Castleton Technology Plc

Castleton Hosted Services

We deliver a range of services from fully managed Desktop as a Service to Backup as a Service/ Disaster Recovery as a Service. Our cloud services are delivered from our Tier 3 ISO 27001 accredited data-centres. We deliver flexible, bespoke solutions tailored to individual customer requirements


  • Remote access to service any time, any day
  • Remote access over the Internet from any device
  • Fully managed platform
  • Automatic software updates
  • High Availability
  • Real time monitoring
  • Disaster recovery
  • Data protection to include perimeter security to systems
  • Backup management
  • Out of Hours support cover


  • Opex pricing model - No expensive infrastructure refresh costs
  • Mobile working
  • Subscription model - capital expenditure free
  • Reduced Infrastructure costs and maintenance
  • Document control of corporate data
  • Scalability & Flexibility to increase of decrease resource requirements
  • Environmentally friendly
  • Access to latest Microsoft products
  • Common desktop experience across multiple types of devices
  • Ease of access to corporate date and sharing of information


£50 to £150 per user per month

  • Education pricing available

Service documents

G-Cloud 9


Castleton Technology Plc

Jessica Knight


Service scope

Service scope
Service constraints Subject to software vendors application compatibility, where possible the latest releases of Microsoft and VMware licensing are to be deployed. Periodically and at approved time planned maintenance of the hosted environment will be undertaken with ensuring the platform and virtual machines are meeting each technologies and manufactures patching and operating levels. In the event of a critical notification from a manufacture the affected hardware or software will be addressed. On an annual basis the customer will be encouraged to undertake a recovery test by invoking a Disaster Recovery within our isolated environment
System requirements
  • Suitable Internet connectivity speed
  • Suitable end user hardware - e.g Winterm, PC, Laptop, Tablet
  • Subscription to a desktop anti-virus product
  • Perimeter office firewall
  • Comms link redundancy subject to number of users per location
  • Robust LAN switches with redundancy subject to number of users
  • Structured cabling or a suitable wifi solution with adequate coverage
  • Mains protection of local devices, routers, firewalls and network switches
  • Adequate SLA with internet service provider to meet business needs
  • Asset register of connecting devices to include operating systems

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our response times are dictated by the Service Level Agreements within individual customer contracts.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide full end to end support, from 1st to 4th line. This covers from desktop user support, to infrastructure support, management and configuration. An example of 1st line would be a password reset for an end user, and an example of 4th line would be investigation into core service failure. All levels are included within the service cost. The option for a technical account manager is available but this is specified within the individual customer contract.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The onboarding process is subject to the size of a clients infrastructure or desktop requirement. In most cases a staging server is located onsite that acts as a transport layer for migrating servers and associated data to our hosting platform. At an agreed date typically over a weekend the on-premise infrastructure will be powered down and hosted servers made live for user acceptance testing. Following successful testing all external services such as email delivery will be enabled.

For large organisation with many servers, the staging server environment will be transported to our data centre over an agreed weekend

We offer several levels of training
1. Onsite - To customer's ICT team on how to administrate a managed desktop to support their end users at a first line level

2. Onsite - Train the Trainer whereby we train "super users" within the business who in turn train the users

3. Onsite - Direct end user training
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The offboarding process is agreed individually with each customer and timescales will be subject to size of estate to be migrated.

Following consultation with the customers new service partner an agreed method that follows industry best practice and standard formats for migrating data will be implemented. In all cases the data will be encrypted and provided to the new provider in person or by the means of a door to door delivery. All documentation to include passwords will be handed over during this transition process. Once the data has been received at the agreed date information being held on our platform will be destroyed using an approved removal tool and a copy of the removal notice confirmation will be issued to the customer.
End-of-contract process Data extraction is included within the price of the service.

Data migration would incur additional cost .

Using the service

Using the service
Web browser interface No
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources Yes. We monitor the services and scale our infrastructure as appropriate.
Usage notifications Yes
Usage reporting Other


Infrastructure or application metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Encryption of data using AES 256bit
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Virtual machines (image level)
  • Windows VSS consistent files & databases
Backup controls Backups are managed by ourselves as part of the service. The following are agreed with the customer on a per server/application basis;
1. Backup interval (e.g hourly, daily)
2. Data retention (e.g 1 week, 1 month, 1 year)
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Individual SLA's are provided on a per contract basis.

Any service refunds are provided on a per contract basis based on service credits.
Approach to resilience Our service architecture is available on request.
Outage reporting Service outages and scheduled maintenance are notified via email to designated account contacts.

Identity and authentication

Identity and authentication
User authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels No management interfaces are provided to customers.

Support interfaces are provided to individual users and restricted based on their standard logon credentials
Access restriction testing frequency Less than once a year
Management access authentication Other
Devices users manage the service through
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security No
Security governance accreditation No
Security governance approach Whilst we maintain the systems on behalf of our customers, the customer remains the Data Owner and as such are responsible for the implementation of appropriate controls and ensuring their staff adhere to their security policy and processes.

We are responsible for the underlying architecture and are in the process of working to ISO27001 accreditation hence our processes are based on that framework.

The Datacentre adheres to ISO27001 for physical security.
Information security policies and processes For our Front office system, the customers are their own data owners and as such are responsible for their own security policies and processes.

For our Back Office systems, all staff adhere to our security policy (available on request). All breaches are reported to the Functional Department Heads who are responsible for reporting to our Services Director.

Our Services Director is responsible for reviewing and enforcing our security policy

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our change management process ensures that all changes are necessary, documented, efficiently implemented and with minimal disruption.

Each change is managed by a document which defines details of the change, the priority and impact of the change, the reason for change, risks associated with the change, a back out plan and effects of this not being implemented.

The document is submitted to our change team who review and agree if the change will go ahead based on all the above factors.
Vulnerability management type Undisclosed
Vulnerability management approach Vulnerabilities for our key platforms are monitored through vendor notification.

We undertake scheduled, periodic updates of patches to our systems. Patches for critical updates are assessed independently and may be implemented ahead of the period updates.

All patches are applied in line with our change management process.
Protective monitoring type Undisclosed
Protective monitoring approach We collect and log data based on activities of both systems and users. These are then reviewed and audited in near real-time. Adding both prioritisation and intelligent base lining enabled critical alerts to be raised and actioned by the correct engineer at the right time.
Incident management type Supplier-defined controls
Incident management approach We have defined process for logging, recording and resolving incidents. We aim to restore the service to our customers as quickly as possible, often though a fix or a work around. For common events we used pre-defined knowledge bases to allow knowledge transfer across the team. Incidents can be reported in three ways; telephone, email or via our online portal. Incidents reports vary on a customer by customer bases and are designed to meet each individuals requirements.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Each customer is delivered as a private tenant.

Each private tenant is provisioned with their own private network(s), secured by VMware virtual networking to ensure no communication between customers.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £50 to £150 per user per month
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑