Our comprehensive compliance framework delivers a credible position in four strategic areas: quality, information security, IT service management and the environment.

Our Credentials

UKCloud has significant experience in successfully delivering certified management systems, and ensuring that they encompass developing best practices.

  • Data Governance in the UK Public Sector

    UKCloud is helping the UK Public Sector and our ecosystem of expert technology partners to embrace technical innovation and best practice, and improve their organisation’s security posture.

    Read PDF
  • Data Governance in the Healthcare Sector

    We have developed and implemented a comprehensive information security and data protection framework which provides our healthcare customers and partners with credible assurance material.

    Read PDF
  • Data Governance in Defence

    UKCloud supports a growing portfolio of defence related activities which are helping our Armed Forces to protect the UK and its interests, by delivering secure, connected services quickly and efficiently.

    Read PDF
  • Data Governance in Police and Justice

    For Police Forces, the confidentiality, integrity and availability of their sensitive datasets is essential. UKCloud helps to protect the UK population with essential and time-critical activities.

    Read PDF
  • Governance

    Every aspect of our platform and the cloud services we provide are subject to regular, independent validation.
    Quality Management (ISO9001)

    UKCloud’s established Quality Management System, certified to ISO9001, delivers robust and effective policies and processes, enabling all parts of the organisation to function efficiently and in a controlled manner. We are committed to understanding each client’s requirements, delivering their agreed solutions on time and to budget, and ensuring their expectations are exceeded such that UKCloud can report the highest levels of client satisfaction.

    IT Service Management (ISO20000)

    UKCloud acknowledges that the IT Infrastructure Library (ITIL) represents best practice in the field of IT Service Management, and its service management processes align with the latest ITIL framework. Our clients can be assured that their contact with UKCloud will be with experienced individuals who have a thorough understanding of our ITIL aligned processes, ensuring that each client solution is being managed and operated in an effective and controlled manner. Alongside its formal ISO20000 certification, many of its employees are individually ITIL certified. Additionally, UKCloud participates in Forums and Special Interest Groups aimed at the continual development and adoption of ITSM best practice.

    Information Security Management (ISO27001)

    Of the utmost importance to UKCloud is the protection of the confidentiality, integrity and availability of data: both UKCloud’s own and that entrusted to UKCloud by its clients. UKCloud’s ISO27001 certified Information Security Management System (ISMS) is based upon a robust framework of information security policies and procedures, aligned with the UKCloud Risk Assessment Methodology. This methodology constantly assesses for a wide variety of threats and vulnerabilities that, if left unchecked, may compromise information assets or the supporting assets upon which they depend for their security.

    Security Controls for Cloud Services (ISO27017)

    Enhancing the framework of existing security controls provided by ISO27001, the ISO27017 standard provides a more focused approach to managing the risks associated with the selection and use of cloud computing environments, both from the perspective of the cloud service provider and also the cloud consumer. UKCloud was one of the first organisations to achieve external certification against the ISO27017 standard.

    Personal Data in the Cloud Security (ISO27018)

    Enhancing the framework of existing security controls provided by ISO27001, the ISO27018 standard provides a more focused approach to managing the risks associated with personal data within cloud environments. ISO27018-specific controls include the disclosure of the geographic location of personal data, processes for the notification of data disclosures and data breaches, requirements to disclose details of sub-contracted processing activities and regulations relating to a customer’s right to access and delete personal data. UKCloud was one of the first organisations to achieve external certification against the ISO27018 standard.

    Cyber Essentials Scheme

    UKCloud was one of the first organisations to have successfully achieved both Cyber Essentials and Cyber Essentials Plus. Launched by the UK Government in 2014 to reduce cyber risks across all types of organisation, this important initiative helps to safeguard the country’s growing digital economy. UKCloud has been assessed in five key control areas – boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management. The Plus level additionally requires thorough independent technical checks of UKCloud’s platforms and systems, and seeks to identify whether they could be compromised by a variety of different cyber-attack scenarios.

    CSA Cloud Security Alliance

    Developed by the Cloud Security Alliance, the Cloud Controls Matrix presents a set of security controls which allow customers to readily assess the capabilities of potential cloud service providers. With guidance across 16 core areas, including identity and access management, infrastructure and virtualization security, data centre operations and security incident management. UKCloud’s status can be validated within the CSA STAR Registry on their website.


    JOSCAR (the Joint Supply Chain Accreditation Register) is a collaborative tool used by the aerospace, defence and security industry to act as a single repository for pre-qualification and compliance information. Using JOSCAR can determine if a supplier is “fit for business”. UKCloud’s registration on JOSCAR can be validated through Hellios, the managing organisation of JOSCAR.

    Data Protection / GDPR

    Our Data Protection Officer and data protection policies ensure we meet the highest standards of data protection, including GDPR. The UK Data Protection Act 2018 (incorporating the requirements of the EU General Data Protection Regulation 2016/679 “GDPR”) replaced the previous Data Protection Act 1998. This new legislative framework represents a significantly more comprehensive approach to the protection of personal data.

    HIPAA Compliant

    Our cloud hosting services are compliant with HIPAA (the Health Insurance Portability and Accountability Act of 1996). HIPAA safeguards Protected Health Information (PHI), including any type of individually identifiable health information which is transmitted or maintained in any form or medium. An established piece of legislation in the US, HIPAA is not a requirement for UK providers unless they deliver services to US healthcare bodies. UKCloud Health now enables its partner community to offer their services to the US market by utilising one compliant cloud platform.

    CarbonNeutral® Company

    We’re a verified Carbon Neutral® Company. We’ve worked to identify and measure the carbon footprint associated with all forms of CO2 emissions across our business, and we’ve implemented a variety of initiatives to reduce energy use and emissions as far as possible.

    Additionally, all UKCloud services are validated as being CarbonNeutral® Cloud Services. Our public sector customers benefit from this important status free of charge, being provided with verifiable evidence of carbon reduction and offsetting activities to support their own environmental submissions.

    Police Assured Secure Facilities (PASF)

    The National Policing Information Risk Management Team (NPIRMT) from the Home Office regularly reviews our cloud platforms, services, operational processes, and facilities, and has confirmed that they are PASF compliant. This provides comprehensive assurance to our blue light customers that UKCloud can safely process and store their most sensitive datasets.

    We're Certified Carbon Neutral

    Our Green Credentials