Influential Software

Cloud hosting using Amazon Web Services (AWS)

Amazon Web Services offers a set of global cloud-based products including compute, storage, databases, analytics, networking, mobile, developer tools, management tools, IoT, security and enterprise applications.

AWS can power a wide variety of workloads including: web and mobile applications, game development, data processing and warehousing, storage, archive, and others.


  • Massive storage using S3 buckets
  • Orchestration tools (Lambda)
  • Platform as a service
  • NoSQL database
  • SQL database
  • Analytics and machine learning
  • Infrastructure as a service
  • Web hosting
  • Application hosting


  • Extensible, elastic environment
  • Massively scalable
  • Wide range of tools available
  • Low cost of usage
  • Massive range of tools available


£100 per server per month

Service documents

G-Cloud 10


Influential Software

Andy Richardson

0207 337 6136‬

Service scope

Service scope
Service constraints None.
System requirements None - dependent on configuration

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Email or online ticketing support

Support response times
SLA is offered, covering 4 hour support response, Mon-Fri 08:00-18:00
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels SLA is offered, covering 4 hour support response, Mon-Fri 08:00-18:0
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Provide consultancy to help set-up, configure and create a new service for users, with bespoke training and documentation
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Customisable, according to the kind of tools deployed. Bespoke in each case.
End-of-contract process Any end-of-contract services can either be built into the contract or paid for as additional services.

Using the service

Using the service
Web browser interface Yes
Using the web interface Full on-line portal offered. Menu based system to locate the correct service and manipulate elements of the service.
Web interface accessibility standard None or don’t know
How the web interface is accessible Upported browsers

Internet Explorer 10
Internet Explorer 11
Safari 9+
Web interface accessibility testing N/A
What users can and can't do using the API All functions within AWS are fully accessible via API
API automation tools
  • SaltStack
  • Puppet
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
Command line interface Yes
Command line interface compatibility Linux or Unix
Using the command line interface Users can use the CLI to monitor, configure, create or update their estate


Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources Various dependent on platform selected, from bare-metal builds to encapsulated networks
Usage notifications Yes
Usage reporting
  • API
  • Email
  • SMS


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Amazon

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Virtual machines
  • Clustered servers (mirroring)
  • Attachable storage
  • Archiving tools
Backup controls Various - according to the mechanism chosen
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability 100% uptime is guaranteed.

If less than that is met, Service Credits are offered:

Less than 99.99% but equal to or greater than 99.0% = 10% credit
Less than 99.0% = 30% credit
Approach to resilience This is a question for the vendor: Amazon.

Please note all services available under AWS are highly resilient and have many potential strategies dependent on the type of hosting/service that is being used.
Outage reporting There is a public service dashboard, but APIs are also available, allowing polling of service status.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Bespoke, dependent on application/deployment
Access restriction testing frequency Never
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We have an on-going 'Security' project, led by the Operations Manager, where were constantly review policies, software, versions etc. This meets weekly and is concerned with server monitoring and security.
Information security policies and processes This is entirely bespoke dependent on the type of hosting agreement that is in place. AWS have their own policies (well documented), that govern the actual datacentres.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Components are reviewed and patched regularly according to a diarised schedule. A platform head is responsible for each key technology strand and tasked with monitoring the release cycle and vulnerabilities of each key software component.
Weekly meetings review the on-going security measures and potential threats that have been flagged.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Patches are scheduled regularly, at least weekly, but bespoke dependent upon the customer's requirement.

Information comes from multiple channels, including security forums, via system experts and other channels.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Bespoke dependent on customer requirement
Incident management type Supplier-defined controls
Incident management approach We have a helpdesk and triage process, audited to recognised standards as part of our partnership with SAP - via their PCOE (Partner Centre of Excellence) programme.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Citrix XenServer
How shared infrastructure is kept separate By using the Xen Hypervisor technology. Can also have bare-metal (dedicated instance) if required.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £100 per server per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑