Sungard Availability Services (UK) Ltd

Managed Cloud Services for UK Government (Official)

Sungard AS’s Managed Cloud Services for UK Government (Official) service is validated and assured to process data marked as Official (Official-Sensitive). PSN Assured, Protected, PSNP A+P, and Internet connectivity are available. Each customer is assigned one or more Virtual Data Centre(s) with compute, network, storage resources and operating systems.


  • Hosted within Sungard Availability Services UK datacentres
  • Fully redundant multi-tenancy multi-site enterprise infrastructure
  • A dedicated SC Cleared UK-based Service Operations team
  • PSN Assured and Protected, PSNP A and P, and Internet
  • Reserved Public Services Network (PSN) bandwidth
  • Up to 99.99% Availability Service Level Agreement (SLA)
  • Protective monitoring of the platform and available for customer workloads
  • Security Domain connection gateway
  • Aligned with the NCSC 14 Cloud Security Principles
  • Accreditation Advisory Services


  • Fully Managed Services
  • Reduction in overall costs and compliance risks
  • Flexibility in computing demands
  • Consume infrastructure within an OPEX-based financial model


£59 per virtual machine per month

  • Free trial available

Service documents

G-Cloud 10


Sungard Availability Services (UK) Ltd

Sungard Availability Services

0800 143 413

Service scope

Service scope
Service constraints The service includes planned maintenance arrangements to perform routine and scheduled maintenance of the platform. This is required to maintain availability and ensure security integrity of the service. It is also required to adhere to service certifications to continue to connect and provide services on the PSN.

For customer's Virtual Data Centre (VDC) or workload environments and specific only to this, standard and routine maintenance, including the implementation of security and critical patching, fixes or hardware and software upgrades, the planned maintenance windows are agreed with the customer. This is managed in line with the PSN patching requirements.
System requirements
  • Managed OS are hardened which includes Anti-Virus
  • All VMs include Anti-Virus
  • IPSec VPN over the Internet
  • Access to Assured and Protected Zones (different security domains)
  • Windows OS 2008 R2 and 2012 R2 supported
  • Redhat Linux OS 6.5 and 7 supported
  • Fully managed firewalls and networking
  • Remote management access is via a secure laptop
  • UK only access
  • Security clearance for administrators

User support

User support
Email or online ticketing support Email or online ticketing
Support response times In relation to incidents the following response times are:
Priority 1 = 15 minutes
Priority 2 = 30 minutes
Priority 3 = 60 minutes
Priority 4 = 2 hours

In relation to service requests, we acknowledge according to the following times:
Priority 1 = 15 minutes
Priority 2 = 30 minutes
Priority 3 = 60 minutes
Priority 4 = 12 hours
These times are determined once the service request is categorised, classified and assigned an owner.

The service desk is available 24 by 7 and 365 days a year to respond to questions.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels We offer different levels of support according to the type of VMs:

- For Dev and Test (Alpha/Beta) virtual machines on shared platform, the service desk is available 24/7 and the support window is 8:00am to 6:00pm UK time, Monday to Friday excluding UK holidays and Out of Hours (OOH) for change implementation and P1/P2 support when required.

- For Standard (Live) and High Availability (Live) virtual machines on shared platform and Managed Physical Hosts, the service desk is available 24/7 and the support window is 24/7.

We provide service managers at an extra cost.

The service follows ITIL v3 best practice processes and procedures.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started As a fully managed service, we provide full on-boarding services through our consulting and operational teams.

We have user documentation such as on-boarding and service management documentation covering how to raise tickets, service request, change, escalations etc.

We can also offer customers with onsite training at additional cost.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • Microsoft Word
  • Microsoft Excel
  • Microsoft Powerpoint
End-of-contract data extraction Full data extraction is available through our kiosk process which allows data to be moved to a destination of the customer's choice.

Enhanced data erasure is also available with additional cost.
End-of-contract process At the point of termination, all your data, accounts and access will be securely deleted; there will be no mechanism to subsequently recover data after this point.

Full data extraction is available through our kiosk process which allows data to be moved to a destination of the customer's choice.

Enhanced data erasure is also available with additional cost.

Using the service

Using the service
Web browser interface Yes
Using the web interface We provide customers access to a web portal that allows them to raise incidents, service request and change.

Full administrative access to the VMs can be achieved through the through 3rd party remote access laptop.
Web interface accessibility standard None or don’t know
How the web interface is accessible Our web portal is accessible through a standard internet browser.
Web interface accessibility testing No assistive technology users have been used to test the web interface.
Command line interface No


Scaling available No
Independence of resources Users have the option to purchase contended and uncontended VMs.
Uncontended VMs have guaranteed memory and CPU reservations avoiding the customer's service being affected by the demand of other users.

Storage is allocated to the VMs on a dedicated basis.
Usage notifications Yes
Usage reporting
  • Email
  • Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • VM patching levels
  • Anti-Virus update status
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Sungard AS provides “known locations for storage, processing and management” of the service and all data within.

All Sungard AS UK Ltd contracts are with a UK registered Company and are governed under UK Law.

Sungard AS data centres conform to a recognised standard. The operating locations which host and manage Sungard AS's Managed Cloud Services for UK Government (Official) are certified to ISO27001. All UK Data Centres undergo an annual review against ISAE 3402 Type II.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Virtual Machines
  • Files
  • Databases
  • Network configuration
Backup controls Through initial backup policy capture during on-boarding from a list of options and through service request during in-life service. This is available to different VMs.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Sungard AS implements IPsec VPNs for the protection of administrative traffic. All vendor patch downloads and imports and protected via TLS. These controls have been verified via ITHC.

Sungard AS Customer portal is protected via TLS

Availability and resilience

Availability and resilience
Guaranteed availability Up to 99.99% availability assured by contractual commitment
Approach to resilience Sungard AS offers an SLA for customers for Service availability.
Single-site service availability for a customer is 99.5%.
Dual-site service availability for a customer is 99.9%.
All service elements within a single site are resilient and are redundant between sites catering for high availability services.
Sungard AS can provide a system design review and analysis with the customers if required. This is available on request and at additional charges.
Outage reporting Sungard AS reports any outage via email alert to customers.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels The Sungard AS secure service administration adopts the “dedicated devices on a segregated network” model. This is a “known service management architecture”.

This offers the highest segregation and separation of the management functions.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through Dedicated device over multiple services or networks

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyd's Register Quality Assurance
ISO/IEC 27001 accreditation date 3/12/2013
What the ISO/IEC 27001 doesn’t cover The following is what is covered. The manage of the processes, the people and assets operating out of Sungard AS's LTC ,TC2, TC3, TC4 datacentres and the TC5 data centre operations team, that support our Managed Cloud Services for UK Government (Official) service, and supporting functions (Finance, Procurement, Legal and HR functions) within our Theale and LTC A offices are covered by it's ISO/IEC 27001 certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • PSN Code of Connection
  • PSN Service Provision
  • ISAE 3402 (formerly SAS 70)
  • ISO 9001: 2008
  • ISO 22301 (formerly BS 25999)
  • ISO 27031 (formerly BS 25777)
  • Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Sungard AS has an information security management system that certifies to ISO27001 which includes an overall security policy. Adherance to the policies is regularity audited by an independent external provider.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Sungard AS has a governance process in place to track all assets and to review and manage change to the platform. This process is encompassed within the Sungard AS ISO27001 certification.

All changes are reviewed and approved including impact from a security perspective before implementation.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Sungard AS applies patches to the platform, including customer managed elements in accordance with the PSN Code of Compliance patching regime. Critical patches within 14 Days; Important Patches within 30 Days; Other Patches within 60 Days

Sungard use automated Vendors tools to retrieve and manage the application of patches.

A patching policy is in place and the estate is regularly checked for patch compliance via the annual ITHC. Multiple ITHC’s are undertaken each year.

Where emergency patches are required to address an imminent threat to the platform or service then the Sungard AS change management process can support this.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Sungard AS employs a Protective Monitoring service that complies with GPG13 and operates at the DETER assurance level.

The Service monitors events from all the infrastructure and management elements of the platform. Events of interest raise alerts to the 24 x 7 SOC. Any suspicious activity is then notified to the Sungard AS Secure operations team.

Sungard AS allows customers to implement their Own Protective Monitoring regime for the application and Operating Systems of guest workloads. Customers can also elect to have a managed service provided by Sungard AS which results in events being sent to the same SOC.
Incident management type Supplier-defined controls
Incident management approach Sungard AS has a defined incident management process which is available on request.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Sungard AS use virtualisation technologies to provide separation between customer workloads.

Compute separation is enabled through the VMware ESXi product configured in accordance with NCSC recommendations. Customers may implement physical devices as part of their service, separation of these is provided through network separation.

Network separation between customers is achieved through virtual routing and forwarding (VRF) technologies and virtual networking capabilities (such as virtual firewall instances for each customer). Network separation within a customers service is provided by virtual LANs (VLANs).

Storage separation is enabled through virtualised storage within the Netapp FlexPod storage architecture.

Separation has been verified by ITHC.

Energy efficiency

Energy efficiency
Energy-efficient datacentres No


Price £59 per virtual machine per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Sungard AS offers a Proof Of Concept (POC) trial for free for a limited period upto 3 months. This is for a small VDC with the required compute, storage and network to stand up an application in the Assured Zone (security domain that has connectivity to the Internet).


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑