Draft Workspace

Founded in 2015, our company has grown from a team of 5 specialists to over 200 full-time professionals across the UK and Europe. We are a privately held company with no external shareholders, allowing us to maintain focus on long-term client relationships rather than quarterly targets. Key milestones include: achieving ISO 27001 certification in 2018, opening our European headquarters in Dublin in 2020, and being named a "Leader" in Gartner's Magic Quadrant for Managed IT Services in 2023.

We currently employ 147 full-time employees in the United Kingdom, with our primary offices in London, Manchester, and Edinburgh. Within the European Union, we have 58 employees based primarily in our Dublin office (Ireland), with additional team members in Frankfurt and Amsterdam providing regional support for our continental European clients.

Our disaster recovery strategy employs a multi-tier approach with geographically distributed data centers. For Tier 1 (critical systems), we guarantee an RTO of 4 hours and RPO of 15 minutes through real-time replication. Tier 2 systems have an RTO of 8 hours with hourly backup snapshots. All backups are encrypted using AES-256 and stored in at least three separate locations. We conduct quarterly DR drills with full failover testing, and annual third-party audits verify our recovery capabilities against ISO 22301 standards.

Our organization maintains the following active certifications: • ISO 27001:2022 - Information Security Management (certified since 2018, latest audit: September 2024) • ISO 9001:2015 - Quality Management System • SOC 2 Type II - Security, Availability, and Confidentiality • Cyber Essentials Plus (UK Government scheme) • PCI DSS Level 1 Service Provider • NHS Data Security and Protection Toolkit (Standards Met) All certificates are available upon request and are audited annually by independent third-party assessors.

GDPR compliance is embedded into our operational framework through a comprehensive data governance program. Key measures include: appointment of a dedicated Data Protection Officer who reports directly to the Board; Privacy Impact Assessments (PIAs) for all new processing activities; mandatory annual GDPR training for all staff with 100% completion rate; Data Processing Agreements with all sub-processors; Article 30 records of processing activities maintained and reviewed quarterly; and established procedures for responding to data subject requests within 72 hours.

We implement defense-in-depth encryption across all data states: Data at Rest: AES-256 encryption for all stored data, with encryption keys managed through AWS KMS with automatic rotation every 365 days. Database-level encryption using Transparent Data Encryption (TDE). Data in Transit: TLS 1.3 enforced for all external communications; mutual TLS (mTLS) for internal service-to-service communication. Legacy TLS versions are explicitly disabled across all endpoints. Key Management: Hardware Security Modules (HSMs) for critical key storage. All cryptographic implementations are reviewed annually against NIST guidelines.

Our platform is built on cloud-native architecture using Kubernetes, enabling horizontal auto-scaling based on real-time demand metrics. During peak periods, our system automatically provisions additional compute resources within 90 seconds, and scales down during low-usage periods to optimize costs. We maintain a 40% headroom capacity above normal peak loads. Load testing is performed quarterly simulating 3x normal traffic volumes. In 2024, we successfully supported a 280% traffic surge during a major public sector service launch without performance degradation.

Our standard SLAs for enterprise clients include: • System Availability: 99.95% uptime (equivalent to <22 minutes downtime per month), measured monthly with credits for underperformance • P1 (Critical) Response: 15 minutes, 4-hour resolution target • P2 (High) Response: 1 hour, 8-hour resolution target • P3 (Medium) Response: 4 hours, 24-hour resolution target • P4 (Low) Response: 8 hours, 5-day resolution target Real-time SLA compliance dashboards are provided to all clients. Our current trailing 12-month availability is 99.98%.

Our incident escalation follows ITIL best practices: P1 Critical Incidents: Automatic escalation to the on-call Incident Commander within 5 minutes. A dedicated bridge call is established and the client's designated contact is notified. Status updates every 30 minutes. Executive escalation to our CTO if unresolved within 2 hours. For this contract, your designated 24/7 contact would be our Service Delivery Manager, supported by a team of 4 senior engineers with direct escalation authority. Post-incident reviews (PIRs) are conducted within 48 hours of resolution for all P1/P2 incidents.

Case Study 1: NHS England Digital Infrastructure (2024) - Delivered secure cloud migration for 12 NHS Trusts, handling 4.2 million patient records with zero data incidents. Project value: £2.8M, delivered 2 weeks ahead of schedule. Case Study 2: Manchester City Council IT Modernisation (2024) - Implemented hybrid cloud solution for 8,000 council staff, achieving 34% cost reduction and improved citizen service response times by 40%. Case Study 3: University of Leeds Research Platform (2024) - Built high-performance computing environment supporting 200 researchers, processing 50TB of data daily for medical research. Achieved ISO 27001 certification within project scope.

Our organization is committed to achieving Net Zero by 2030, five years ahead of UK government targets. Current initiatives include: 100% renewable energy for all UK offices since 2022; carbon-neutral hosting through certified green data centers; company-wide electric vehicle scheme with 67% staff participation; annual third-party carbon footprint audits (Scope 1, 2, and 3); and a Supplier Code of Conduct requiring environmental commitments from all partners. We achieved a 42% reduction in carbon emissions between 2020 and 2024.

We are pleased to confirm our strong financial position: • Annual Revenue (2023): £18.4M (22% YoY growth) • Net Profit Margin: 14.2% • Cash Reserves: £3.2M • Credit Rating: A (Dun & Bradstreet) • Zero long-term debt Our audited accounts (KPMG) for the last three financial years are available in Appendix B. We also hold Professional Indemnity Insurance of £10M and Public Liability Insurance of £5M.