Salad

Website/App Hosting

Data & application hosting using Amazon Web Services (AWS), CloudFlare/Fastly & other SaSS services.

Features

  • Transparent incident reporting
  • Scheduled backups
  • Bespoke architecture

Benefits

  • Tested disaster recovery
  • Easily scaled with a defined upgrade path

Pricing

£120 a server a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matt@saladcreative.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 5 6 5 2 6 7 1 2 8 9 6 0 0 5

Contact

Salad Matt Leach
Telephone: 07854380252
Email: matt@saladcreative.com

Service scope

Service constraints
Preferable Linux based hosting OS, but Windows is available but would require a more bespoke arrangement than Salad's standard terms of hosting/service.
System requirements
  • Linux
  • Webmin/Virtualmin
  • Iptables
  • PHP7/8
  • MariaDB

User support

Email or online ticketing support
Email or online ticketing
Support response times
Depedant on agreed SLA, within 1 hour is standard.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Our response times are defined based on the nature of the issue
raised. Critical, serious and moderate issues are often used to categorise issues.

Critical - The product is inoperable or an agreed core function is unavailable.
Serious - A core function of the product is significantly impaired or underperforms.
Moderate - A core function of the product is impaired, where the impairment does not constitute a serious issue; or a non-core function of the app is significantly impaired.

Out of hours support is something Salad is very happy to provide at an additional level of investment. Should this be required, a fully scoped agreement would be put in place.

A dedicated account manager would be provided to all approved SLAs.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
If hosting is required for the launch of the product, it will be scoped & agreed during the plannign stages. Spec will be reccomended & the architecture will be built and load tested before the product is actually deployed. Everything is documented.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
Google Docs (with approved users access only)
End-of-contract data extraction
Free of charge, a full archive of all codebase, databases and defined dependencies would be provided over a secure WeTransfer link or approved FTP service.
End-of-contract process
An archive of all assets would be provided and shared with the client or an approved new supplier. There is no cost for this.

The format would be a ZIP archive. If required support & handover can be priced up at Salads standard hourly rate of £95 p/h

Using the service

Web browser interface
Yes
Using the web interface
Webmin/Virtualmin

Access cna be privided to the client or approved third parties if required.
Web interface accessibility standard
WCAG 2.1 A
Web interface accessibility testing
Ran Powermapper SortSite scans on a sandboxed Webmin interface. Use officially supported themes only.
API
Yes
What users can and can't do using the API
AWS API used to manage isntances & hosting services.
API automation tools
  • Chef
  • Puppet
API documentation
Yes
API documentation formats
Other
Command line interface
Yes
Command line interface compatibility
Linux or Unix
Using the command line interface
Where possible, all services & hosting applications are managed through the command line.

Root access is never used, with specific user access managed via approved ACL.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Salad provided a dedicated EC2 instance as standard for all hosted clients.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Amazon Web Services

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Entire server image snapshot
  • Database backup
Backup controls
Backups are managed by Salad only and accessible to Salad developers only.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.9% uptime is standard and achieved with AWS service level agreements.

All patching and reboots are scheduled outside of business-critical hours and approved by all stakeholders before executing.
Approach to resilience
Available on request
Outage reporting
Email alerts & server logs.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
An approved ACL will be in place & honoured throughout project development.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
Devices users manage the service through
Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
CREST Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
CREST Cyber Essentials
Information security policies and processes
Disaster recovery, Access Control lists and up to date training logs for all Salad employees when covering data access, process & transit.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Account diary is kept visible to all stakeholders and updated with any change requests. This is a digital document either stored within Salads Google Drive or a client defined system.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Sentry.io is used on all developed web facing applications to help proactively identify issues before negative impact occurs.

Salad runs regualr server health checks & on a monthly bases patches all used packages, with a log kept of what has been updated/version numbers/date/individual that updated & approved.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Once an issue is identified, a notification to the client , either phone or email is immediately actioned. The next step is to understand the potential business impact of the issue discovered.

Assuming a SLA is in place, response time is within 1 hour.
Incident management type
Supplier-defined controls
Incident management approach
Methods agreeable in SLA. Incident report is a Google doc detailing what the issue was, what the impact was and how it was resolved/plan to be resolved, followed by recommendations for further mitigation if required.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Other
Other virtualisation technology used
AWS managed services, with application led virtualisation managed within virtualmin
How shared infrastructure is kept separate
Individual EC2 instances

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Detailed by AWS here: https://aws.amazon.com/about-aws/sustainability/

Pricing

Price
£120 a server a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
We can host for an agreed warranty period after launch to showcase the service offering at no additional cost. We would only host what we had developed.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matt@saladcreative.com. Tell them what format you need. It will help if you say what assistive technology you use.