility testing Users can manage all aspects of the service using the DXC Management Portal.
What users can and can't do using the API When users issue their “build” command to compile the application, the build process can make an API call at the end to fully provision what has been compiled to automate the development process end to end.
API automation tools
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Puppet
  • Other
Other API automation tools DXC Bionix - Our data-driven approach to intelligent automation
API documentation Yes
API documentation formats HTML
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources The ServiceNow instance, on which the HITS service is built, is dedicated to each customer/department and is therefore not impacted by other users.
Usage notifications Yes
Usage reporting
  • Email
  • Other


Infrastructure or application metrics Yes
Metrics types
  • Number of active instances
  • Other
Other metrics
  • Financial Reporting
  • Provisioning and workflow status
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold AWS, Azure, VMware, ServiceNow

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • All data located on DXC-managed Cloud services
  • ServiceNow databases, including CMDB
Backup controls Backup schedules are agreed during customer Onboarding.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network VLAN

Availability and resilience

Availability and resilience
Guaranteed availability Resilience configurations offering server availability up to 99.99%
Approach to resilience The HITS service can be configured to run from multiple ServiceNow instances located over geographically isolated datacentres. Underlying Cloud platforms can also be configured to run over multiple datacentres (Availability Zones and Regions).
Outage reporting Email alerts and dashboard

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to management interfaces and support channels is restricted through a combination of username and passwords, multifactor authentication, firewalling, IP restrictions, the use of bastion hosts as appropriate.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 23/09/2015
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 29/11/2016
CSA STAR certification level Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover N/A
PCI certification No
Other security certifications Yes
Any other security certifications
  • FedRAMP
  • Cyber Supplier to Government
  • Cyber Essentials
  • PSN Assured and PSN Protect

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes DXC information security policies and processes are accredited to ISO 27001 and comply with National Laws and Industry Policies where applicable.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Configuration and Change Management conducted to ITIL Standards.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Vulnerability and Patch Management are delivered in line with specific policies which are verified as part of the CSA Star and ISO27001 certifications.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Protective Monitoring is provided in line with GPG13 requirements.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incident Management follows documented Security Incident Management Policies and Process which are verified as part of the ISO27001 and CSA Star Certifications.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres Amazon maintain their own datacentre certifications.


Price £10000 per instance per year
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑