CFTS Documentation

Glossary of Terms

This glossary explains recurring terms used across CFTS client documentation. It is a practical reading aid, not a replacement for the wording in a signed agreement, quotation, Service Level Agreement, Data Processing Addendum, or policy document.

Where a formal document defines a term differently, the formal document takes precedence.

Numbers

  • 3-2-1 backup strategy: A backup approach that keeps three copies of data, across two different storage types or locations, with one copy stored separately from the primary environment.

  • 99% monthly availability: The infrastructure availability target referenced in the CFTS Infrastructure SLA. Availability is measured for the CFTS-managed infrastructure platform, subject to the exclusions and conditions in the SLA.

A

  • Acceptable use: The rules describing how CFTS services may and may not be used. Prohibited use includes illegal activity, spam, malware distribution, network abuse, or activity that threatens platform stability or security.

  • Administrative access: Privileged access used to operate, maintain, secure, or support infrastructure systems. CFTS restricts administrative access to authorised personnel and applies controls such as multi-factor authentication and IP restrictions.

  • Application-level backup: A backup that understands the state of a specific application or database. Infrastructure backups may protect storage or systems, but clients may still need application-level backups for consistency unless managed services explicitly include them.

  • Automatic changeover: A controlled switching arrangement that moves selected services between available power sources without routine manual intervention.

  • Availability: The ability of infrastructure or services to remain operational and reachable during a measurement period. Availability commitments are defined by the applicable SLA or service agreement.

B

  • Backup: A copy of data or system state retained so that information can be restored after deletion, corruption, failure, or other disruption.

  • Backup retention: The length of time backup copies are kept before they are expired or removed according to the relevant backup schedule.

  • Bandwidth: The amount of network capacity available to a service, often expressed in Mbps or Gbps. Bandwidth may be shared, dedicated, metered, or unmetered depending on the service.

  • Bare metal compute: Dedicated physical server capacity provided without sharing the underlying server hardware with other tenants.

  • Bend radius: The minimum safe curve a cable can follow without damaging it or affecting performance. Bend radius is important in structured cabling, fibre, and high-performance data cabling.

  • BGP: Border Gateway Protocol, the routing protocol used by networks to exchange routing information across the internet and between upstream providers.

  • Business continuity: The planning and operational capability needed to keep important services running, or to restore them within an acceptable period, during disruption.

C

  • CAL: Client Access License. A Microsoft licensing term for certain products where users or devices require access licensing in addition to the server software license.

  • Capacity building: Training, documentation, support-process design, and handover work intended to help a client or internal team operate and support systems more effectively over time.

  • CDN: Content Delivery Network. A third-party service used to distribute web content from multiple locations. CDN providers are outside the CFTS operational boundary unless explicitly included in a managed service.

  • CFTS: Computer Facilities Technical Services, the operator of the services and documentation described in this portal.

  • Client: The customer, organisation, or account holder using CFTS services.

  • Colocation: A hosting arrangement where client-owned or client-dedicated equipment is placed in a managed facility environment with power, cooling, network access, and physical security.

  • Comms room: A room or controlled area used to house network, cabling, telecoms, rack, or related ICT infrastructure for a site.

  • Confidentiality: The obligation to protect non-public client, service, commercial, or operational information from unauthorised disclosure.

  • Controller: See Data Controller.

  • Core platform: A managed infrastructure baseline that can include compute, storage, network, monitoring, backup, and related operational services depending on the quoted service.

  • CPU: Central Processing Unit. The compute resource used by servers and virtual machines to run workloads.

  • Critical incident: An incident that causes a complete infrastructure outage or materially affects the availability of critical infrastructure services.

  • CVE: Common Vulnerabilities and Exposures. A public identifier for a known security vulnerability.

D

  • Data breach: A confirmed incident involving unauthorised access, loss, alteration, disclosure, or compromise of personal data or protected information.

  • Data Controller: The party that determines the purposes and means of processing personal data. In hosted client environments, the client is usually the Data Controller.

  • Data Processing Addendum: The document describing how CFTS processes personal data on behalf of a client when acting as a Data Processor.

  • Data Processor: The party that processes personal data on documented instructions from a Data Controller. In most hosted client environments, CFTS acts as the Data Processor.

  • Data residency: The location where data is stored, processed, or governed. CFTS documentation references Uganda, UK, EU, and hybrid deployment options depending on the service.

  • Data Subject: An identifiable individual whose personal data is processed.

  • Dedicated infrastructure: Infrastructure resources assigned to a specific client or workload, rather than being part of a shared hosting environment.

  • Disaster recovery: The people, processes, systems, and backups used to restore services or data after a major failure or disruptive event.

  • DNS: Domain Name System. The system that translates domain names into IP addresses. Third-party DNS providers are outside the CFTS operational boundary unless explicitly included.

  • DPA: Data Processing Addendum.

E

  • Edge Infrastructure Facility: A CFTS-operated infrastructure environment designed to host compute, storage, network, and related services close to the users, data, or operational context they serve.

  • Emergency maintenance: Maintenance performed urgently to preserve security, stability, continuity, or safe operation. Emergency maintenance may occur without prior notice where operationally required.

  • Encryption at rest: Protection applied to stored data, such as full disk encryption or encrypted backups.

  • Encryption in transit: Protection applied to data while it moves across networks, typically through TLS or another encrypted protocol.

  • Enterprise infrastructure: Infrastructure designed for business-critical workloads, stronger operational controls, predictable performance, and clearer support boundaries than basic shared hosting.

  • EUR: Euro. One of the currencies referenced in CFTS pricing documents.

F

  • Failover: The process of moving service operation from a failed or degraded component to another component, path, provider, or system.

  • Force majeure: An event outside reasonable operational control, such as natural disaster, civil unrest, utility instability, government action, or major upstream network failure.

  • FTP: File Transfer Protocol. A legacy file transfer protocol. Secure alternatives such as SFTP are preferred where supported.

G

  • GB: Gigabyte. A unit used to describe storage, memory, or data transfer capacity.

  • GBP: British pound sterling. One of the currencies referenced in CFTS payment and pricing documents.

  • GDPR: General Data Protection Regulation. CFTS documentation references UK GDPR and EU GDPR alignment where applicable to data processing.

  • Geo-replication: Replication of data or services across different sites or regions to support resilience, locality, or recovery objectives.

  • Grounding and bonding: Electrical safety and signal-integrity practices used to connect equipment, racks, shielding, and related metallic parts to appropriate earth or technical ground paths.

H

  • HCI: Hyperconverged infrastructure. An infrastructure model that combines compute, storage, and virtualisation capabilities into an integrated platform.

  • Helpdesk: A support function used to receive, triage, respond to, and track user or service support requests.

  • High availability: Design and operational practices intended to reduce service interruption by using redundancy, monitoring, recovery paths, and resilient architecture.

  • Hosted environment: The infrastructure environment where CFTS provides hosting, compute, storage, network, or related services.

  • Hybrid deployment: A deployment model using more than one location or infrastructure environment, such as Uganda and UK hosting together.

I

  • ICT assessment: A structured review of an organisation's ICT environment, risks, users, infrastructure, support model, and future requirements.

  • ICT fit-out: The planning and installation of ICT infrastructure within a building or room, such as cabling, racks, comms rooms, network equipment, power considerations, and handover documentation.

  • Incident: An event that affects, or may affect, the confidentiality, integrity, availability, security, or normal operation of a service.

  • Incident response: The process used to detect, assess, contain, communicate, and recover from incidents.

  • Infrastructure responsibility boundary: The line between systems CFTS directly owns or operates and systems controlled by the client, upstream providers, public internet services, or third-party platforms.

  • IOPS: Input/output operations per second. A measure of storage performance, especially for disk and database workloads.

  • IP: Internet Protocol. Usually used in the documentation to refer to network addresses, IP-restricted access, or public/private network connectivity.

  • IP whitelisting: Restricting access so that only approved IP addresses can reach administrative or sensitive services.

  • ISO 27001: An international information security management standard. CFTS documentation states where the platform aligns with recognised security practices without claiming certification unless expressly stated.

  • ISP: Internet Service Provider. Client ISP connectivity and end-user internet conditions are outside the CFTS operational boundary unless explicitly included.

K

  • K13 rated isolation transformer: A transformer designed to tolerate harmonic load conditions common in environments with electronic equipment and power conversion devices.

L

  • LAN: Local Area Network. The local network inside a site, rack, facility, or controlled infrastructure environment.

  • Layered security: A security model using multiple controls together, such as access control, network segmentation, encryption, monitoring, patching, logging, and incident response.

  • LVE: Lightweight Virtual Environment. A hosting isolation mechanism used to limit and separate resource usage for hosting accounts.

M

  • Managed service: A service where CFTS performs agreed operational tasks beyond basic infrastructure provision, such as monitoring, patching, support, backup management, or application-related administration.

  • Manual bypass: A designed manual path that allows a component or power route to be bypassed for maintenance, fault recovery, or controlled operation where appropriate.

  • MFA: Multi-factor authentication. A login protection method requiring more than one proof of identity.

  • Monthly availability: Availability measured across a calendar month for the services and infrastructure covered by an SLA.

  • MTN MoMo: MTN Mobile Money, referenced as a payment method in CFTS payment documentation.

  • Multi-site rollout: A coordinated deployment across more than one location, often involving logistics, installation standards, training, commissioning, and support planning.

  • Multi-source power: A power design that can use more than one supply source, such as grid, generator, solar, battery, or inverter-backed systems, to improve service continuity.

N

  • N+1: A redundancy model where one extra component is available beyond the minimum needed to operate, allowing maintenance or component failure without immediate service loss.

  • Network segmentation: Dividing networks into separate zones to reduce risk, control access, and limit the effect of faults or security incidents.

  • NGO: Non-governmental organisation. CFTS documentation references NGO and research workloads as examples of data-sensitive or locality-sensitive use cases.

  • NVMe: Non-Volatile Memory Express. A high-performance storage interface commonly used for fast SSD storage.

O

  • Object storage: A storage model where data is stored as objects rather than as traditional files or disk blocks. It is commonly used for backups, archives, media, datasets, and S3-compatible workflows.

  • OEM: Original Equipment Manufacturer. In licensing documents, OEM may refer to software supplied through a device, hardware, or alternative procurement channel.

  • Operating system: The system software running on a server or virtual machine, such as Windows Server or Linux. Under unmanaged services, the client is generally responsible for operating system administration.

  • Operational boundary: The area of systems, infrastructure, and processes that CFTS directly controls. Public internet conditions, client applications, and third-party platforms usually sit outside this boundary.

P

  • Personal data: Information relating to an identified or identifiable individual, such as contact details, account information, support records, or authentication-related data.

  • Platform services: Optional services that extend a hosting or infrastructure service, such as monitoring, backup management, software deployment, or support.

  • Policy and procedure: Written rules and operating steps used to guide how systems, users, access, support, security, data, or service processes should be handled.

  • Processor: See Data Processor.

  • Processor obligations: The commitments CFTS makes when processing personal data on behalf of a client, including confidentiality, documented instructions, security controls, and breach notification.

  • Public internet: The wider internet outside CFTS-controlled infrastructure. Public internet instability and third-party routing issues are generally excluded from CFTS SLA calculations.

  • PV: Photovoltaic solar power generation.

R

  • RAID: Redundant Array of Independent Disks. A storage technique that combines disks for redundancy, performance, or both.

  • RAM: Random Access Memory. The memory allocated to a server, physical host, or virtual machine.

  • RDS CAL: Remote Desktop Services Client Access License. A Microsoft access license required for certain Remote Desktop Services usage.

  • Recovery Point Objective: The target maximum amount of data loss measured in time. Often shortened to RPO.

  • Recovery Time Objective: The target time for restoring a service or system after a disruption. Often shortened to RTO.

  • Redundancy: Additional components, paths, capacity, or systems designed to reduce the impact of failure.

  • Retention: The period for which data, logs, backups, records, or other information are kept before deletion or expiry.

  • RPO: Recovery Point Objective.

  • RTO: Recovery Time Objective.

S

  • S3-compatible: Compatible with the common object storage API pattern associated with Amazon S3, allowing applications and tools to interact with object storage using familiar methods.

  • SaaS: Software as a Service. A third-party cloud application or platform consumed as a service. External SaaS platforms are outside the CFTS operational boundary unless explicitly included.

  • Scheduled maintenance: Planned maintenance performed to maintain reliability, security, or operational continuity. Scheduled maintenance is usually excluded from uptime calculations.

  • Security incident: An incident involving a suspected or confirmed effect on systems, access, data protection, or service security.

  • Service credit: A contractual credit that may apply when availability falls below the defined SLA target, subject to the conditions in the SLA.

  • Service Level Agreement: A document that defines service commitments, measurement methods, exclusions, response targets, and remedies for a covered service. Often shortened to SLA.

  • SFTP: Secure File Transfer Protocol. A secure method for transferring files over SSH.

  • Shared hosting: A hosting model where multiple websites, accounts, or workloads share an underlying platform while remaining logically separated.

  • SLA: Service Level Agreement.

  • SLA target: The service level commitment defined by an SLA, such as monthly infrastructure availability.

  • SSD: Solid State Drive. A storage device using flash memory rather than spinning disks.

  • SSH: Secure Shell. A secure protocol used for administrative access and secure file transfer.

  • SSL: Secure Sockets Layer. A legacy name often used casually for web encryption certificates. Modern encrypted web connections normally use TLS.

  • Structured cabling: A standards-based cabling system used to support data, voice, fibre, and network services within a building, facility, comms room, or data centre environment.

  • Subprocessor: A third party used by a processor to help process personal data or provide part of a service, subject to appropriate controls.

  • Suspension: A temporary restriction or stoppage of service, often due to overdue payment, policy violation, security risk, or operational/legal necessity.

T

  • TB: Terabyte. A unit commonly used for storage capacity.

  • Technical scoping: The process of understanding a client's workload, data, performance, availability, access, and support needs before pricing or designing a service.

  • Technical power: Power design and support work related to ICT systems, such as protected distribution, UPS, inverter, generator, grounding, monitoring, and equipment-room power planning.

  • Tier III: A data centre resilience classification associated with concurrently maintainable infrastructure. CFTS documents reference Tier III locations and Tier III-aligned resilience where applicable.

  • TLS: Transport Layer Security. The protocol used to encrypt data in transit for many modern services.

  • Transit provider: A network provider that carries traffic between CFTS infrastructure and the wider internet. Upstream transit provider issues are generally outside the CFTS operational boundary.

U

  • UG-KLA01: The CFTS Kampala edge infrastructure facility referenced in the documentation.

  • UGX: Ugandan shilling. One of the currencies referenced in CFTS pricing and payment documents.

  • UK: United Kingdom. One of the hosting and operational regions referenced in CFTS documentation.

  • Unmanaged service: A service where CFTS provides infrastructure resources, while the client remains responsible for operating systems, applications, security configuration, software maintenance, users, and application-level data management unless otherwise agreed.

  • UPS: Uninterruptible Power Supply. A power protection system that helps keep equipment running during short power interruptions or while other backup power systems take over.

  • Upstream provider: A third-party connectivity provider used to reach wider networks or the internet.

  • Usage-based billing: Billing based on measured usage, such as consumed storage, data transfer, or other metered service units.

  • USD: United States dollar. One of the currencies referenced in CFTS payment documentation.

V

  • VAT: Value Added Tax.

  • VAT/TIN: Value Added Tax or Tax Identification Number information used for legal and tax records.

  • vCPU: Virtual CPU. A unit of virtual compute capacity assigned to a virtual machine or virtualised service.

  • Virtual machine: A software-defined server running on a virtualisation platform. Often shortened to VM.

  • Vulnerability management: The process of identifying, assessing, prioritising, patching, or mitigating security weaknesses.

W

  • WAF: Web Application Firewall. A security control used to help detect or block malicious web requests.

  • WHM: WebHost Manager. An administrative interface used with cPanel hosting environments.

  • WHMCS: Web Host Manager Complete Solution. A platform commonly used for hosting billing, client management, support, and service automation.

Z

  • ZFS: A storage filesystem and volume manager known for checksumming, data integrity features, snapshots, and storage management capabilities.