Velocity Technology Solutuions UK Ltd

Infrastructure and Platform as a Service (IaaS & PaaS)

Virtual server infrastructure provisioned to customers’ exact technical specification. 24x7 monitored and managed platform. Velocity architected Private Cloud and Velocity managed (through VCAMP) Public Cloud services available (AWS, OCI, Azure). Compute, memory and storage resources can be changed quickly. PaaS customers can easily transition to Velocity Managed Application services.


  • Fast, Velocity architected server OS & DB provisioning
  • Specialists in providing complex interconnected server estate solutions
  • Rapidly scalable compute, memory and storage resources
  • Velocity Cloud Applications Management Platform (VCAMP) manages across Public/Private
  • Highly resilient, Enterprise level infrastructure
  • Variety of network connectivity options available
  • Variety of DR options available certified to ISO22301
  • Technical and functional applications expertise available for main ERP platforms
  • ISO20000 Service Desk delivering 24x7 Platform Monitoring & Management
  • ISO27001 (Information Security) Certified solution


  • Increase service availability through resiliency and 24x7 monitoring & management
  • Only pay for what you use and reduce your TCO
  • React faster to new business requirements that need more infrastructure
  • Access to experienced platform technical experts, System Administrators & DBAs
  • Reduce or even eliminate your capital costs
  • Hybrid Private/Public solution - appropriate platform for workload
  • Access to infrastructure temporarily for projects rather than buying
  • Improve accessibility – access anytime from anywhere if required
  • Improve flexibility – change direction without people or financial issues
  • Provides an opportunity to optimise your software license footprint


£87.68 to £1504.25 per virtual machine per month

  • Education pricing available

Service documents

G-Cloud 10


Velocity Technology Solutuions UK Ltd

Martin Greenshields

0141 202 6412

Service scope

Service scope
Service constraints There are only a small number of constraints of the actual Velocity IaaS and PaaS services themselves.
Although it is unlikely these constraints will affect any customers, they have to be documented as part of the service and include Capacity, Resiliency & Outages, and Connectivity.
More information on these can be found in our Services Definition document.
System requirements None.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our SLAs have been designed to be highly configurable to meet each
customers individual business requirements.
Typically, these are:
P1 - 30 mins
P2 - 4 hours
P3 - 1 business day
P4 - 3 business days
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels We have a standard 24x7 support model. We respond at the SLAs detailed previously. Every account will have a technical account manager (Customer Program Manager).
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Velocity will utilise our bespoke methodology to on-board our Customer. This includes meetings with the Customer to establish requirements and detailed service design and process testing.
Our experts will take care of the full server build phase, and will provide network support to help with any connectivity issues.
Our Customers will also have access to an on-boarding manager to assist at any stage of the process.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Velocity will provide an extract in an agreed format and transport medium. eg depending on data size this could be a hard-drive or a secure removable disk.
End-of-contract process Depending on the length of the contract, as the contract end approaches, Velocity will contact the customer to agree the data extraction method and on contract end date all services will be terminated and all customer data erased.
This is included in the service cost.

Using the service

Using the service
Web browser interface Yes
Using the web interface Authorised users can perform the following functions via the web interface of VCAMP:
- Raise and view status of support requests
- View monitoring status and overall health of their hosted platforms
- View application analytics provided by Velocity Zoom
Web interface accessibility standard None or don’t know
How the web interface is accessible Authorised users can perform the following functions via the web interface of VCAMP:
- Raise and view status of support requests
- View monitoring status and overall health of their hosted platforms
- View application analytics provided by Velocity Zoom
Web interface accessibility testing N/A
Command line interface No


Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources Our technical infrastructure always contains excess capacity to accommodate rapid incremental resource usage. Storage and memory are not syndicated so there is no way a customer's demand can affect another customer. CPU usage is syndicated but our syndication levels are low thereby minimising any risk of performance issues. Our platform is closely monitored and we can allocate more compute resource quickly if any of our warning thresholds are breached.
Usage notifications Yes
Usage reporting
  • Email
  • Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Application Usage
  • Application Security
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach We can also optionally offer the following encryption technologies:
- Oracle Transparent Data Encryption (TDE)
- Storage level volume encryption
- All tape media are encrypted
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • All production Database
  • Optionally Non-Production Databases
  • All Virtual Machine images
Backup controls Users must interact with Velocity via our Service Management portal to request non-standard backup schedules.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Other
Other protection between networks VPN may also be secured via Certificate generated either by the supplier/customer or Velocity using such as Veritas.

Ultimately, we can protect data and secure access in any way that a customer or supplier may require us to do.
Data protection within supplier network Other
Other protection within supplier network Within our internal networks, we use a combination of VRF, VLAN and VDOM to segregate different functional or operational networks.

We can protect data and secure access in any way that a customer or supplier may require us to do.

Availability and resilience

Availability and resilience
Guaranteed availability Velocity guarantees 99.9% availability, assured by contractual commitment.
Approach to resilience We employ a minimum of N+1 for all architecture components thereby removing any single points of failure.
Further information available on request.
Outage reporting Web, email and direct contact with user.

Identity and authentication

Identity and authentication
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels It varies, depending on the application / service, who it's accessible to and its access method. Can do 2FA, key based, VPN, name/password
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyd's Register Quality Assurance (LRQA)
ISO/IEC 27001 accreditation date Originally February 2010, then re-certified every 3 years, re-certification due again 2019
What the ISO/IEC 27001 doesn’t cover All services within scope are covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • SSAE-18 SOC 1 Type II
  • SSAE-18 SOC 2 Type II
  • ISO 22301

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards SOC I
ISO 9001 - Quality Management
ISO 20000 - Service Management
ISO 22301 - Business Continuity Management
Information security policies and processes Our Governance, Risk and Compliance team ensure that our Information Security Policies remain current and that these are followed by all members of staff by issuing annual training followed by an exam.

Here are a few of the related policies available on our Intranet site:
- Information Security Policy
- Risk Management Policy
- Removable Media Policy
- Vulnerability Management Policy
- Government Request and Information Disclosure Policy

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All changes to infrastructure and software developments are subject to our Change Management Policy. Higher level risk and impact changes must be discussed and approved at a Change Approval Board (CAB) meeting. These meetings are run daily.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We use several devices and services to scan for threats/vulnerabilities and alert accordingly:
* Intrusion Detection and log file scanning devices are based in the data centre and scan for threats constantly.
* Internal and external vulnerability scanning solutions and services are implemented to highlight potential exposures which are then remediated based on priority via our incident management processes.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Anti-Virus and Anti-Malware - all our hosted Windows machines are protected by industry standard security endpoint protection agents, which are regularly updated.
Intrusion Detection - all Data Centres are covered by industry standard IDS
Network - all Internet-facing network connections have a "dual-skin" firewall protection utilising 2 independent equipment manufacturers for increased strength in depth.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach There are several helpdesk processes to manage incidents as they receive them, whether the come in as a new incident, a chase, an escalation or a complaint. All incidents are timed to SLA agreements, meaning there is a certain amount of time allowed to resolve a ticket depending on the incident priority.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Other
Other virtualisation technology used Velocity can offer:
VMware; Hyper-V; Oracle VM; IBM LPARs; and Oracle/Sun Solaris Logical Domains (LDOM) and Containers
How shared infrastructure is kept separate At the network layer, all customers have their own dedicated VLAN(s) for their own traffic. This applies to both physical and virtual switches in the hypervisor. Additionally, shared WAN links are separated by customer using Virtual Route Forwarding (VRF).

At the hypervisor layer, all customers have their own dedicated virtual machines. There is no sharing of virtual machines between different customers, and hence no need for any customer separation within any virtual machine.
This model of resources dedicated to customers extends to all areas wherever possible eg. backup tapes, customer-dedicated datacentre racks where required.

Energy efficiency

Energy efficiency
Energy-efficient datacentres No


Price £87.68 to £1504.25 per virtual machine per month
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑