Nomensa Ltd


We provide hosting services via our global cloud infrastructure partner, Amazon Web Services (AWS).
Amazon Web Services provide web servers, storage, CDN delivery and Elastic Load Balancing (ELB) which allows Nomensa to provide a fully resilient, enterprise level service for our clients.


  • Technical support: 24/7 access to AWS Cloud Support Engineers
  • SLA with agreed case severity and response times
  • Daily data backups
  • Appropriate storage capacity and bandwidth
  • Performance and availability monitoring (Cloud Watch plus in-house monitoring)
  • Regular monitoring and assessment of bandwidth usage and storage capacity


  • Highly available and redundant design
  • Seamless failover and scalability of the service
  • Optimised server usage and scale to cope with busy periods
  • Ability to add further servers, if required
  • Deployments can be staged across servers to minimise downtime
  • Scalable replicated shared storage for media and static assets
  • Edge caching for improved performance


£60 per virtual machine per month

Service documents

G-Cloud 10


Nomensa Ltd

Bid team

0117 9297333

Service scope

Service scope
Service constraints Downtime for planned maintenance windows will be included within the SLA.
System requirements N/A - open source

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Response times are based on priority levels, as defined in our standard SLA.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels Support levels are based on priority (Critical, high or medium/low). No extra costs required based on priority level. 24x7 support is an optional extra.
Support gives clients access to a Cloud Support Engineer.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Project initiation meetings/kick off meetings identify key hosting requirements and support the users in using our service. We provide end-to-end support so no training required.
Service documentation No
End-of-contract data extraction We will provide data in whichever format user's require.
End-of-contract process Included in the contract is environment setup, full support, advice on suitable technology and hosting of their service.
At the end of a contract, there may be additional project work to close down the service, which will be costed separately.

Using the service

Using the service
Web browser interface No
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources All users are hosted on separate services and do not contend with each other.
Usage notifications No


Infrastructure or application metrics No


Supplier type Reseller providing extra support
Organisation whose services are being resold Amazon Web Services

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Virtual machines and databases
Backup controls Specific back up requirements can be defined as part of the project setup and kick off.
Datacentre setup Multiple datacentres
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Availability of the AWS infrastructure service is 99.9 % of the time excluding notified planned downtime.
Approach to resilience Available on request
Outage reporting We provide email alerts from our support team

Identity and authentication

Identity and authentication
User authentication Username or password
Access restrictions in management interfaces and support channels Username and password protected over a secure IPSEC connection with credentials limited to support personnel only.
Access restriction testing frequency At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified No
Security governance approach AWS is security governance accredited.
Nomensa have security policies in place and compulsory security training for all staff.
System access is restricted to support personnel.
Information security policies and processes Compulsory security training is provided to all staff.
Enterprise password management.
All laptops have encrypted hard disks.
We have reporting up to board level for security issues.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All change management and release processes go through our standard development cycle and security assessed by our DevOps team.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our DevOps constantly monitor our services for potential threats and deploy patches as required based on the severity of the issue. We are constantly monitoring our suppliers and industry standard websites to identify potential issues.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We are constantly monitoring our systems for potential compromises and have processes in place to inform affected clients should a compromise occur. Any incident is regarded as a priority 1 and receives immediate attention.
Incident management type Undisclosed
Incident management approach All our sites have comprehensive logging to alert the support team to potential issues. We have a ticketing system to allow users to report incidents and we will inform our clients should we discover an issue.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Organisations do not share the same infrastructure

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £60 per virtual machine per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑