Sapient Ltd

Amazon Web Services (AWS) Managed Hosting

Our Cloud Hosting service consists of the provision of infrastructure, software and administrative tasks to make applications securely available to clients over the Internet.

We offer clients a global, platform-agnostic service. We are experienced in delivering scalable, secure and rapidly deployed hosting solutions via all of the public cloud providers.


  • Multi vendor based consultancy, platform selection and design service
  • DevOps based provisioning of automated resources using configuration management tools
  • Fully managed SLA based 24x7x365 support
  • In-service capacity and availability management
  • Backup, Restore and recovery services
  • Security services including DDoS mitigation, IPS/IDS, WAF, etc.
  • Proactive platform monitoring for availabity, performance and security
  • Proactve maintenance of entire operating system and technology stack
  • Performance tuning & capacity planning
  • ITIL based service for Change, Event, Incident and Release Management


  • Expertise of a fully accredited AWS Advance Consulting Partner
  • Unique full service managed services offering within a digital agency
  • Over 20-years experience hosting some of the worlds busiest websites
  • A single supplier to take complete responsibility for the platform
  • Understanding of the entire technology stack, including applications and integrations
  • In depth expertise with DevOps to maximise automation
  • ITIL processes underpinned by ServiceDesk portal for efficient service management
  • Efficient management of third parties
  • TCO & ROI management through effective planning and provisioning


£600 per person per day

Service documents

G-Cloud 9


Sapient Ltd

Manpreet Brar


Service scope

Service scope
Service constraints The scope of our services are defined for each client based on their requirements. During the discovery phase of our engagement we ensure that the relevant support, infrastructure, configuration, development, platform, security, data, content and application needs are met based on the request and the scope of the engagement is agreed between both parties.
System requirements System requirements are agreed based on Client needs.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The Service Desk is accessible to named client individuals and any relevant 3rd parties that are responsible for providing services under the Agreement. Our web based incident management portal, provides work flow, audit trail and reporting. The portal is available 24/7 and is monitored for new incidents and requests, users can also request support by telephoning the Service Desk.

Our aim is to meet the following SLA Response Targets is based on 4 levels of Priority
*1-Critical, response within 30 minutes,
*2-High, Response within 1 hour,
*3-Medium response within 8 hours,
*4-Low within 16 hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AAA
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Our managed hosting service is pro-actively managed and monitored by a team of skilled engineers. Incidents and requests are submitted to the web-based Service Desk tool. Further queries can be submitted to the Service Delivery Manager.
The team provides 1st-through-3rd line support, capturing and progressing incidents and requests logged via the Service Desk or monitoring systems, and escalating functionally within the team to appropriate areas of expertise or to Service Delivery Managers in the event of major incidents or client impacting changes. A named SDM and TAM will be allocated to the client. We engage with our clients to design the relevant support model to fit the business needs, this can be 24*7, or Working Hours only. We also define SLAs specific to client needs. Our standard target SLAs for response times are covered by the section on User Support.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We have a defined on-boarding process which encompasses planning the service and assessing the service readiness. This includes:
• Planning key dates for the transition
• Developing risk mitigation plans
• Knowledge Sharing to ensure the team are trained in client specific applications where necessary.
• Acceptance Criteria to ensure that both parties agree on what constitutes service readiness, and allows us to transition seamlessly into a full support model.
• Introduction and Training on the Service Desk for clients and third parties
• Ways of Working sessions to agree how we work with key stakeholders, and define ways to report status
Handover and Transition
The handover phase is designed to ensure that the technical teams gain a thorough understanding of the service and/or applications that are being supported. During transition, a Technical Support Document (TSD) is created which forms the kernel of our knowledge base. This is maintained as a living document throughout the life of the support service and includes details such as release processes, branching strategies, runbook and QA Test Cases (automated and manual) documentation, among others.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Off boarding is a defined process where we engage with the nominated supplier who will be taking over the support services, or client internal team as relevant.

This includes:
• Planning key dates for the transition
• Developing risk mitigation plans
• Knowledge Sharing to ensure the new team have all documentation passed to them.
• Acceptance Criteria to ensure that both parties agree on what constitutes service readiness, and allows the client to transition seamlessly their new supplier.

We will provide all run books and technical documentation, and any source code files required as part of the handover process. Client can nominate whether to receive these directly or whether we work with the nominated supplier.
End-of-contract process The off boarding process is a stand alone cost. Should there be a requirement for this to be an inclusive fee within a fixed term contract this can be negotiated during the contract drawing up process.

Using the service

Using the service
Web browser interface Yes
Using the web interface We identify key delivery objectives of availability, security, scalability and performance for our clients. Based on the requirements, we install and manage the hosting platform on behalf of our clients. As part of our Managed Services, we offer our clients access to the Service Desk. Any required changes to configuration, capacity or security protocols etc, a ticket would be raised to the Service Desk. This is allocated to the relevant team member to carry out the service request, or to work with the client to understand the requirements and provide the fulfillment of the request based on technical expertise and within a controlled change management process. This allows us to offer a seamless, broad and responsible support service to ensure the platform remains operational and successful at all times. Any activities on the production environment will go through a rigorous process including technical assessment, risk assessment, security assessment, approval and all changes that could have a service impact will be scheduled in alignment with client's business needs. All activities on our cloud hosting infrastructure are tracked via an Audit trail to provide an accessible record of implemented changes that can be used when troubleshooting failed changes or assessing post-change impact.
Web interface accessibility standard WCAG 2.0 AAA
Web interface accessibility testing Our service desk is built using the Atlassian Stack which is fully compliant to WCAG 2.0 AAA.

Atlassian carry out regular testing on their tools to maintain accessibility, including assistive technology. This is done across a variety of screen readers and browsers and the recommended combination is to use NVDA with Firefox (PC) and VoiceOver with Safari (MAC).

Should any specific requirements be needed we are happy to liaise with Atlassian on behalf of clients for support in this area.
Command line interface No


Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources By offering a cloud based solution, we ensure that services are independently maintained on a shared infrastructure but independent of each other.

We work with clients to understand the capacity and load baseline requirements, architecting the solution to support these needs and anticipated scalability requirements.

Once in production, our expert network and hosting architecture support teams pro-actively monitor and manage all service supporting components in the underlying data centre or Cloud infrastructure, including shared components such as load balancers, SAN storage and switching infrastructure.
Usage notifications Yes
Usage reporting
  • Email
  • SMS
  • Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Google, Oracle, AWS, Microsoft Azure

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Virtual Machines
  • Content Backups on a defined schedule
  • Database Backups on a defined schedule
  • Configuration and versioning can be managed via Chef or Ansible
Backup controls All machines are backed up fully each week, with daily incremental backups each night. Specific data can be backed up even more frequently if required, for example large, frequently changing databases may require their transaction logs to be backed up hourly. Custom backups can be made to tape for archival purposes. DigitasLBi will work with clients to develop a backup strategy that meets specific requirements.
The service retains backups for disaster recovery purposes only, not for content archiving, therefore only 14 days of backups are retained as standard.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We offer a range of Availability SLAs, from 99.0% up to 99.99%, based on the platform, infrastructure and client requirements.
We use both internal and external monitoring services to monitor all aspects of the platform, every 5 minutes, to ensure availability is measured effectively and accurately.
Our hosting SLA covers all components of the infrastructure, including servers, storage and networking. We can also provide an availability SLA for the applications using our Application Support service.
Service credits are calculated on a percentage of the monthly hosting fees, based on the difference between the achieved SLA and the target SLA. They are credited monthly in arrears.
Approach to resilience We architect our public cloud solutions to utilise the redundant and fault tolerance features of the cloud. Servers are distributed across multiple availability zones and regions and duplicated where appropriate to provide fault tolerance across all disaster scenarios.
The if the applications support it, we ca configure elastic scaling to ensure the infrastructure scales in line with demand, ensuring high performance across all traffic demands.
Where appropriate we can deploy cloud services to replace tradition server base software. This can save cost and provide better resilience and performance. A popular cloud service frequently deployed is database as a service, to replace tradition database servers and software.
We utilise the latest DevOps and Infrastructure-As-Code practices to create dynamic, scalable and resilient applications that are easy to maintain, cost efficient and reliable.
Outage reporting Our Incident Management process guides individual and team behaviour with the aim of detecting and logging incidents and requests and ensuring technical and management teams respond efficiently and effectively in order that requests are fulfilled and service is restored to clients as swiftly and stably as possible.

In the event of an outage, the Service Delivery Manager contacts the client to inform them. Client also has full access to the Service Desk, and is able to configure a dashboard to receive alerts on incidents and track resolutions in real time. Further updates are then communicated using a combination of methods, including the dashboard, ticket updates and incident reports in accordance with the severity of the outage as documented in our Incident Management process.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels The default login for our service desk tools is based on username and password. On request, we can enable a two factor authentication process. This can be extended to 3rd party providers as well.
Access restriction testing frequency At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Jon Russell
ISO/IEC 27001 accreditation date 1/1/1900
What the ISO/IEC 27001 doesn’t cover Our data centre is covered by the ISO/IEC 27001 certification. We carry the principles of the ISO framework through to our development, application management and platform support offerings but these are self regulated.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We apply rigorous processes within our development framework to ensure that we develop, configure and manage applications and infrastructure to meet the security needs of our clients.

If an incident is identified as being a security incident either by an investigating engineer or by a security monitoring system then it is immediately escalated to senior technical colleagues, the service design and architecture team, the service delivery manager and the senior management team form a dedicated Security Response Team.

The incident investigation and resolution then proceeds with an elevated level of priority, and with greater emphasis on data capture and communication to senior internal stakeholders.

If the incident occurs on, or has an impact on a client service then relevant client stakeholders are informed immediately and the further progress of investigation and resolution can involve teams and workflows internal to the client, depending on business impact and compliance issues.

The process downstream of this is tailored to individual clients based on the nature of their business and information security policies.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All significant or potentially service-affecting changes to component configuration are submitted to a change management process where they are technically reviewed, risk-assessed, scheduled and then re-reviewed post-implementation.

The assessment of all changes includes potential security impacts and a full risk analysis of the proposed change.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Security reviews are performed every quarter and discussed at service review meetings. We also offer automated security testing during the release cycle to identify the top 10 OWASP vulnerabilities, plus hundreds of others.
An annual independent 3rd party vulnerability and security testing audit is recommended, using an independent ISO27001 security testing company. A suitable 3rd party vulnerabiltiy and security testing company can be identified as part of the full service offered.
Critical issues found are raised immediately via the service desk to be fixed by the support team under SLA.
Protective monitoring type Supplier-defined controls
Protective monitoring approach A centralised log management platform is used to log and audit access and intrusion detection and non security related activities.

Logs ingested by the CLMP are indexed, providing real-time searchable data for an holistic view of security, allowing multiple (apparently unrelated) logs to be linked in a single security event, enabling rapid real-time issue analysis.

Events can be configured to trigger alerts. If an attack is detected, alerts will be raised and outputs from the logging platform used to create a mitigation response. These alerts are integrated into our support service. All incidents and security events are resolved under SLA.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our ITIL compliant Incident and Request Management process guides individual and team behaviour with the aim of detecting and logging incidents and requests and ensuring technical and management teams respond efficiently and effectively in order that requests are fulfilled and service is restored to clients as swiftly and stably as possible.

Our Service Desk tool enables clients to raise Incidents direct to the support team. Incidents are triaged by a systems analyst and assigned to the relevant support team to resolve under SLA.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate A cloud-based solution, we ensure that services are independently maintained on a shared infrastructure but independent of each other.

We work with clients to understand the security requirements, architecting the solution to support these needs and incorporating best practice approach to security and access protocols.

A Virtual Private Cloud provides complete network layer separation from any other portion of the environment. A VPC acts as a container for any resources in a given region, including virtual machines, storage, security rules, database instances, Cloud Formation stacks etc. Authentication and DNS, span all VPCs – allowing, e.g. global user access control policies.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £600 per person per day
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑