IBM United Kingdom Ltd

IBM Cloud for Skytap Services (OFFICIAL)

IBM Cloud for Skytap Solutions (ICSS) is a public cloud supporting and accelerating the modernisation of traditional applications without the additional overhead of refactoring.
ICSS provides cloud-based application environments enabling rapid, reliable & repeatable deployment and management of x86/AIX/Linux (running on Power) enterprise application environments in IBM Cloud.


  • Ability to generate complex environments from templates
  • Ability to create multiple networks in environments
  • Ablity to isolate network environments while keeping networks the same
  • Ability to suspend environments and save state
  • Ability to apply quotas to resources at multiple levels
  • Ability to connect environments to on-prem resources through a VPN
  • Library features to manage all develpment and test VM images
  • Ability to adjust system resources from user interface
  • Full feature Restful API
  • Plugins to integrate most popular CI/CM and development tools


  • Generate complex environments with 2 clicks
  • Run multiple copies of the same environment without network conflicts
  • Decompose complex environments into smaller units for testing
  • Manage user and project consumption
  • Interface with existing SSO solutions
  • Share environments across teams
  • Secure environments to work like a private cloud solution
  • Audit all users and committed functions
  • Run and manage Container and Container host
  • Run z/OS and AIX workloads in a cloud

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Hybrid cloud
Service constraints No known constraints
System requirements
  • Solution requires imported VM images to be VMWare compatible
  • Solution requires IPSec VPN for communicat to on-prem systems.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard and Enterprise response times are valid Sunday 10PM to Friday 8PM (PT).
Platinum support levels are 24/7/365.
In addition, client will have access to online system health dashboard, online help documents and access to ICSS/Skytap Academy.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible For your IBM Cloud account, go to Support and if you have advanced or premium support, click Live chat to talk to an IBM Cloud support representative.
Web chat accessibility testing N/A
Onsite support Yes, at extra cost
Support levels This IBM solution can be purchased with additional support services depending on the client needs.

The cost varies greatly depending scope of services, which may be simple on-boarding help for a few days, or multiple resources on site full time.

Yes, you will be assigned an account manager.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started On-boarding and onsite training services are typically sold with the product. Many clients choose to train via online videos and web documentation.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction User data can be exported via several capabilities. When the contract ends, we typically give clients extra time to export their images and data.
End-of-contract process The offering is subscription based. At the end of the contract, the account will restricted from running new environments, but will be given access to their images and data that they can be exported and stored remotely.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Some of the more complex network and environment management features are not offered through the mobile interface.
Service interface No
What users can and can't do using the API The IBM Cloud for Skytap Services solution exposes all available UI functions through the RESTful API. The solution is also enabled with a rich set of plugin's that make for easy integration with most available DevOps products.
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation The environment provides for moderate levels of customization. Page styling and logos can be customized, along with other aspects of the look and feel.


Independence of resources The Skytap solution maintains a capacity buffer of approximately 30%, allowing for plenty of headroom for unplanned demand.


Service usage metrics Yes
Metrics types The solution provides metrics for environment usage, disk storage, and user activity.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type Reseller providing extra support
Organisation whose services are being resold Skytap Inc.

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users export their data directly from the UI console. The export function uses sFTP for the transport protocol.
Data export formats
  • CSV
  • Other
Other data export formats
  • Json
  • Ova
Data import formats Other
Other data import formats
  • OVA
  • OVF
  • VMDK

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The SLA's for this solution are included, titled IBM Cloud for Skytap Services Service Description document.

Client is eligible for a service credit for each cumulative whole hour of downtime, up to a maximum of 20% service credit per month.
Approach to resilience The solution currently runs in 7 global data centers, and has been at 5 x 9's availability over the last 4 years.
Outage reporting Outages are reported via email and public dashboard.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication SSO/SAML
Access restrictions in management interfaces and support channels The Skytap solution provides a very granular level of access control via an organization structure and Access Control Lists.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Coalfire ISO
ISO/IEC 27001 accreditation date 15/4/2016
What the ISO/IEC 27001 doesn’t cover Unknown
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 06/04/2018
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover Unknown
PCI certification Yes
Who accredited the PCI DSS certification Independent QSA
PCI DSS accreditation date Unknown
What the PCI DSS doesn’t cover Unknown
Other security certifications Yes
Any other security certifications
  • EU Model Clauses

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Skytap is SSAE 16 SOC 2 Type 2 certified, as well as EU-US Privacy Shield Certified

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The Skytap solution tracks all network, storage, and software components through the change and configuration management process. Each component is build with independent monitoring capabilities to capture and report any faults.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach The Skytap solution adheres to the SSAE 16 SOC 2 Type 2 compliance standard to access potential threats. There are active threat detection devices in every Skytap deployment, as well as 24/7 security scanning. Skytap does regular penetration testing via nGuard.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Potential compromises are identified by the security scanning processes or by client reports. Notification of potential compromise is typically immediate with follow-on investigation disclosure and disposition coming within 60 days.

Skytap responds to all client incidents within 2 hours.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach The incident management process is predefined for common events. Users report incidents through the standard support processes, either via phone or email. Skytap provides incident reports via email based on terms of the contract.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Health and Social Care Network (HSCN)


Price £34.53 per gigabyte per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Skytap can be used for a free for 1 month. The trial account includes 25 GB of memory for running environments.
Link to free trial

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑