Secure Managed VPC Cloud Hosting (Citrix)

Our VPC is a virtualised environment where businesses can get all the advantages of a public cloud, without the risk. It’s a rock-solid platform that powers SMEs and enterprises alike, built on the latest cutting-edge hardware and regularly refreshed for maximum uptime and performance.


  • Scalable cloud hosting
  • Flexible compute and storage options
  • Ultra-secure platform
  • Resilient VPC for maximum uptime
  • Fully managed by ServerChoice
  • Revolutionary SSD-based storage - ultra fast and guaranteed QoS
  • SSD backups and HDD prices
  • Cutting-edge infrastructure


  • Cloud-based infrastructure
  • Maximum uptime for your business
  • Easily flex up and down resources as you need them
  • Free, UK support, 24/7


£20.00 per unit per month

Service documents

G-Cloud 9



Joe A. J. Beaumont

01438 532 300

Service scope

Service scope
Service constraints Scheduled maintenance is conducted out-of-hours, with plenty of notice given.
System requirements No system requirements

User support

User support
Email or online ticketing support Email or online ticketing
Support response times ServerChoice offer world-class support, with industry-leading response and resolution SLAs.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels ServerChoice offer world-class support, with industry-leading response and resolution SLAs. This is included without additional charge.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our infrastructure architects will design a best-fit solution based on best-of-breed virtualisation technologies on our hyper-resilient and ultra-secure VPC platform.

We will work with you to build a suitable migration and on-boarding plan. Throughout all stages of the process you will be assigned a friendly, reachable account manger and build engineer who can answer any questions you may have.
Service documentation No
End-of-contract data extraction ServerChoice impose no limitation of extraction of data. We are happy to work with you to facilitate data extraction via any industry-standard methods.
End-of-contract process Before the end of the contract is reached, we'll be in touch to help you decide what to do. Our customers usually sign-on for longer periods at increased discounts. If you'd like to leave us, we'll help you extract your data and make sure you're happy before securely deleting your cloud infrastructure.

Using the service

Using the service
Web browser interface Yes
Using the web interface Our web portal is a highly secure and feature-rich interface. It allows authorised users to manage change control, support tickets, etc.
Web interface accessibility standard None or don’t know
How the web interface is accessible Our web portal has been designed to be accessible.
Web interface accessibility testing Our web portal has been designed to be accessible.
Command line interface No


Scaling available No
Independence of resources Our secure VPC uses the latest hardware and virtualisation technology, powering enterprises and SMEs alike. We upgrade the platform long before our resources reach capacity.
Usage notifications Yes
Usage reporting
  • Email
  • Other


Infrastructure or application metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach AES-256 with self-encrypting drives.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • We can back up any aspect of your infrastructure
  • Files, virtual machines, gold images, etc
Backup controls Contact our friendly 24/7 support teams to arrange additional backups.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Our service guarantee is 100%, except for scheduled maintenance, with a 1 hour response guarantee. If we're down for more than 1 hour, we start paying service credits.
Approach to resilience Our VPC infrastructure is hyper-resilient, with no single point of failure. We have extreme redundancy across all hardware and virtualisation components.
Outage reporting Status page on the ServerChoice Website and emailed Incident Report

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels ServerChoice provides a mechanism for customers to raise change and support requests by our web portal. Customers must be authenticated before any requests can be made. In order for customers to authenticate themselves, each customer has their own interface to the web portal, with unique usernames and passwords.

Two-factor authentication is used for consumers as an authentication mechanism to access their environment and a username/strong password to access the portal
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 20 March 2017
What the ISO/IEC 27001 doesn’t cover All ServerChoice services are in-scope.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Pentest Partners
PCI DSS accreditation date 6/06/2016
What the PCI DSS doesn’t cover All ServerChoice services are in-scope of PCI DSS
Other security accreditations Yes
Any other security accreditations
  • Tigerscheme
  • CISM
  • Certified Ethical Hacker

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards ISO 27001
PCI DSS v3.2 Service Provider (Level 1 - the highest level available)
Information security policies and processes Are are compliant with ISO 27001 and are a PCI DSS Level 1 Service Provider. All our security policies and procedures have been vetted and are compliant with these industry-leading security standards.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach ServerChoice operates a strict change control process to prevent any unauthorised change to a client’s service. It mitigates associated risks such as information corruption/disruption, infrastructure disruption, loss of productivity and reputational risk. Our change control process ensures only pre-authorised persons are able to request changes, we only carry out changes at suitable times, and no work is undertaken until a work plan, rollback plan and verification plan have been approved. Change Requests are raised with our support team via phone, email, or our easy-to-use web portal.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We are a PCI DSS Level 1 Service Provider, meaning we undergo regular periodic vulnerability scans, penetration tests and rigorous on-site audits.

We have a dedicated in-house Security Operations Centre that manages cyber security and compliance across our entire business and infrastructure.
Protective monitoring type Supplier-defined controls
Protective monitoring approach ServerChoice have an in-house UK Security Operations Centre (SOC), staffed 24/7 by trained, certified infosec professionals. It's from our SOC that we monitor our own and our customer infrastructures for security events, ready to step in with full incident management procedures the moment a potential security threat is detected.
Incident management type Supplier-defined controls
Incident management approach All incidents a reported and logged in the ServerChoice portal. In the case where an incident is service-affecting, ServerChoice will issue a full incident report as soon as is practicable after the issue has been resolved. The incident report will confirm: times and dates, cause, resolution, further actions, staff involved, etc

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Citrix XenServer
How shared infrastructure is kept separate Advanced use of Citrix allows for the provision of multiple tenants being kept entirely separate. This regularly tested by our penetration testing and audited by our PCI DSS compliance.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £20.00 per unit per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑