Secret Source

Cloud Hosting

Cloud Hosting by Secret Source.
Fast, secure and reliable web hosting for business, with full support from our friendly (human) team.
Our Cloud Hosting set up is managed by experts to provide high levels of speed, capacity and functionality.


  • Lightning fast speeds
  • Good for up to 100k monthly visits
  • Account management & support from real people
  • Daily backups
  • Up to 50 email accounts
  • Free enhanced SSL certification
  • Disaster management and recovery
  • Email Account Forwarding and autoresponder
  • POP3/IMAP Email setup support


  • A safe and reliable home for your business to grow
  • A friendly, human support team
  • Customer-centric and flexible service
  • Premium solutions also available
  • Rapid infrastructure elasticity
  • Data security
  • Disruption-free updates
  • Competitive pricing
  • Rapid response to support requests with quick resolution times


£30 to £50 per person per hour

  • Education pricing available

Service documents

G-Cloud 9


Secret Source

Richard Clarke

0207 1933739

Service scope

Service scope
Service constraints Our support team and project managers are always prepared to go the extra mile - offering help as and when it's needed.
System requirements Software Licenses, Admin Fees and Associated Costs Included

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We're open during regular UK office hours Monday through Friday and from 10am to 3pm at weekends.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We pride ourselves on the high level of support we offer which includes access to your own personal project manager.

Our technical support team are available during weekday office hours (including bank holidays) and from 10am-2pm at weekends.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide full user documentation and online training/support as needed.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction All data is delivered in a choice of user-defined formats.
End-of-contract process All concluded contracts include exit-support at no additional cost.

Using the service

Using the service
Web browser interface No
Command line interface No


Scaling available Yes
Scaling type Automatic
Independence of resources We provided individual, private and secure hosting for each client.
Usage notifications Yes
Usage reporting
  • Email
  • Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Network
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Full Cloud Back-Up & Recovery
Backup controls Complete back up control on request.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability No provider can guarantee 100% uptimes, but over the last 12 months our servers have delivered rates in excess of 99.99%. We do guarantee to deliver the best possible service at all times and to work quickly and efficiently to correct any issues at the earliest possible opportunity.
Approach to resilience We use the latest secure cloud hosting technology and strive to provide complete asset protection and resilience.

More information on how we ensure client safety on request.
Outage reporting Email alerts and dashboard.

Identity and authentication

Identity and authentication
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Dedicated devices on a segregated network, assured by independent validation of assertion
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach We implement thorough security vetting of all staff.
Information security policies and processes The different solutions we provide all require individual security policies.

As a rule we manage all information securely, taking full responsibility for relative compliance, prevention of misuse, privacy protection and unauthorised access.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Dedicated project managers remain with a client through the lifetime of our service, tracking change, updating clients and monitoring security issues.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We're constantly monitoring all our systems for potential threats. Fixes, patches and updates are made as soon as we're aware of their availability, usually within hours.
Protective monitoring type Supplier-defined controls
Protective monitoring approach With a dedicated team of programmers on site we have the capacity to continuously monitor software and tools, identify any issues before they become problems and either repair, update or replace as necessary.
Incident management type Supplier-defined controls
Incident management approach Depending on the severity of individual incidents we appoint a dedicated project manager to each case. It's their responsibility to make contact with and update clients, ensure there is no breach of security or privacy and to develop a strategy for correcting the issue.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £30 to £50 per person per hour
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑