Our comprehensive compliance framework delivers a credible position in four strategic areas: quality, information security, IT service management and the environment.
We understand it is important to use the right cloud platform with the right security principles and controls in place to protect your workloads and data. To help, we have the PDFs available in the section above to explain how the platform is designed for your needs, and also have the following resources available to you:
More information about the specific accreditations that are available within our government-grade platform is available below.
UKCloud’s established Quality Management System, certified to ISO9001, delivers robust and effective policies and processes, enabling all parts of the organisation to function efficiently and in a controlled manner. We are committed to understanding each client’s requirements, delivering their agreed solutions on time and to budget, and ensuring their expectations are exceeded such that UKCloud can report the highest levels of client satisfaction.
UKCloud acknowledges that the IT Infrastructure Library (ITIL) represents best practice in the field of IT Service Management, and its service management processes align with the latest ITIL framework. Our clients can be assured that their contact with UKCloud will be with experienced individuals who have a thorough understanding of our ITIL aligned processes, ensuring that each client solution is being managed and operated in an effective and controlled manner. Alongside its formal ISO20000 certification, many of its employees are individually ITIL certified. Additionally, UKCloud participates in Forums and Special Interest Groups aimed at the continual development and adoption of ITSM best practice.
Of the utmost importance to UKCloud is the protection of the confidentiality, integrity and availability of data: both UKCloud’s own and that entrusted to UKCloud by its clients. UKCloud’s ISO27001 certified Information Security Management System (ISMS) is based upon a robust framework of information security policies and procedures, aligned with the UKCloud Risk Assessment Methodology. This methodology constantly assesses for a wide variety of threats and vulnerabilities that, if left unchecked, may compromise information assets or the supporting assets upon which they depend for their security.
Enhancing the framework of existing security controls provided by ISO27001, the ISO27017 standard provides a more focused approach to managing the risks associated with the selection and use of cloud computing environments, both from the perspective of the cloud service provider and also the cloud consumer. UKCloud was one of the first organisations to achieve external certification against the ISO27017 standard.
Enhancing the framework of existing security controls provided by ISO27001, the ISO27018 standard provides a more focused approach to managing the risks associated with personal data within cloud environments. ISO27018-specific controls include the disclosure of the geographic location of personal data, processes for the notification of data disclosures and data breaches, requirements to disclose details of sub-contracted processing activities and regulations relating to a customer’s right to access and delete personal data. UKCloud was one of the first organisations to achieve external certification against the ISO27018 standard.
UKCloud was one of the first organisations to have successfully achieved both Cyber Essentials and Cyber Essentials Plus. Launched by the UK Government in 2014 to reduce cyber risks across all types of organisation, this important initiative helps to safeguard the country’s growing digital economy. UKCloud has been assessed in five key control areas – boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management. The Plus level additionally requires thorough independent technical checks of UKCloud’s platforms and systems, and seeks to identify whether they could be compromised by a variety of different cyber-attack scenarios.
Developed by the Cloud Security Alliance, the Cloud Controls Matrix presents a set of security controls which allow customers to readily assess the capabilities of potential cloud service providers. With guidance across 16 core areas, including identity and access management, infrastructure and virtualization security, data centre operations and security incident management. UKCloud’s status can be validated within the CSA STAR Registry on their website.
JOSCAR (the Joint Supply Chain Accreditation Register) is a collaborative tool used by the aerospace, defence and security industry to act as a single repository for pre-qualification and compliance information. Using JOSCAR can determine if a supplier is “fit for business”. UKCloud’s registration on JOSCAR can be validated through Hellios, the managing organisation of JOSCAR.
Our Data Protection Officer and data protection policies ensure we meet the highest standards of data protection, including GDPR. The UK Data Protection Act 2018 (incorporating the requirements of the EU General Data Protection Regulation 2016/679 “GDPR”) replaced the previous Data Protection Act 1998. This new legislative framework represents a significantly more comprehensive approach to the protection of personal data.
Our cloud hosting services are compliant with HIPAA (the Health Insurance Portability and Accountability Act of 1996). HIPAA safeguards Protected Health Information (PHI), including any type of individually identifiable health information which is transmitted or maintained in any form or medium. An established piece of legislation in the US, HIPAA is not a requirement for UK providers unless they deliver services to US healthcare bodies. UKCloud Health now enables its partner community to offer their services to the US market by utilising one compliant cloud platform.
We’re a verified Carbon Neutral® Company. We’ve worked to identify and measure the carbon footprint associated with all forms of CO2 emissions across our business, and we’ve implemented a variety of initiatives to reduce energy use and emissions as far as possible.
Additionally, all UKCloud services are validated as being CarbonNeutral® Cloud Services. Our public sector customers benefit from this important status free of charge, being provided with verifiable evidence of carbon reduction and offsetting activities to support their own environmental submissions.
The National Policing Information Risk Management Team (NPIRMT) from the Home Office regularly reviews our cloud platforms, services, operational processes, and facilities, and has confirmed that they are PASF compliant. This provides comprehensive assurance to our blue light customers that UKCloud can safely process and store their most sensitive datasets.
In order to demonstrate how UKCloud, its platform, and services align to the Cloud security principles for the UK public sector, Health and Defence, UKCloud have produced the following three guides. Our experience in these sectors means that we understand your requirements and are happy to discuss how we can create the right solution to meet your regulatory needs.
