Astun Technology Ltd

QGIS in the Cloud

QGIS in the Cloud provides users with web based access to a fully managed pre-configured Desktop GIS that includes Ordnance Survey background mapping, address searching, direct access to a corporate Spatial Data Warehouse, print templates, processing services and more as standard.


  • Cloud hosted Enterprise Desktop GIS accessible anywhere via web browser
  • Pre-configured for the UK with OS background mapping, gazetteers etc
  • Direct access to Spatial Data Warehouse (PostGIS) included as standard
  • QGIS functionality can be extended with user installed plugins
  • Upgraded and maintained by Astun to latest Long Term Release
  • Excellent performance - No high spec client machines needed
  • Web browser access ideal for remote / flexible working
  • Any client machine with HTML 5 web browser (e.g. Chromebook)
  • Responsive IT Support Helpdesk (2nd line)
  • Seamless integration with iShare and Enterprise Metadata services


  • Pre-configured for UK Public Sector so users are immediately productive
  • Fully managed with no local infrastructure to maintain and support
  • Access anytime from any device encouraging flexible working and productivity
  • Excellent performance on low spec clients - Avoid expensive upgrades
  • Data is securely cloud hosted and backed up
  • Spatial Data Warehouse avoids duplication and encourages data sharing
  • No specialist configuration / training needed
  • Automated user on-boarding from single sign on credentials
  • Simple pricing model, with discounts for portable Microsoft licenses
  • Lower cost of ownership compared to on-premise GIS


£149 to £378 a user a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

8 6 8 4 1 1 8 4 9 5 7 0 7 5 0


Astun Technology Ltd Astun Technology Sales Team
Telephone: 01372 744009

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Most planned maintenance will be undertaken without interrupting service availability however in the event that this is not possible downtime will be scheduled and agreed with the customer in advance.
System requirements
  • ADFS (or similar) preferred
  • Web browser supporting HTML5

User support

Email or online ticketing support
Email or online ticketing
Support response times
Astun provide the support service during normal working hours, which are between 0900 and 1700 GMT, Monday to Friday, excluding Bank Holidays.

The response times for calls logged by the customer are set out in the accompanying Astun Digital Services Terms & Conditions document.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Where applicable, Second Line Support is provided in accordance with the accompanying document - Astun Digital Services Terms & Conditions
Support available to third parties

Onboarding and offboarding

Getting started
On receipt of a purchase order Astun Technology will:
Issue Project Initiation Documents and host kick off call / meeting;
Set up QGIS in the Cloud servers within customer Virtual Private Cloud;
Configure QGIS in the Cloud with access to ADS background mapping, gazetteer and iShare SDW;
Liaise with customer on integration (ADFS etc);
Commence delivery of additional configuration and consultancy services.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
In the event that the customer terminates the service they can download their data from the service in a standard geographic file format (MapInfo tab or ESRI shp) or as a database export/backup. Customers should extract a copy of their data before their contract expires.
End-of-contract process
On receipt of a written request to terminate the QGIS in the Cloud service and subject to there being no unpaid charges outstanding, Astun will delete the hosted environment including all servers, datasets, user details and customer specific configuration stored within QGIS in the Cloud.

Any further "Off-boarding" assistance is chargeable in accordance with Astun's SFIA rate card.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Service interface
Description of service interface
Full details of the service interface can be found in the Service Definition.
Accessibility standards
None or don’t know
Description of accessibility
Full details of the service interface can be found in the Service Definition.
Accessibility testing
What users can and can't do using the API
Please see:
API documentation
API documentation formats
  • HTML
  • Other
API sandbox or test environment
Customisation available
Description of customisation
Users can customise the QGIS application using standard application functionality that allows the user interface (menus etc) and the available functionality to be customised via a comprehensive library of plugins.


Independence of resources
Customers have their own dedicated virtual private cloud.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
QGIS can be used to export data in a wide variety of formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • All common data formats as supported by GDAL/OGR
  • OGC Web Services
Data import formats
  • CSV
  • Other
Other data import formats
  • All common data formats as supported by GDAL/OGR
  • OGC Web Services

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
QGIS in the Cloud is hosted on a high availability cloud infrastructure with a failover backup hosted in a different geographic region for maximum resilience.

Internal availability testing indicates availability in excess of 99.6%

Response times for map rendering are typically less than 1 second at the server.

The services are continually monitored with automated messages sent to several staff in the event of a deterioration or failure.
Approach to resilience
QGIS is hosted within the Amazon Web Services (AWS) and is backed up to a second geographic availability zone to provide additional resilience in the unlikely event that the primary availability zone becomes unavailable.
Outage reporting
Astun set up a series of alarms to monitor the customer's cloud service. These alarms are triggered if any pre-set limits to system resources are reached (e.g. disk space). This enables Astun to address the majority of issues before any potential outage.

The customer is informed of any potential problems by email or phone.

Identity and authentication

User authentication needed
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access to management interfaces are restricted to login in via remote desktop over a dedicated VPN between customer network estate and the virtual private cloud environment dedicated to the customer. Access by Astun is also over VPN.
Access restriction testing frequency
At least every 6 months
Management access authentication
Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We are currently working towards ISO 27001.
Information security policies and processes
Astun has a formal Information Security Policy that provides a framework for the management of information security within our business processes. We are also Cyber Essentials Plus accredited.

QGIS in the Cloud is hosted on Amazon Web Services (which is ISO 27001 accredited).

Users should make appropriate decisions regarding what data to deploy within QGIS in the Cloud.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes to all Astun components are managed and tracked through their lifetime via a centralised bug-tracking, issue-tracking and project-management software application (JIRA) and associated private code repository (BitBucket) managed under source control. The software is built through a repeatable build process and after passing formally defined test cases is tagged to a specific version number at the point of release. Only released software is deployed to the customer virtual private cloud environments. Potential security impacts are assessed via a process of peer review.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Information on potential threats is continuously assessed through review of key online resources (release notes, security articles etc) for all third party components (operating systems, databases, frameworks etc). Penetration testing of the full system (including Astun components) is undertaken by independent third parties on all significant software releases. Whilst patch releases are routinely issued on a monthly basis, key security vulnerabilities are patched and released as soon as Astun become aware of them, irrespective of the stage in the release cycle.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All cloud servers are set up with alarms that monitor key system resources on the server itself allowing the detection of compromises such as denial of service attacks. In addition external monitoring services are set up to make routine periodic requests to the servers (typically every 15 mins), to check that they remain responsive, and send out alerts if any servers are unavailable. Incidents are responded to as soon as we become aware of them. Logging is enabled on the servers to provide an audit trail of potential compromises for subsequent investigation.
Incident management type
Supplier-defined controls
Incident management approach
Security related incidents are categorised as a Priority 1 within our Service Desk system, and allocated to third line support personnel (developer) for immediate investigation and resolution. Users are able to report such incidents via the Service Desk (phone, email and web form), which is routinely monitored throughout the working day by first line support staff. Contemporaneous notes are taken during the incident and recorded against the service desk ticket, which provides a detailed report of the incident itself. Key performance indicators are also published from the Service Desk System and routinely reviewed by management on a weekly basis.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£149 to £378 a user a year
Discount for educational organisations
Free trial available
Description of free trial
The scope of the trial will be by agreement.

The customer may be required to pay for the services required to set up the trial.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.