Accreditations and Certifications
Verified by a comprehensive set of globally accepted assurance certification
Every aspect of UKCloud’s cloud services (including information security, data protection, service management, technical resilience and sustainability) are subject to independent verification against a comprehensive set of globally accepted validations, certifications and accreditations.
With infrastructure located in secure UK data centres, UKCloud’s services are assessed against the international standards ISO9001, ISO20000, ISO27001. ISO27017 and ISO27018, and are subject to regular audits, assessments and inspections by certification bodies, regulators and customer accreditors.
UKCloud has previously achieved Pan Government Accreditation for its G-Cloud services, and continue to achieve UK Government accreditations, which confirms their suitability for supporting OFFICIAL and OFFICIAL SENSITIVE data. The achievement and maintenance of such accreditations requires demonstration of a robust risk management system, which meets the stringent requirements of both the National Cyber Security Centre (NCSC) and industry best practice standards.
It also requires the complete infrastructure to successfully complete a comprehensive IT Security Health Check undertaken by an external assessment organisation on a regular basis. Our Pan Government Accreditation history, the highest available to G-Cloud suppliers, provides independent validation for the UK Public Sector, allowing them to take advantage of our range of high performance and scalable cloud services without any compromise to their information security and data protection requirements.
National Cyber Security Centre Accredited
Previously for all G-Cloud services, and more recently specifically for the IaaS (Compute & Storage) services supplied by UKCloud to the Department for Work & Pensions
Completed GDS assessments of services on earlier G-Cloud Frameworks
Home Office/PASF assured facilities and data centres for “Blue Light” services
HSCIC/NHS Digital N3 Aggregator status
UKCloud has developed a comprehensive compliance framework which delivers a credible position in four strategic areas: quality, information security, IT service management and the environment. UKCloud’s compliance activities are led by our Director of Compliance and Information Assurance, who has significant experience in successfully delivering certified management systems, and ensuring that they encompass developing best practices.
Quality Management (ISO9001)
UKCloud’s established Quality Management System, certified to ISO9001, delivers robust and effective policies and processes, enabling all parts of the organisation to function efficiently and in a controlled manner. We are committed to understanding each client’s requirements, delivering their agreed solutions on time and to budget, and ensuring their expectations are exceeded such that UKCloud can report the highest levels of client satisfaction.
IT Service Management (ISO20000)
UKCloud acknowledges that the IT Infrastructure Library (ITIL) represents best practice in the field of IT Service Management, and its service management processes align with the ITIL v3 framework. Our clients can be assured that their contact with UKCloud will be with experienced individuals who have a thorough understanding of our ITIL aligned processes, ensuring that each client solution is being managed and operated in an effective and controlled manner. Alongside its formal ISO20000 certification, UKCloud is a corporate member of the itSMF (UK), and many of its employees are ITIL certified. Additionally, UKCloud participates in Forums and Special Interest Groups aimed at the continual development and adoption of ITSM best practice.
Information Security Management (ISO27001)
Of the utmost importance to UKCloud is the protection of the confidentiality, integrity and availability of data: both UKCloud’s own and that entrusted to UKCloud by its clients. UKCloud’s ISO27001 certified Information Security Management System (ISMS) is based upon a robust framework of information security policies and procedures, aligned with the UKCloud Risk Assessment Methodology. This methodology constantly assesses for a wide variety of threats and vulnerabilities that, if left unchecked, may compromise information assets or the supporting assets upon which they depend for their security.
Security Controls for Cloud Services (ISO27017)
Enhancing the framework of existing security controls provided by ISO27001, the ISO27017 standard provides a more focused approach to managing the risks associated with the selection and use of cloud computing environments, both from the perspective of the cloud service provider and also the cloud consumer. UKCloud was one of the first organisations to achieve external certification against the ISO27017 standard.
Personal Data in the Cloud Security (ISO27018)
Enhancing the framework of existing security controls provided by ISO27001, the ISO27018 standard provides a more focused approach to managing the risks associated with personal data within cloud environments. ISO27018-specific controls include the disclosure of the geographic location of personal data, processes for the notification of data disclosures and data breaches, requirements to disclose details of sub-contracted processing activities and regulations relating to a customer’s right to access and delete personal data. UKCloud was one of the first organisations to achieve external certification against the ISO27018 standard.
Cyber Essentials Scheme
UKCloud was one of the first organisations to have successfully achieved both Cyber Essentials and Cyber Essentials Plus, and has maintained these certifications. Launched by the UK Government in 2014 to reduce cyber risks across all types of organisation, this important initiative helps to safeguard the country’s growing digital economy. UKCloud has been assessed in five key control areas – boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management. The Plus level additionally requires thorough independent technical checks of UKCloud’s platforms and systems, and seeks to identify whether they could be compromised by a variety of different cyber-attack scenarios.
Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)
Developed by the Cloud Security Alliance, the Cloud Controls Matrix presents a set of security controls which allow customers to readily assess the capabilities of potential cloud service providers. With guidance across 16 core areas, including identity and access management, infrastructure and virtualization security, data centre operations and security incident management. UKCloud’s status can be validated within the CSA STAR Registry on their website.
To maintain its certified CarbonNeutral® Company status, UKCloud works with Natural Capital Partners, a world-leading provider of carbon reductions solutions, to measure and reduce its carbon footprint to net zero. All the greenhouse gas emissions that are produced from energy consumption, waste disposal, business travel and staff commuting are quantified, and then reduced to net zero through combining internal reduction initiatives with the acquisition of validated carbon credits to offset the remaining unavoidable carbon emissions. This approach demonstrates UKCloud’s commitment to the pro-active management and effective control of the environmental impact of all its business activities.
CarbonNeutral Cloud Services
UKCloud has implemented an innovative carbon offsetting programme which benefits our cloud clients at no additional cost. Each month, clients receive a monthly carbon offset certificate for their cloud environment: this confirms that an independent greenhouse gas assessment has been conducted, and that the carbon emissions which have resulted from their consumption of cloud services have been reduced to net zero by us through verified, high-quality carbon credits, UKCloud meets all of the costs of this important environmental initiative.