zsah Limited

zsah Cloud Hosting Services

GDPR compliant cloud management services providing web hosting, IaaS, PaaS, SaaS - with UK 24/7 support. Can work in partnership with your own IT systems and teams with private cloud or public cloud service providers e.g. AWS (Amazon Web Services), Microsoft Azure, Google Cloud in a hybrid cloud environment.


  • Managed public, private and hybrid PAAS and IAAS cloud solutions
  • World class UK data centres (tier 3/4), 99.99% availability
  • 24/7 managed service from UK based support team
  • Fully scalable server and networking solutions covering all technologies
  • Full connectivity solutions including leased and dedicated lines, LAN/WAN extensions
  • ISO9001 / ISO 27001 / Cyber Essentials accredited services
  • Technology accredited team including VMWare, Microsoft, Cisco, CCNA, HP
  • Full range of customised SLAs and response times
  • Remote access: mobile solutions; Genesys, Avaya; SkypeforBusiness (Lync), etc
  • Technologies provided include Windows, Linux, SQL, Intel, AMD etc


  • UK based 24/7 support provides availability and incident management
  • Reliable, easy to reach, rapid incident response and support
  • GDPR compliant UK based data centres
  • Scalable solutions tailored to your requirements; optimised cost
  • Maximise efficient use of computer resources; low carbon footprint
  • Database services and support to maximise efficiency and resilience
  • Disaster recovery options to reduce risks to your operations
  • Legacy technologies support and migration – mitigate risks and costs
  • Technology refresh / asset management – reduced costs / OPEX
  • All industry technologies supported to reduce need for migrations


£55 per virtual machine per month

Service documents

G-Cloud 10


zsah Limited

Alex Lane

020 7060 6032


Service scope

Service scope
Service constraints Services have no constraints - zsah can tailor all services to specific requirements, including working alongside other IT systems and infrastructure, including AWS, Azure and others. Services are fully scalable and are supported 24/7. We can work with AWS, Azure and also we can manage the AWS and Azure platforms.
System requirements
  • No specific system requirements; can be tailored to any need
  • No minimum requirements

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 24/7 support is available. Standard response time is within an hour, and all contracts have agreed SLAs for response times tiered by severity levels.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Support is based on customer requirements and can be tailored.
Zsah IT engineers provide Level 1, 2, and 3 support including technical support, hosting queries, service management handling, and data backup plans.
Tiered support comes as part of the package. Inclusive on-site support is negotiable depending on frequency.
We have a team of highly skilled cloud support engineers that hold various vendor certifications including Microsoft, Cisco, VMware, Oracle, Sybase, Prince 2, Scrum.
We provide a dedicated technical account manager along with cloud support engineers, and a support ticket system.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A full range of support options is available from zsah’s UK support team, from ad-hoc support and technical questions to full implementation and live support (under G Cloud Lot 2). Based on client requirements, all authorised users will be provided with documentation and training as required on how to access services. This includes topics such as how to use online ticket support system. If needed, onsite or online training can be provided.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Microsoft Word
  • Microsoft Vision
  • Microsoft Excel
End-of-contract data extraction All end of contract processes will be defined and agreed as part of our standard contract. The client can either extract data themselves or we provide secure transfer of their data at the end of the contract. zsah is completely flexible regarding how data extraction can be provided and will provide the appropriate level of support if and when required, depending on the client's own in-house capabilities.
End-of-contract process If a customer decides not to renew the their contract, they send us confirmation in writing. Once we receive notice from the customer and they confirm they have all the data they require, services are switched off such as VM's and storage space. Data is removed as required and any further support is provided if required. All end of contract costs for termination are included, unless specific support is required for migration to a new platform. In the latter case, this can also be provided at competitive rates under G Cloud 9 Support Services.

Using the service

Using the service
Web browser interface Yes
Using the web interface All aspects of the service can be managed by the customer via the web, using the Via vRealize automation tool. Changes and facilities that can be managed by users in this way include:

VM Deployment
Client virtual switch creation
Client firewall creation
Client storage creation
VM XVLAN assignment
VM IP address pool
Web interface accessibility standard WCAG 2.0 A
Web interface accessibility testing Not carried out to date (April 2017)
What users can and can't do using the API Users can set up and manage the service using the "Via vR" automation tool. Changes that can be made using this tool include:

VM Deployment
Client virtual switch creation
Client firewall creation
Client storage creation
VM XVLAN assignment
VM IP address pool
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation Yes
API documentation formats Other
Command line interface No


Scaling available No
Independence of resources Clients specifications are allocated according to their requirements to ensure that performance levels are met and are not affected by demands from other users. In addition, limits can be placed on resources if required. If users require changes to capacity or performance, these are achieved via a straightforward request to the zsah service desk.
Many clients have a zsah service based on their own dedicated infrastructure, ensuring that there is no impact on the service from external demands.
Usage notifications Yes
Usage reporting
  • API
  • Email
  • Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Any metrics can be provided, to suit client's requirements
  • Metrics provided include service usage, capacity, etc.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Virtual Machines (VMs)
  • Databases and data
  • Configurations
  • User authorisations
Backup controls This is done through managed services. Users can contact the help desk support team and send a request depending on their requirements. Backup schedules are agreed as per the contract.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network VLAN's, VXLAN's and correctly secured and configured switching/routing devices ensure data privacy. Data encryption is generally not used within the main platform, unless for inter-VLAN communications such as SNMP-to-monitoring devices which would be encrypted. IPSec is also used.

Availability and resilience

Availability and resilience
Guaranteed availability Zsah guarantees 99.99% uptime and availability, 24 hours a day, 365 days per year. Service credits are provided for Priority 1 and 2 incidents if the SLA is missed as per agreed contract.
Approach to resilience Zsah's hosting services are delivered from highly resilient and secure Data Centre facilities located in London and Manchester (plus Singapore for some international clients who require local presence in the Far East). We own everything else outright from the racks to switches, servers and storage. Our "gridz" platform is an enterprise cloud platform that we can lift and put anywhere in the world.

Levels of resilience can be fully configured to an individual client's requirements. Generally, the service provides fully redundant hardware such as servers, switches, clustering for hardware servers, automatic failover for VM's, High Availability, vMotion. Further details available on request.
Outage reporting All outages are reported to customers via dashboard, email, phone and twitter, or as defined by the client.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Only authorised users can access management interfaces and support channels using strong passwords via SSL. Access details are restricted and stored in an encrypted password application. Only authorised users have access to that application.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Exova BM Trada
ISO/IEC 27001 accreditation date 20/7/2016
What the ISO/IEC 27001 doesn’t cover Everything is covered in the ISO/IEC 27001 certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications UK Government Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards UK Government recommended Cyber Essentials.
Information security policies and processes Zsah's information security policy and process is aligned with and certified to ISO/IEC 27001:2013.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All components are configured as per clients' requirements and are monitored regularly. If changes are required, the client requests a change via a Change Request. Once reviewed and approved by zsah change management (including a review of any potential security impact), the changes are then implemented. The status of all Change Requests is communicated to the client and is available to review.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability and Penetration Testing is carried out on a regular basis. Patches can be deployed as soon as a threat is identified. We are signed up to key vendors and third party organisations who send out regular alerts. We also have a regular patching schedule every 2 months.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We ensure that your business and daily operations run smoothly via our support team. This means that we consistently monitor the network to ensure everything is running without any problems and should a problem arise then we can address it before users are affected.

Our monitoring is constant over 24 hours throughout the year. If issues arise the zsah support team are contactable at any time to resolve problems on the system.
Incident management type Supplier-defined controls
Incident management approach Zsah's incident management procedure conforms with ISO/IEC 27001: 2013.

Pre-defined processes for common events depend on the type of event, whether it is an incident or not. Events that are classified as incidents include malware infections, excessive spam, information system failures, Denial of loss of service.

Users report to the Information Security Management representative and then an appropriate action is taken quickly after discussed with management.

A thorough review is carried out following all incidents and all findings are detailed in a report including root cause analysis.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate This is via VLAN's and VXLAN's. Firewalls are available as shared or dedicated; physical or virtual.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £55 per virtual machine per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑