Atlas Cloud Ltd

Platform as a Service

Platform as a service allows access to hosted infrastructure coupled with managed services. We are a VMware, Citrix & Microsoft partner, solutions are delivered from ISO 27001 certified data centres. Atlas Cloud are ISO27001:2013 certified as a business and are working towards BSI10012 which will be complete by September 2018.


  • Highly secure; ISO 27001:2013 certified and Two Factor Authentication available
  • Disaster recovery and business continuity included
  • Support new workload demands (e.g. GPU acceleration)
  • Host any application in the cloud
  • Standardised software and updates
  • OPEX model - transparent, per VM per month pricing


  • Scalable - react quickly to business changes
  • Deal with peak demand
  • Agile, flexible and customisable depending on business needs
  • Fully managed service
  • Highly secure – ISO 27001:2013 certified


£0 to £1500 per virtual machine per month

  • Education pricing available

Service documents

G-Cloud 10


Atlas Cloud Ltd

Sarah Cooper


Service scope

Service scope
Service constraints Planned maintenance on the first Sunday of every month, downtime will be minimal.
System requirements This solution is tailored to the users requirements.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times This would depend on the priority of the incident, this ranges from 30 minutes to 120 minutes. Extended support hours can include weekends.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Monday - Friday 08:00-18:00 as standard, extended support hours are possible at an additional cost depending on how much you extend the hours by. We do provide account management and have support engineers.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Once an order is agreed and accepted, Atlas Cloud’s implementation team will begin the on-boarding process. This will involve building and configuring the application(s) / virtual machine (s) required by the customer and the migration of any associated data to the secure data centre environments. We provide a technical Project Manager to lead the design as well as an implementation team of experienced Architects and Senior Engineers to implement, test and transition to the Atlas Cloud. There would then be a handover to the Atlas Cloud support team which is staffed by experienced Engineers at 1st, 2nd and 3rd line levels of support. The entire process would be overseen by both the CTO and COO of Atlas Cloud from the very beginning, throughout the delivery and ongoing support thereafter. Atlas Cloud uses the IT Service Delivery Management framework, ITIL, and all of the support processes are designed around this. In addition, we hold ISO certifications in 9001, 14001, 27001:2013and are working towards BSI10012 which will be complete by September 2018.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction If the client wishes to change to a different IT provider, the first step is for the client to file a request to leave. Next, an End of Contract date is agreed. Data is then collected via the client from the Atlas Cloud data centre or placed in an encrypted location at the request of the client. Atlas Cloud do not keep unencrypted data outside the data centre. The customer can extract their data at any time, whether by self-service request or a request for Atlas Cloud to perform on the customer’s behalf. The cost of this will be based upon a time and materials basis. Client owned licenses are subsequently handed back to the client and any rented hardware is returned to Atlas Cloud. Finally, the client’s data is deleted from the systems and a confirmation is sent to the client.
End-of-contract process The cost of the contract only covers the contract and not and additional work needed to exit the contract. We would charge an hourly rate for any additional work that needs to be completed as part of the contract end.

Using the service

Using the service
Web browser interface Yes
Using the web interface NA
Web interface accessibility standard None or don’t know
How the web interface is accessible This is not something that we have looked at.
Web interface accessibility testing None as we have not had a requirement to do this.
Command line interface No


Scaling available No
Independence of resources Dedicated hosts, dedicated storage and dedicated virtual machines.
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Virtual Machines
  • Files
  • Databases
Backup controls We control the backup schedule, should the user wish to change this we would request that they make this request in writing.
Datacentre setup Single datacentre with multiple copies
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.5% uptime guaranteed. Service credits can be available on request.
Approach to resilience Available upon request
Outage reporting Email or text alerting.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels We have separate accounts for management and administration. Separate VLANs between management servers and other.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ISOQAR
ISO/IEC 27001 accreditation date 12/08/2014
What the ISO/IEC 27001 doesn’t cover Nothing is excluded
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Atlas Cloud follows ISO 27001. The information security policy is sent to all employees and confirmation of adherence is recorded.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have an change management process that has a multi level approval process and a dedicated changed manager. Components of the service are monitored and maintained with any risks to service noted on a risk register.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have mechanisms for threats to be flagged by our monitoring system and the engineers that work on the systems. We can deploy emergency patches in line with our change management process. We have three standard change windows per week and one monthly maintenance window.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We use various software to monitoring our systems, the software auto creates an incident into our incident management system when a threshold is breached. The incident is then categorised and prioritised and the appropriate SLA assigned. Dependant on the priority the incident is responded to within 30-120 minutes.
Incident management type Supplier-defined controls
Incident management approach We have standard operating procedures for common events that are documented. Users can report incidents via phone, email or we have a client portal that clients can log and update incidents via. We email incidents reports at the end of every month.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate VLANs and NTFS permissions. Dedicated hosts where required. Dedicated virtual machines.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £0 to £1500 per virtual machine per month
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑