Consider IT

Private Cloud Hosting

Virtualise your servers and services on our secure private cloud hosted in Scotland's only Tier III datacentre


  • Enterprise solution from Juniper and VMWare
  • Fully customisable
  • 100% UK data sovereignty
  • Fully supported by our Network Operations Centre
  • Enterprise class SLAs of 99.995%
  • Fully customisable internet breakout options, MPLS, etc.


  • Pay as you grow, no large capex requirement
  • Hosted in Uptime Institute Tier III Constructed Facility Datacentre
  • Scotland-based
  • 24/7 Network Operations Centre


£200 per instance per month

Service documents

G-Cloud 11


Consider IT

Stuart Gilbertson

0131 510 0110

Service scope

Service scope
Service constraints N/a
System requirements 10mbps minimum bandwidth required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Priority 1 - Response within 30minutes
Priority 2 - Response within 1 hour
Priority 3 - Response within 4 hours
Priority 4 - Response within 4 hours (business hours only)
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Our monitoring systems ensure the service is proactively managed and monitored on a 24x7x365 basis.

Consider IT's Network Operations Centre (NOC) is fully manned 24x7x365.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started New customers will receive details to their provisioned services which allows them full unrestricted access to their instances via their pre-agreed IP address. Consider IT can assist, for an additional fee, in the set-up of any operating system configuration changes, software installs, etc.
Service documentation No
End-of-contract data extraction Consider IT do not charge for off-boarding as standard.

The client has full access to their instances and can arrange to extract data through whatever preferred means they have.

Consider IT can support the client exiting the service, exporting virtual machines at an additional cost.
End-of-contract process At contract end, the instances will be suspended for a period of 14 days, thereafter they will be permanently deleted.

Using the service

Using the service
Web browser interface No
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources All services are hard-provisioned.
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Virtual Machines
  • Databases
  • Files
Backup controls Backups are configured as per customer's requirements and Consider IT's NOC will manage this and provide regular reports.
Datacentre setup Single datacentre with multiple copies
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Consider IT operates a 99.995% uptime SLA. If an SLA is missed, the customer will receive pre-agreed service credits (SLA's are agreed and determined at the contract negotiation stage as part of the overall solution).
Approach to resilience All technology components have been built to be fully resilient, including, compute, storage, network and ISPs
Outage reporting Outage reporting is made available via our online public dashboard.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels All management platforms are segregated and separate to production cloud systems and access is strictly limited.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 26/02/2018
What the ISO/IEC 27001 doesn’t cover N/a
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Independent audit reviews of our ISO 27001 standard policies.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Change management is performed for all changes through our ticketing system.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Consider IT operates a vulnerability management process where all networks and infrastructures are scanned on a monthly basis to identify known vulnerabilities via SIEM platform
Protective monitoring type Undisclosed
Protective monitoring approach Available on request.
Incident management type Undisclosed
Incident management approach Available on request.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider VMware
How shared infrastructure is kept separate Available on request

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres Details on request


Price £200 per instance per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑