Accreditations and Certifications
Verified by a comprehensive set of globally accepted assurance certification
All aspects of UKCloud’s Assured Cloud platform, from security, to service management to sustainability, are underpinned and independently verified by a comprehensive set of globally accepted assurance certifications and accreditations.
With infrastructure located in secure UK data centres, our services are assessed against recognised international standards ISO9001, ISO20000, ISO27001 and ISO27018, and are subject to regular audits, assessments and inspections by certification bodies, regulators and accreditors.
UKCloud has previously achieved Pan Government Accreditation for all of its G-Cloud services, and continue to achieve UK Government accreditations, which confirms their suitability for supporting OFFICIAL and OFFICIAL SENSITIVE data. The achievement of such accreditations requires demonstration of a robust risk management system, which meets the stringent requirements of both CESG and industry best practice standards.
It also requires the complete infrastructure to successfully complete a comprehensive IT Security Health Check undertaken by an external assessment organisation on a regular basis. Our Pan Government Accreditation history, the highest available to a G-Cloud Supplier, provides independent validation for the UK Public Sector, allowing them to take advantage of our range of high performance and scalable cloud services without any compromise to their data security requirements.
National Cyber Security Centre Accredited
Specifically for the IaaS (Compute & Storage) services supplied by UKCloud to the Department for Work & Pensions
Completed GDS audits of specific services on earlier G-Cloud Frameworks
Home Office/PASF Assured Facilities & Data Centres
HSCIC/NHS Digital N3 Aggregator status
UKCloud has developed a comprehensive compliance framework which delivers a credible position in four strategic areas: Quality, Information Security, IT Service Management and the Environment. UKCloud’s compliance activities are led by our Director of Compliance and Information Assurance, who has significant experience in successfully delivering certified management systems, and ensuring that they encompass developing best practices.
Quality Management (ISO9001)
UKCloud’s established Quality Management System, certified to ISO9001, delivers robust and effective policies and processes, enabling all parts of the organisation to function efficiently and in a controlled manner. We are committed to understanding each client’s requirements, delivering their agreed solutions on time and to budget, and ensuring their expectations are exceeded such that UKCloud can report the highest levels of client satisfaction.
IT Service Management (ISO20000)
UKCloud acknowledges that the IT Infrastructure Library (ITIL) represents best practice in the field of IT Service Management, and its service management processes align with the ITIL v3 framework. Our clients can be assured that their contact with UKCloud will be with experienced individuals who have a thorough understanding of our ITIL aligned processes, ensuring that each client solution is being managed and operated in an effective and controlled manner. Alongside its formal ISO20000 certification, UKCloud is a corporate member of the itSMF (UK), and many of its employees are ITIL certified. Additionally, UKCloud participates in Forums and Special Interest Groups aimed at the continual development and adoption of ITSM best practice.
Information Security Management (ISO27001)
Of the utmost importance to UKCloud is the protection of the confidentiality, integrity and availability of data: both UKCloud’s own and that entrusted to UKCloud by its clients. UKCloud’s ISO27001 certified Information Security Management System (ISMS) is based upon a robust framework of information security policies and procedures, aligned with the UKCloud Risk Assessment Methodology. This methodology constantly assesses for a wide variety of threats and vulnerabilities that, if left unchecked, may compromise information assets or the supporting assets upon which they depend for their security.
Personal Data in the Cloud Security (ISO27018)
Enhancing the framework of existing security controls provided by ISO27001, the ISO27018 standard provides a more focused approach to managing the risks associated with personal data within cloud environments. ISO27018-specific controls include the disclosure of the geographic location of personal data, processes for the notification of data disclosures and data breaches, requirements to disclose details of sub-contracted processing activities and regulations relating to a customer’s right to access and delete personal data. UKCloud was one of the first organisations to achieve external certification against the ISO27018 standard.
Cyber Essentials Scheme
UKCloud was one of the first organisations to have successfully achieved both Cyber Essentials and Cyber Essentials Plus, and has maintained these certifications. Launched by the UK Government in 2014 to reduce cyber risks across all types of organisation, this important initiative helps to safeguard the country’s growing digital economy. UKCloud has been assessed in five key control areas – boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management. The Plus level additionally requires thorough independent technical checks of UKCloud’s platforms and systems, and seeks to identify whether they could be compromised by a variety of different cyber-attack scenarios.
To maintain its certified CarbonNeutral® Company status, UKCloud works with Natural Capital Partners, a world-leading provider of carbon reductions solutions, to measure and reduce its carbon footprint to net zero. All the greenhouse gas emissions that are produced from energy consumption, waste disposal, business travel and staff commuting are quantified, and then reduced to net zero through combining internal reduction initiatives with the acquisition of validated carbon credits to offset the remaining unavoidable carbon emissions. This approach demonstrates UKCloud’s commitment to the pro-active management and effective control of the environmental impact of all its business activities.
Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)
Evidence for these certifications/accreditations is available upon request from the Compliance Team.