Space Data Centres

Windows Server Platform

Deployment platform for Windows OS dependent software. High availability for cloud services and applications.


  • Windows Server 2016 OS Layer
  • Up to v128GB vRAM
  • Dedicated virtual resources
  • Microsoft SQL
  • vStorage up to 480GB SSD Raid 10
  • vDisk Storage up to 4TB Raid 5


  • Secure UK Hosting
  • Cisco ASA private vLan


£484 to £2420 per server per month

Service documents

G-Cloud 10


Space Data Centres

Andy Gilbert


Service scope

Service scope
Service constraints Our SLA provides a 99.999% operational up time, we will notify any client 2 weeks prior to out of office hours planed maintenance if the platform is effected or required. Support covers the infrastructure and OS layer.
System requirements
  • Windows client machine for remote management
  • Internet connectivity for access to management desktop

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 4 hour response time, however most issues are resolved at point of contact
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Via our support portal
Web chat accessibility testing Tickets raised are routed to key personnel depending on platform deployed and nature of issue raised
Onsite support Yes, at extra cost
Support levels Account managed by a space management team member

Key technical contact with direct access to them
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Support for is provided by telephone, ticket and email to help launch the project
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction A full back up is provided, a data dump of all information held
End-of-contract process Should you wish to continue a rolling contract of 30 days is in place unless otherwise requested, should a client wish to terminate services after completing the term there is no additional penalties

Using the service

Using the service
Web browser interface Yes
Using the web interface Remote Desktop to Server, ESXi platform
Web interface accessibility standard None or don’t know
How the web interface is accessible Via RDS client securely
Web interface accessibility testing Industry standard testing and patches direct from Microsoft
Command line interface Yes
Command line interface compatibility Windows
Using the command line interface Dependant on user level requested, admin will have full control to allow for deployment


Scaling available Yes
Scaling type Manual
Independence of resources Dedicated virtual resources
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Hardware containing data is completely destroyed
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • VPS
  • File and Block level
Backup controls Full customisation of back up schedule to suit
Datacentre setup Single datacentre with multiple copies
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Our SLA provide 99.999% operational uptime,
4. Compensation
4.1. Compensation will be credited in the following circumstances.

4.2. Outage due to loss of power -
4.2.1. Space Data Centres will provide one day service credit for any full hour of down time caused by the total loss of power to customer’s equipment. This is limited to a maximum of 4 hours per outage instance.

4.3. Outage due to loss of core network -
4.3.1. Space Data Centres will provide one day service credit for any full hour of down time caused by the total loss of connectivity to customer’s equipment. This is limited to a maximum of 4 hours per outage instance.

4.4. Customers must raise a support ticket to register a compensation claim

4.5. Customer breaching any Space Data Centre terms will not be entitled to compensation

4.6. Compensation
4.6.1. Will not exceed one week’s service cost in any one month of service provision.
4.6.2. Service credit is calculated using the following equation –

(Monthly service cost/(365/12))=Daily service cost
Daily service cost x Complete outage hours = Compensation credit amount
Approach to resilience We are an ISO27001 data centre all services use dual power and cooling and resilient ro2 connections
Outage reporting Email alerts and telephone

Identity and authentication

Identity and authentication
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels 21.1. To ensure that only authorized users gain access to SDC information systems. SDC use strict management of User access rights.
21.2. Initial systems access rights are assign following staff integration procedure

21.2.2. Section 2 of the HR Management Policy

21.3. To gain access to information systems, authorized users, as a means of authentication must supply individual user passwords. These passwords must conform to certain rules contained in this document.

21.4. Who is affected: This policy affects all employees of SDC and its subsidiaries, and all contractors, consultants, temporary employees and business partners.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through Dedicated device over multiple services or networks

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 UKAS Auditor "Approachable Certification"
ISO/IEC 27001 accreditation date 22/01/2018
What the ISO/IEC 27001 doesn’t cover All aspects of SDC are covered
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification GoCardless
PCI DSS accreditation date 02/01/2017
What the PCI DSS doesn’t cover All aspects of SDC are covered
Other security certifications Yes
Any other security certifications ISO9001

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Acceptable Use Policy (AUP)
Information Asset List
Auditing Policy Document
Business Continuity Plan
Customer confidentiality Agreement
Data Centre Infrastructure Document
(Incorporates monitoring Policy)
Document Control Policy Document
Facility Access Policy Document
Facility Usage Policy Document
Health and Safety Policy
HR Management Policy Document
(Incorporating the Remote Working Policy, BYOD Policy and Clear Desk Policy)
IT System Management Procedure
Management Review Policy Document
Purchasing Policy Document
Information Security Risk Assessment
Security Management and Improvement Policy
Service Level Agreement Document
Terms and Conditions Document
Policy document Wi-Fi access usage

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach 2. Change Control (Management)
2.1. Changes to the ICT infrastructure must only be undertaken by authorised personnel
2.2. working in an IT function/capacity (or contractors, vendors etc., authorised by SDC) and are subject to auditable procedures in accordance with SDC’s Information Systems Auditing Procedures:
2.2.1. Changes to SDC ICT infrastructure and operational systems must be controlled with a formal, documented change control procedure. The change control procedure should include references to:
2.2.2. A description and reason for the change
2.2.3. Information about any testing phase(s)
2.2.4. Impact assessment including security, operational etc.
Vulnerability management type Supplier-defined controls
Vulnerability management approach 18. Network Security Management
18.1. The management and security of the data and communications network is critical to ensuring the integrity and security of SDC’s systems and data. The following controls must be applied:

18.1.1. Operational responsibility for networks should, wherever possible, be separated from computer operations activities
18.1.2. There must be clear responsibilities and procedures for the management of remote equipment and users
18.1.3. Where appropriate, controls must be put in place to protect data passing over the network e.g. encryption
18.1.4. Web filtering to ensure prevention of access to malicious websites
Protective monitoring type Supplier-defined controls
Protective monitoring approach 7.1. All monitoring is carried out by automated systems which will monitor/log and alert if any thresholds are exceeded.
Incident management type Supplier-defined controls
Incident management approach 5.1. Once an incident has been confirmed as real the support team will carry out further investigation and a plan will be devised to reduce/stop the threat ensuring it cannot happen again.
5.2. This response will consist of the following:
5.2.1. Threat level response decided
5.2.2. Documentation of incident via the support system.
5.2.3. Understand the issue
5.2.4. Stop the issue from happening, for example. Disconnect device from the network. Change firewall rules to affected device.
5.2.5. Understand what is causing the issue
5.2.6. Contain the issue
5.2.7. Devise a fix for the issue

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £484 to £2420 per server per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑