Just After Midnight

Azure Cloud Consultancy

From DevOps to Managed Cloud, Content and Editor support. Azure Cloud specialists.


  • AWS and Azure direct partner
  • “Eyes on” up-time monitoring all day, every day
  • 24/7 Managed service with UK/Singapore based staff
  • Infrastructure and application support
  • IAAS, PAAS or Hybrid
  • 24 Hr Incident Management
  • Managed Cloud Consulting
  • Code and content author/editor support
  • CMS website hosting specialisms
  • Migration planning and support


  • Easy to reach, by phone, email or text 24/7
  • Full custom status tool
  • Up to 15 minute response time
  • Security first approach to projects
  • Independent cloud hosting provider offering unbiased advice and agency support
  • Fully managed to reduce client staff overheads
  • Web platform experts on hand to offer the best advice
  • Provides application level support as part of managed hosting contract
  • Each customer has their own infrastructure, no shared services
  • Experienced in CMS specific issues


£750 to £950 per person per day

Service documents

G-Cloud 10


Just After Midnight

Sam Booth



Service scope

Service scope
Service constraints Only standard cloud hosting constraints.
System requirements Not applicable.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times For the Light, Basic and Comprehensive Support Packages Just After Midnight offer the response time is 30 minutes and for the Enterprise Support Package it is 15 minutes. This 24 hours a day.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Yes, at an extra cost
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible It is not accessible with use Zendesk.
Web chat accessibility testing None, as Just After Midnight use a third party application called Zendesk.
Onsite support Onsite support
Support levels There are too many variables to provide standard support costings as the number of services , infrastructure etc, cannot be estimated. Just After Midnight's standard Support Service Level for Application and Plaform SLA would include a P1 initial contact acknowledgement of 30 mins, a response time with diagnosis of 1 hour and a target resolution time of 4 hours. With regards to a P2 issue the initial contact acknowledgement would be 30 minutes, a response time with diagnosis of 1 hour and a target resolution time of 12 hours. Clients can request specialist SLA's for events and certain occasions, providing an advanced SLA. This is available upon request. Just After Midnight has several Technical Account Managers on hand to provide support as required. As it is cloud based service onsite support is often not required. However, for consultancy and if any on premise work is required then this will be handled on an adhoc basis.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Just After Midnight engage with clients and do a full scoping exercise, finding out the background, issues and what a client wants to achieve and agreeing access levels and what they want reporting, in terms of frequency and the different scenarios. Just After Midnight offer ad hoc training as required.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction This needs to be requested from Just After Midnight and can be provided in any format as required. If there is server side applications then the content and data will be zipped and exported in a secure way either through cloud or typically saved on an encrypted drive or disk and couriered securely to the client. This happens within 7 days of the end of the contract this will happen automatically unless the hosting is being transferred and this is not required as they would own it.
End-of-contract process If the services are no longer required they will be backed up prior to termination and held for a maximum of 5 years. Clients will be given content and data as described in the response above.

Using the service

Using the service
Web browser interface Yes
Using the web interface Each user has a login and can access the interface. Users can create and modify tickets using simple point and click actions, but they cannot delete tickets. If users require tickets to be deleted the user would need to contact a Just After Midnight administrator in order to do this. In the case of multiple tickets being created in error Just After Midnight administrators would need to merge and close these accordingly. Server access is granted on user request with strict security precautions, ie IP restrictions and Two-factor authentication.
Web interface accessibility standard None or don’t know
How the web interface is accessible Just After Midnight uses Zendesk which is currently not tested to accessibility standards.
Web interface accessibility testing Just After Midnight uses Zendesk which is currently not tested to accessibility standards.
What users can and can't do using the API The code can be used to integrate it. Limitations are that it is predefined and has parameters and variables which cannot be edited.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
Other API automation tools AWS Cloud Formation
API documentation Yes
API documentation formats PDF
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
Using the command line interface By downloading CLI and then using the tools to gain access. Limitations would be the predefined commands and that its not openly accessible to anyone and is set up on an individual user account basis. The command functions cannot be edited.


Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources Because of the monitoring Just After Midnight have in place (both automated and managed hosting i.e. eyes on) and the services are not shared, they are allocated to one per client.
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics Automated scripts failure reports
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Amazon Web Services and Azure.

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Virtual Machines
  • Databases
  • Cold Repositories
  • Scripts
  • Replicating back-up
  • Snapshot image backup
  • All data backed up is encrypted
Backup controls Scheduled backup can be set up on a request basis. This would be discussed during the scoping exercise and any scheduled backups in the example of new deployments etc can be requested. In addition to the back ups being automated Just After Midnight always has a employees working 24/7 to keep eyes on all systems in addition to computerised responses. Planned deployments will have personnel specifically alerted to the backup who will monitor the back up in order to ensure it has been undertaken as required. The retention policy will be defined by the client as to their individual requirements.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks IP Restriction
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network IP Restriction

Availability and resilience

Availability and resilience
Guaranteed availability On a server side level we will back off to either AWS or Azure, which both offer 99.99% on the server level. The availability that Just After Midnight will be subject to the application. Response times are 15 to 30 minutes from Just After Midnight staff as per the level of support purchased.
Approach to resilience This information is publicly available and can be provided upon request. It is resilient, Just After Midnight user Amazon Web Services and Azure).
Outage reporting Depending on the alert, the Just After Midnight team would be alerted to any outages, and then depending on the severity a ticket would be created, and then the ticket would be generated on Zendesk then the internal system at Just After Midnight would also create an alert to Just After Midnight staff. Depending on the severity of the outage this alters the next steps. A bridge call would be completed in a severe outage otherwise notification would be by email. An incident report is created and this is updated as required, including any recommendations if required, for example a peak of traffic may have caused a blip but this was an anomaly so the client will discuss if they want to increase servers or not.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication Active Directory is also supported.
Access restrictions in management interfaces and support channels Each user has a role and these are permissions based controlled, whether this is in email, through the interfaces, support channels, servers and all other access channels regardless of how they are authenticated. All methods of authentication are encrypted as data in transit.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The British Assessment Bureau
ISO/IEC 27001 accreditation date 18/06/2018
What the ISO/IEC 27001 doesn’t cover The certification covers Just After Midnight's information security management so any third party tools and services would not be covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Third party organisations have relevant security certifications.

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes As per ISO 27001.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach As per ISO 27001. File sharing is version controlled.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Just after Midnight has anti virus and malware protection, these are updated to the latest definitions along with regular patching of OS levels. Any emergency fixes at application level are applied and this is communicated to Just After Midnight through the web and emails. Also penetration testing results are reacted to accordingly.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Just After Midnight use third party tools for this, ie CloudWatch on AWS, and then is an alert which is triggered in the relevant applications, an email is actioned and someone is immediately on the case to rectify it. These alerts are created as a ticket on Zendesk.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Depending upon the issues, logs and history would be collected and would be communicated through Black Channel and Zendesk. Users report incidents via Zendesk, phone or email. Regardless of how the user contacts Just After Midnight a Zendesk report will be generated. Following the report on the incident, Just After Midnight will provide a report with recommendations. The reports are sent by email or can be provided in a different form if required.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £750 to £950 per person per day
Discount for educational organisations Yes
Free trial available Yes
Description of free trial This would be subject to award on an individual basis to reflect that clients specific needs. This is not a standard, Just After Midnight, offering. Please contact us with any queries regarding this.
Link to free trial This would be a free support service as opposed to an application etc.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑