EPI-USE Labs Limited

EPI-USE Labs Cloud Hosting

Enterprise grade Multi-Vendor private cloud service for fully virtualised workloads. Ideal for SAP applications and can be further enhanced with our EPI-USE Labs Cloud Managed Services and SAP Migration services.


  • Highly Available Multi-tenant virtualised environment
  • All-Flash SSD Storage
  • Hosted in Equinix IBX Data centres
  • European wide Geo-redundant multi-site failover
  • Redudant IPSEC-VPN connectivity
  • Fully managed firewall, with ten free VPN accounts
  • Managed virtual infrastructure


  • Hosting of all your enterprise systems on one platform
  • A private environment with public cloud connectivity
  • Basic monitoring and visibility of your systems
  • A highly personalised level of service at a competitive price
  • A dedicated and experienced team
  • Short-term hosting solutions available
  • Enterprise grade hosting at a very low industry cost
  • Scalable cloud hosting model
  • Suitable for OPEX financial model


£68.14 per virtual machine per month

Service documents

G-Cloud 10


EPI-USE Labs Limited

Natasha Mowatt

0161 282 7061


Service scope

Service scope
Service constraints X86 based operating systems (Linux, Windows 2008 R2+)
System requirements IPSEC VPN over the internet

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Severity 1: <= 60 minutes, updates every hour
Severity 2: <= 4 hours, updates every 6 hours
Severity 3: <= 1 business days, updates every 3 business days
Severity 4: <= 2 business days, updates weekly
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels Technical support is provided for the hosting environment and ticketing systems.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started On-boarding technical support is included and online documentation is available for our ticketing system.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Due complexity and the storage capacity that can be consumed, data extraction will be client specific and agreed at the start of the contract.
End-of-contract process Unless by prior agreement, clients data is kept for 2 months after the contract terminates after which it is securely deleted. Client is engaged before data is removed.

Using the service

Using the service
Web browser interface Yes
Using the web interface The EPI-USE Labs Unified Platform (UP) is primarily used for a performance-monitoring tool. UP is a powerful web-based software appliance that helps businesses reduce the cost of operations and increase business agility. UP offers visibility across your entire landscape and provides visual feedback to the performance and alerts across your environment - allowing faster issue identification and remediation.
Web interface accessibility standard None or don’t know
How the web interface is accessible Our web interface is accessible over the internet via secure HTTPS.
Web interface accessibility testing None
Command line interface No


Scaling available Yes
Scaling type Automatic
Independence of resources Active monitoring and orchestration is used to balance load across the virtual infrastructure.
Usage notifications Yes
Usage reporting
  • Email
  • Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Virtual Machines
Backup controls Client can raise a ticket to make scheduling adjustments.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Firewalls are leveraged to isolate infrastructure.

Availability and resilience

Availability and resilience
Guaranteed availability Hosted virtual infrastructure has an SLA of 99.5% uptime.
Approach to resilience Virtual Infrastructure is highly available allowing for automatic failover of the clients virtual machines in the event of hardware failure. Geo-redudancy is available to cover site failure.
Outage reporting Service outages are reported to the client via email alerts.

Identity and authentication

Identity and authentication
User authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Management interfaces are isolated from client hosted environments. Clients have no access to these interfaces.
Access restriction testing frequency At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 A-lign
ISO/IEC 27001 accreditation date 26/06/2016
What the ISO/IEC 27001 doesn’t cover Our ISO 27001 covers certification for our Client Central client interaction platform and Unified Platform, which related to hosting and managed hosting services. Software and service not related to these are not covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • ISAE 3402 Type 2
  • SOC 1 Type 2
  • SOC 2 Type 2

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes EPI-USE Labs has an information security management system that certifies to ISO27001 which includes an overall security policy. Adherance to the policies is audited annually by an independent external provider.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Internal change management follows an ITIL based process.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The Infrastructure is regularly compared against vendor critical patch levels.
Updates are installed at scheduled maintenance windows.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Multi-vendor monitoring platforms are leveraged to provide realtime analysis of infrastructure events.
Internal incident response policies are followed in the event of a compromise.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We currently have over 100 standard information security controls as part of iSMS implementation.
Clients can use our internally developed incident and ticket management system, Client Central, to log incidents.
Clients will be notified of any incident relating to their solution.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Clients are isolated at Layer 2

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £68.14 per virtual machine per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑