Sapient Ltd

Amazon Web Services (AWS) Managed Hosting

Our Cloud Hosting service consists of the provision of infrastructure, software and administrative tasks to make applications securely available to clients over the Internet.

We offer clients a global, platform-agnostic service. We are experienced in delivering scalable, secure and rapidly deployed hosting solutions via all of the public cloud providers.


  • Multi vendor based consultancy, platform selection and design service
  • DevOps based provisioning of automated resources using configuration management tools
  • Fully managed SLA based 24x7x365 support
  • In-service capacity and availability management
  • Backup, Restore and recovery services
  • Security services including DDoS mitigation, IPS/IDS, WAF, etc.
  • Proactive platform monitoring for availabity, performance and security
  • Proactve maintenance of entire operating system and technology stack
  • Performance tuning & capacity planning
  • ITIL based service for Change, Event, Incident and Release Management


  • Expertise of a fully accredited AWS Advance Consulting Partner
  • Unique full service managed services offering within a digital agency
  • Over 20-years experience hosting some of the worlds busiest websites
  • A single supplier to take complete responsibility for the platform
  • Understanding of the entire technology stack, including applications and integrations
  • In depth expertise with DevOps to maximise automation
  • ITIL processes underpinned by ServiceDesk portal for efficient service management
  • Efficient management of third parties
  • TCO & ROI management through effective planning and provisioning


£60 to £165 per person per hour

Service documents


G-Cloud 11

Service ID

9 1 8 3 2 8 2 0 6 0 3 1 5 9 7


Sapient Ltd

Manpreet Brar


Service scope

Service constraints
The scope of our services are defined for each client based on their requirements. During the discovery phase of our engagement we ensure that the relevant support, infrastructure, configuration, development, platform, security, data, content and application needs are met based on the request and the scope of the engagement is agreed between both parties.
System requirements
System requirements are agreed based on Client needs.

User support

Email or online ticketing support
Email or online ticketing
Support response times
No different on weekends
User can manage status and priority of support tickets
Online ticketing support accessibility
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Our managed hosting service is pro-actively managed and monitored by a team of skilled engineers. Incidents and requests are submitted to the web-based Service Desk tool. Further queries can be submitted to the Service Delivery Manager.
The team provides 1st-through-3rd line support, capturing and progressing incidents and requests logged via the Service Desk or monitoring systems, and escalating functionally within the team to appropriate areas of expertise or to Service Delivery Managers in the event of major incidents or client impacting changes. A named SDM and TAM will be allocated to the client. We engage with our clients to design the relevant support model to fit the business needs, this can be 24*7, or Working Hours only. We also define SLAs specific to client needs. Our standard target SLAs for response times are covered by the section on User Support.
Support available to third parties

Onboarding and offboarding

Getting started
We have a defined on-boarding process which encompasses planning the service and assessing the service readiness. This includes:
• Planning key dates for the transition
• Developing risk mitigation plans
• Knowledge Sharing to ensure the team are trained in client specific applications where necessary.
• Acceptance Criteria to ensure that both parties agree on what constitutes service readiness, and allows us to transition seamlessly into a full support model.
• Introduction and Training on the Service Desk for clients and third parties
• Ways of Working sessions to agree how we work with key stakeholders, and define ways to report status
Handover and Transition
The handover phase is designed to ensure that the technical teams gain a thorough understanding of the service and/or applications that are being supported. During transition, a Technical Support Document (TSD) is created which forms the kernel of our knowledge base. This is maintained as a living document throughout the life of the support service and includes details such as release processes, branching strategies, runbook and QA Test Cases (automated and manual) documentation, among others.
Service documentation
Documentation formats
End-of-contract data extraction
Off boarding is a defined process where we engage with the nominated supplier who will be taking over the support services, or client internal team as relevant.

This includes:
• Planning key dates for the transition
• Developing risk mitigation plans
• Knowledge Sharing to ensure the new team have all documentation passed to them.
• Acceptance Criteria to ensure that both parties agree on what constitutes service readiness, and allows the client to transition seamlessly their new supplier.

We will provide all run books and technical documentation, and any source code files required as part of the handover process. Client can nominate whether to receive these directly or whether we work with the nominated supplier.
End-of-contract process
The off boarding process is a stand alone cost. Should there be a requirement for this to be an inclusive fee within a fixed term contract this can be negotiated during the contract drawing up process.

Using the service

Web browser interface
Using the web interface
We identify key delivery objectives of availability, security, scalability and performance for our clients. Based on the requirements, we install and manage the hosting platform on behalf of our clients. As part of our Managed Services, we offer our clients access to the Service Desk. Any required changes to configuration, capacity or security protocols etc, a ticket would be raised to the Service Desk. This is allocated to the relevant team member to carry out the service request, or to work with the client to understand the requirements and provide the fulfillment of the request based on technical expertise and within a controlled change management process. This allows us to offer a seamless, broad and responsible support service to ensure the platform remains operational and successful at all times. Any activities on the production environment will go through a rigorous process including technical assessment, risk assessment, security assessment, approval and all changes that could have a service impact will be scheduled in alignment with client's business needs. All activities on our cloud hosting infrastructure are tracked via an Audit trail to provide an accessible record of implemented changes that can be used when troubleshooting failed changes or assessing post-change impact.
Web interface accessibility standard
Web interface accessibility testing
Our service desk is built using the Atlassian Stack which is fully compliant to WCAG 2.0 AAA.

Atlassian carry out regular testing on their tools to maintain accessibility, including assistive technology. This is done across a variety of screen readers and browsers and the recommended combination is to use NVDA with Firefox (PC) and VoiceOver with Safari (MAC).

Should any specific requirements be needed we are happy to liaise with Atlassian on behalf of clients for support in this area.
Command line interface


Scaling available
Scaling type
  • Automatic
  • Manual
Independence of resources
By offering a cloud based solution, we ensure that services are independently maintained on a shared infrastructure but independent of each other.

We work with clients to understand the capacity and load baseline requirements, architecting the solution to support these needs and anticipated scalability requirements.

Once in production, our expert network and hosting architecture support teams pro-actively monitor and manage all service supporting components in the underlying data centre or Cloud infrastructure, including shared components such as load balancers, SAN storage and switching infrastructure.
Usage notifications
Usage reporting
  • Email
  • SMS
  • Other


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Google, Oracle, AWS, Microsoft Azure

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
What’s backed up
  • Virtual Machines
  • Content Backups on a defined schedule
  • Database Backups on a defined schedule
  • Configuration and versioning can be managed via Chef or Ansible
Backup controls
All machines are backed up fully each week, with daily incremental backups each night. Specific data can be backed up even more frequently if required, for example large, frequently changing databases may require their transaction logs to be backed up hourly. Custom backups can be made to tape for archival purposes. DigitasLBi will work with clients to develop a backup strategy that meets specific requirements.
The service retains backups for disaster recovery purposes only, not for content archiving, therefore only 14 days of backups are retained as standard.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We offer a range of Availability SLAs, from 99.0% up to 99.99%, based on the platform, infrastructure and client requirements.
We use both internal and external monitoring services to monitor all aspects of the platform, every 5 minutes, to ensure availability is measured effectively and accurately.
Our hosting SLA covers all components of the infrastructure, including servers, storage and networking. We can also provide an availability SLA for the applications using our Application Support service.
Service credits are calculated on a percentage of the monthly hosting fees, based on the difference between the achieved SLA and the target SLA. They are credited monthly in arrears.
Approach to resilience
We architect our public cloud solutions to utilise the redundant and fault tolerance features of the cloud. Servers are distributed across multiple availability zones and regions and duplicated where appropriate to provide fault tolerance across all disaster scenarios.
The if the applications support it, we ca configure elastic scaling to ensure the infrastructure scales in line with demand, ensuring high performance across all traffic demands.
Where appropriate we can deploy cloud services to replace tradition server base software. This can save cost and provide better resilience and performance. A popular cloud service frequently deployed is database as a service, to replace tradition database servers and software.
We utilise the latest DevOps and Infrastructure-As-Code practices to create dynamic, scalable and resilient applications that are easy to maintain, cost efficient and reliable.
Outage reporting
Our Incident Management process guides individual and team behaviour with the aim of detecting and logging incidents and requests and ensuring technical and management teams respond efficiently and effectively in order that requests are fulfilled and service is restored to clients as swiftly and stably as possible.

In the event of an outage, the Service Delivery Manager contacts the client to inform them. Client also has full access to the Service Desk, and is able to configure a dashboard to receive alerts on incidents and track resolutions in real time. Further updates are then communicated using a combination of methods, including the dashboard, ticket updates and incident reports in accordance with the severity of the outage as documented in our Incident Management process.

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
The default login for our service desk tools is based on username and password. On request, we can enable a two factor authentication process. This can be extended to 3rd party providers as well.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Jon Russell
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Our data centre is covered by the ISO/IEC 27001 certification. We carry the principles of the ISO framework through to our development, application management and platform support offerings but these are self regulated.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We apply rigorous processes within our development framework to ensure that we develop, configure and manage applications and infrastructure to meet the security needs of our clients.

If an incident is identified as being a security incident either by an investigating engineer or by a security monitoring system then it is immediately escalated to senior technical colleagues, the service design and architecture team, the service delivery manager and the senior management team form a dedicated Security Response Team.

The incident investigation and resolution then proceeds with an elevated level of priority, and with greater emphasis on data capture and communication to senior internal stakeholders.

If the incident occurs on, or has an impact on a client service then relevant client stakeholders are informed immediately and the further progress of investigation and resolution can involve teams and workflows internal to the client, depending on business impact and compliance issues.

The process downstream of this is tailored to individual clients based on the nature of their business and information security policies.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All significant or potentially service-affecting changes to component configuration are submitted to a change management process where they are technically reviewed, risk-assessed, scheduled and then re-reviewed post-implementation.

The assessment of all changes includes potential security impacts and a full risk analysis of the proposed change.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Security reviews are performed every quarter and discussed at service review meetings. We also offer automated security testing during the release cycle to identify the top 10 OWASP vulnerabilities, plus hundreds of others.
An annual independent 3rd party vulnerability and security testing audit is recommended, using an independent ISO27001 security testing company. A suitable 3rd party vulnerabiltiy and security testing company can be identified as part of the full service offered.
Critical issues found are raised immediately via the service desk to be fixed by the support team under SLA.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
A centralised log management platform is used to log and audit access and intrusion detection and non security related activities.

Logs ingested by the CLMP are indexed, providing real-time searchable data for an holistic view of security, allowing multiple (apparently unrelated) logs to be linked in a single security event, enabling rapid real-time issue analysis.

Events can be configured to trigger alerts. If an attack is detected, alerts will be raised and outputs from the logging platform used to create a mitigation response. These alerts are integrated into our support service. All incidents and security events are resolved under SLA.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our ITIL compliant Incident and Request Management process guides individual and team behaviour with the aim of detecting and logging incidents and requests and ensuring technical and management teams respond efficiently and effectively in order that requests are fulfilled and service is restored to clients as swiftly and stably as possible.

Our Service Desk tool enables clients to raise Incidents direct to the support team. Incidents are triaged by a systems analyst and assigned to the relevant support team to resolve under SLA.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
How shared infrastructure is kept separate
A cloud-based solution, we ensure that services are independently maintained on a shared infrastructure but independent of each other.

We work with clients to understand the security requirements, architecting the solution to support these needs and incorporating best practice approach to security and access protocols.

A Virtual Private Cloud provides complete network layer separation from any other portion of the environment. A VPC acts as a container for any resources in a given region, including virtual machines, storage, security rules, database instances, Cloud Formation stacks etc. Authentication and DNS, span all VPCs – allowing, e.g. global user access control policies.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
All AWS availability zones are compliant for EU code of conduct. More information can is provided on


£60 to £165 per person per hour
Discount for educational organisations
Free trial available

Service documents

Return to top ↑