Pulsant Ltd

Pulsant Managed Azure Stack (Multi-tenant / Dedicated)

Pulsant's Managed Azure Stack (IaaS) is delivered as Infrastructure as a Service, providing flexible, high performance, high capacity virtual server (VM). This service can be used in conjunction with any of Pulsant's other cloud services to deliver a hybrid cloud model. Managed service available with defined and financially backed SLA's.


  • Azure Virtual Machine(s) hosted within Pulsant datascentre
  • Closely integrated with Microsoft tools
  • 99.95% availability
  • 24/7/365 service monitoring
  • Supported by a ISO27001, ISO9001 and CSA Star accredited partner
  • Direct connectivity to Azure Cloud


  • 24/7/365 service monitoring
  • 99.95% Service availability - protecting your business reputation
  • Accredited provider aligned to Public Sector service requirements
  • Reduce CAPEX, minimal OPEX and consistent cost structure
  • Advance backup monitoring underpins industry leading SLA's
  • Over 12 years experience in supporting Public Sector organisations
  • Choice of carrier and carrier neutrality
  • Experienced audit support through dedicated compliance team
  • Flexible and scalable service


£91.80 per virtual machine per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

6 9 7 5 9 9 4 0 2 9 3 1 7 6 0


Pulsant Ltd

John Easson

0345 119 9911


Service scope

Service constraints
The Azure platform is designed so that maintenance can be carried out without interruption to those systems being protected. Though some individual jobs may be delayed during maintenance those jobs will resume when possible and continue service as normal.

In order to reduce risk of unplanned downtime, Pulsant will apply strict change management procedures and configuration management control in applying system or application changes. A regular maintenance schedule will be applied for timely application of systems and application updates. Change control will consider impact of change and rollback procedures if release is unsuccessful.
System requirements
Internet connectivity

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times to questions and support requests are as follows:
Routine: within 30 minutes, measured during business hours

Service Affecting (must be notified by telephone): Within 30 minutes

Critical (must be notified by telephone): Within 15 minutes
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Our Azure Cloud service provides:
The Azure Cloud designed and maintained to achieve a target availability of 99.95% measured on a calendar month.

Support Hours
We operate and resource a technical support team so that customers have access to highly trained staff 24 hours a day, 7 days a week, 365 days a year.

Change Completion
Simple - Within 24 hours
Complex - As scheduled and agreed based on change requirements

Incident Response Times:
Critical - 24/7/365 (must be notified by telephone) - response within 15 minutes
Impacting Service - 24/7/365 (must be notified by telephone) - response within 30 minutes
Routine - Business hours - response within 30 minutes measured during business hours

Azure Cloud service is delivered to clients as an infrastructure as a Service model. Where clients require a managed service, the cost of the managed service is included within the pricing document uploaded as part of this service.

The above support levels are included as part of the service and carry no additional cost.

Pulsant also provide an Account Manager.
Support available to third parties

Onboarding and offboarding

Getting started
Pulsant can provide suitable training for standard procedures to customers taking on the service and if required bespoke training can be arranged on request ensuring customers’ proficient use of the service.
Service documentation
Documentation formats
End-of-contract data extraction
Customers are able to remove their data at any time through the same means they uploaded. Either over their network (internet or express route) or via the Azure Import/Export services.
End-of-contract process
In their Online Services Terms, Microsoft contractually commits to specific processes when a customer leaves a cloud service or the subscription expires. This includes deleting customer data from systems under their control. If a customer terminates a cloud subscription or it expires (except for free trials), Microsoft will store your customer data in a limited-function account for 90 days (the “retention period”) to give you time to extract the data or renew your subscription. During this period, Microsoft provides multiple notices, so you will be amply forewarned of the upcoming deletion of data. After this 90-day retention period, Microsoft will disable the account and delete the customer data, including any cached or backup copies. For in-scope services, that deletion will occur within 90 days after the end of the retention period. (In-scope services are defined in the Data Processing Terms section of Microsoft's Online Services Terms.)

Using the service

Web browser interface
Using the web interface
The Cloud portal allows users to:
- Create and manage virtual networks
- Create and manage virtual machines
- Manage virtual firewalls (where those firewalls are provided by the Cloud platform)
- Allocate and de-allocate virtual resources
Web interface accessibility standard
WCAG 2.1 A
Web interface accessibility testing
Pulsant tests all software whether new, or upgrades/ enhancements to existing software prior to release.

Pulsant are committed to ensuring all user interfaces are accessible and where required will work with assistive technology users.
What users can and can't do using the API
Users are able to utilise the Azure API Management service to create their own APIs for the solutions they deploy on to the platform. Additionally we have the Azure Service Management API which provides programmatic access to much of the functionality available through the Management Portal.
API automation tools
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Puppet
API documentation
API documentation formats
Command line interface
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
  • Other
Using the command line interface
Azure CLI 2.0 is optimised for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager.


Scaling available
Scaling type
  • Automatic
  • Manual
Independence of resources
Azure represents a hyper-scale public cloud service.
Usage notifications
Usage reporting
  • API
  • Email
  • SMS


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
What’s backed up
Under user control
Backup controls
Under user control.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
For data in transit, Azure uses industry-standard secure transport protocols, such as TLS/SSL, between user devices and Microsoft data centres. You can enable encryption for traffic between your own virtual machines (VMs) and your users. With Azure Virtual Networks, you can use the industry-standard IPsec protocol to encrypt traffic between your corporate VPN gateway and Azure as well as between the VMs located on your Virtual Network.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
ACL Based Network Security Groups are also used.

Availability and resilience

Guaranteed availability
Service Levels

The Supplier will use its reasonable endeavours to deliver the following Response Times in respect of incidents as set out in the table below.

Event Type - Service Hours - Response Time

Critical - 24/7/365 (issue must be notified by telephone) - Within 15 minutes

Service Affecting - 24/7/365 (issue must be notified by telephone) - Within 30 minutes

Routine - Business Hours - Within 30 minutes, measured during Business Hours

Measure - Description - Value

Service Hours - The hours during which the service and SLA is provided - 24/7/365

Availability - % of the service hours during which service availability is guaranteed (excluding planned maintenance in clause 5 below) - 99.95%
Approach to resilience
Available on request
Outage reporting
In the unlikely event an outage occurs, Pulsant respond in line with our documented Outage Response Process.

Pulsant understands that during any loss of service communication with the client is of paramount importance to support sharing information with their clients'. However, maintaining communication must not impact upon the works being completed to resolve any outage.

Pulsant's outage reporting process provides clients with regular updates through a number of different methods. Depending on the type and severity of the outage Pulsant will utilise either one are all of the following communication methods:

- Public Dashboard, refreshed and updated every 30 minutes
- Direct communication either by telephone or email to clients
- Text message alerts for clients should this method of communication have been approved
- Customer Portal - updated at 30 minute intervals
- Email alerting - communication schedule in line with resolution activity, supports the communication via the other methods listed above.

Following any outage or loss of service Pulsant complete a Reason For Outage (RFO) report which is distributed to all clients and any service improvements are recorded and implemented for future service improvement.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
  • Other
Other user authentication
Azure Active Directory is Microsoft’s multi-tenant cloud-based directory and identity management service. Azure-AD provides an affordable, easy to use solution to give employees and business partners single sign-on (SSO) access to thousands of cloud SaaS Applications like Office365, Salesforce.com, DropBox, and Concur. For application developers, Azure-AD lets you focus on building your application by making it fast and simple to integrate with a world class identity management solution used by millions of organizations. Azure-AD also includes a full suite of identity management capabilities including multi-factor authentication, device registration, self-service password management, self-service group management, privileged account management.
Access restrictions in management interfaces and support channels
Azure-AD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licences, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organisation has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Standards Institution
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Any elements of the service which is not hosted on / within Pulsant managed and operated environments / infrastructure.
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
PCI certification
Who accredited the PCI DSS certification
Coalfire Systems Inc
PCI DSS accreditation date
What the PCI DSS doesn’t cover
Any elements of the service which is not hosted on / within Pulsant managed and operated environments / infrastructure.
Other security certifications
Any other security certifications
  • FACT
  • NHS IG Toolkit
  • FedRamp
  • NIST 800-171
  • FIPS 140-2
  • CDSA
  • ISO 27017 and 27018
  • SOC 1, SOC 2, SOC 3

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards
FACT, NHS IG Toolkit, FedRamp, NIST 800-171, EU Model Clauses, Cyber Essentials Plus
Information security policies and processes
An Information Security Management Program has been established to enable Microsoft Azure to maintain and improve its management system for information security. Through establishment of the ISMS, Azure plans for and manages protection of its assets to acceptable security levels based on defined risk management processes. In addition, Azure monitors the ISMS and the effectiveness of controls in maintaining the confidentiality, integrity and availability of assets to continuously improve information security.

The ISMS framework encompasses industry best-practices for information security and privacy. The ISMS has been documented and communicated in a customer-facing Information Security Policy, which can be made available upon request (customers and prospective customers must have a signed NDA or equivalent in place to receive a copy).

Microsoft Azure performs annual ISMS reviews, the results of which are reviewed by management. This involves monitoring ongoing effectiveness and improvement of the ISMS control environment by reviewing security issues, audit results, and monitoring status, and by planning and tracking necessary corrective actions.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.

Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
When providing the Antimalware solution for Virtual Machines, Azure is responsible for ensuring the service is highly available, definitions are updated regularly, that configuration through the Azure Management Portal is effective and that the software detects and protects against known types of malicious software. MCIO-managed hosts in the scope boundary are scanned to validate anti-virus clients are installed and current signature-definition files exist.

Vulnerability scans are performed on a quarterly basis at a minimum. Microsoft Azure contracts with independent assessors to perform penetration testing of the Microsoft Azure boundary.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Microsoft Azure employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the data centre edge, our network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.

Proactive monitoring continuously measures the performance of key subsystems of the Microsoft Azure services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Microsoft has developed robust processes to facilitate a coordinated response to incidents.
• Identification – System and security alerts may be harvested, correlated, and analysed.
• Containment – The escalation team evaluates the scope and impact of an incident.
• Eradication – The escalation team eradicates any damage caused by the security breach, identifies root cause for why the security issue occurred.
• Recovery – During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity.
• Lessons Learned – Each security incident is analyzed to protect against future reoccurrence.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
How shared infrastructure is kept separate
Microsoft Azure is natively capable of multi-tenancy with cloud management systems that separate organisations into tenant accounts and use physical, network, logical and hypervisor segregation to separate organisation data and usage from other tenants.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
Pulsant’s Environmental Management System exists to ensure Pulsant adheres to the very highest levels of Energy Efficiency in line with the EU Code of Conduct.

The Environmental Management System is a collection of associated Environmental policies and records that form part of an overall management system applied across Pulsant for the purpose of management and control of business operations. It applies to all sites and operations.

Pulsant uses the measure of Power Usage Effectiveness (PUE) to establish the environmental and energy efficiency performance of the datacentres we operate. The Company will continue to drive the Power Usage Effectiveness (PUE) down across sites as far as is practicably possible.

Where employing equipment to deliver datacentre functionality the following points are considered:
• The environmental credentials of any systems or equipment
• The employment of power factor correction where possible
• The isolation of equipment when not in use
• Management and control of running times and rates

Regular testing is performed across all plant equipment to assess performance. Regular reviews of equipment, sourcing practices as well as technologies available to enhance both operational efficiencies and environmental benefits are conducted by Pulsant's management team.

Pulsant is a member of the Green Grid.


£91.80 per virtual machine per month
Discount for educational organisations
Free trial available
Description of free trial
Pulsant provide a free trial of the service in line with the clients service scope.

The trial period will be for an agreed period, typically this is no longer than 1 month.

Service documents

Return to top ↑