Torry Harris Business Solutions ( Europe ) Ltd

AutoStub™

AutoStub™ is a highly productive tool to mock services and generate meaningful data, which can be configured to simulate the real life data and to match with the parameters present in a swagger/WSDL document to test the APIs. The capabilities qualifies AutoStub™ as an integral component of DevOps.

Features

  • AutoStub™ can generate WSDL/Swagger 2.0 based mock services
  • Mock services from AutoStub™ can be used for API testing
  • Mock services generated with AutoStub™ can accelerate front-end development
  • AutoStub™ can create API's for all http status codes
  • Number of Request/Response pairs to be generated can be defined
  • Possible to modify the Request/Response data

Benefits

  • Increase productivity
  • Accelerates development
  • Plan and execute API testing and UI testing earlier
  • Better Usability and User experience
  • Licensing model helps in Cost cutting & saving

Pricing

£300 to £1915 per licence per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

1 2 1 2 1 0 3 8 4 8 9 3 0 1 6

Contact

Torry Harris Business Solutions ( Europe ) Ltd

Paul Pitman

01454617762

paul_pitman@thbs.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Planned maintenance will be done for one hour a month at the maximum. One week notice will be sent to all customer prior to the planned maintenance window. This will be carried out during non-peak hours to minimise disruption.
System requirements
None.

User support

Email or online ticketing support
Email or online ticketing
Support response times
We respond to email queries within 2 Hours (24 * 7) for customers opting for our enterprise plans. And for customers opting for our SME plans, we respond within 2 Hours only during customer business hours.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat is available as a part of our product offering. The widget available in the product can be clicked to initiate a chat with our agent.
Web chat accessibility testing
We have not preformed any tests for assistive technology users
Onsite support
Yes, at extra cost
Support levels
Based on different SaaS plans - Freemium (or 30 Days Trial), SME version, Enterprise version and Enterprise Plus - we offer different support models.

For Freemium (30 days Trial version), we are providing limited Email support only. The plan for SME version comes with a 8hrs Business hour (of customer) support via Phone & Email. Enterprise and Enterprise Plus plans comes with 24 hour support. Cost for support activities varies and it's incorporated with the respective SaaS plans.

We follow standard support system structure, starting from L1 and L4 being the last level of support, which includes a team of professionals ranging from Cloud Support Engineers to Technical Architect.

Level 1 (Application & Infra) – Monitoring, Initial Investigation and Escalation
Level 2 (Application & Infra) – Detailed Investigation and Escalation
Level 3 (Applications) – Customized Development and System Integration Support
Level 4 (Applications) – Product Features Support and Maintenance
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide all of the options:
a) Online documentation accessible for general public
b) Onsite training at an additional cost
c) Online training at an additional cost
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Data can be exported as human readable and machine-readable formats. Users have the choice to export the complete dump of their data at any point of time.
End-of-contract process
The following items are included in the price of the contract:
1. Data export capability.
2. Usage logs download capability.

The following services are offered at additional cost:
1. Data/application migration
2. Knowledge Transition to another system integration partner

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Autostub services partially supports mobile device UI and in the process of migrating towards total "Responsive Design" to support mobile devices. The user interface automatically adjusts to the screen resolution in terms of layouts, font size and other visual elements.
Service interface
Yes
Description of service interface
AutoStub 2.0 provides web based User Interfaces for user to host services. AutoStub 2.0 web interfaces are:

1. AutoStub Swagger spec 2.0 import
2.AutoStub WSDL(1.1 & 1.2) spec import
3.AutoStub Swagger parameter configuration panel
4.AutoStub WSDL parameter configuration panel
5.AutoStub mocker panel.
Accessibility standards
None or don’t know
Description of accessibility
For public users facing components, such as the AutoStub swagger spec 2.0 import, the web interfaces include standard controls. In context of accessibility, users can use browsers such as Google Chrome or Mozilla Firefox, for activities such as:

1. File upload , drop downs, text field, etc as their names describes their purpose.
Accessibility testing
We have tested the application UI with the following web accessibility testing tools:
1. aXe accessibility testing add-on for Chrome and Firefox
2. Chrome Dev Tools
API
Yes
What users can and can't do using the API
The API capabilities of AutoStub 2.0, across components, are:

1. AutoStub 2.0 APIs: a) swagger spec 2.0 import Lifecycle - create/delete swagger specs, search resources, etc.
2. AutoStub swagger parameter configuration APIs - create/update/view parse and view swagger parameters,update configuration and set delay for each operation.
3. Mocker module APIs - create/update mock data for swagger parameters etc.
Common Features: a) ServiceId access for swagger spec and wsdl spec mock services.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Customisation is allowed at three levels only for enterprise customers (above 8 Million API calls/month) :

Level 1: Basic Customisation is supported through plugins.

Level 2: System Integration with customer's system: This is the most advanced level where integration is required with customer's systems such as Identity Management (LDAP, etc), This requires a separate System Integration contract with us to facilitate the integration.

Scaling

Independence of resources
The services are deployed in an auto scalable model. Each component of the service scale automatically depending on the usage.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported by the admin user of the service at his/her will at any point of time. This capability is offered within the web interface, but restricted only to users that have administrative privileges.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • Excel XLS Format
  • XML
  • Attachments in ZIP file
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • Attachments in ZIP file

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We have different slabs for uptime availability. Customers that require high levels of availability will need to be provisioned across multiple "Availability Zones" with additional configuration for Data replication across geographically distributed data centres.

High availability with Disaster Recovery capability: 99.95%
General SLA for High-availability: 99.9%
Approach to resilience
This information is available on request.
Outage reporting
Service outages are reported using:
1. Email Alerts
2. APIs

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access is restricted to management interfaces and support channels through role based access control. The role based access control rules are uniformly enforced on the web and API interfaces. Role based access control provides high level of granularity, and can be mapped to individual users and/or user groups.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Star Certification International (SEI)
ISO/IEC 27001 accreditation date
28/04/2018
What the ISO/IEC 27001 doesn’t cover
Non-technical not covered
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Star Certification International (SEI)
PCI DSS accreditation date
28/04/2018
What the PCI DSS doesn’t cover
Non-technical not covered
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The Information Security Policies and Processes of Torry Harris is in alignment with the standards defined by ISO27001. Key principles based on which Torry Harris Information security framework is defined are

• Confidentiality: Ensuring that information is accessible only to those authorized to have access.
• Integrity: Safeguarding the accuracy and completeness of information and processing methods.
• Availability: Ensuring that authorized users have access to information and associated assets when required.

Defined framework addresses the below needs of the Organization
- Physical and environment access control
- Network security
- Operational security
- Asset management
- Media handling
- Data backup and restoration
- Security incident management
- Business continuity management
- Cryptography

Asset based risk assessment is done by quantifying value of each asset. This approach ensures identification and measure of the asset’s risks and corresponding mitigation controls that have been implemented.

Chief Information Security Officer (CISO) is accountable for compliance to information security in the Organization. Internal audit will be conducted by compliance team to ensure compliance to the defined policies and processes.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
From requirements analysis to delivery, every phase undergoes checks/tests for security & compliance (GDPR/Open Source/PCI-DSS). There are both internal & external teams who do these tests on a periodic basis.

The code is structured to maintain each component as independent executables. So a change to one module is contained within it and is exposed only through well defined interfaces.

Each component of the product is versioned. The product itself has a version. All product releases are made only via a release portal. Every release can be tracked back to the branch in the code repository from where it was built.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Security testing is done on the products every quarter by an external vendor and by an internal team for every release. Compliance of standards like GDPR & PCI-DSS are assessed during various phases of development. Information on threats are obtained from the CVE database. For compliance requirements, the respective body's guidelines are used as a the basis of assessment.

Depending on the priority of an issue, patches are deployed based on SLAs. Any P1/P2 issues are fixed and delivered with in 1 day or a temporary work around is suggested within this time frame.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The solution is completely hosted in AWS Cloud. We use Amazon GuardDuty as a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect all the workloads. This service uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. Automatically a ticket gets raised in our incident management system for any potential threat identified and it will be addressed based on the priority of incident.
Incident management type
Supplier-defined controls
Incident management approach
ITIL standards are followed for incident management with service desk as single point of contact for all issues. Incident management process follows the below steps:
1. Identifying the issue
2. Logging an incident as a ticket
3. Categorizing the incident
4. Prioritization of the incident based on the impact
5. Incdident Response
- Initial troubleshooting
- Escalating the incident if required to level 3 or higher
- Investigation and diagnosis
- Resolution and recovery
- Incident closure
6. Communication with the end user throughout the life of the incident

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£300 to £1915 per licence per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Free trial includes fully functional service for evaluation purposes for a limited trial period for 30 days. We extend the trial period upon request. Professional support is not included. Queries, etc during evaluation are supported by Email during business hours.

Service documents

Return to top ↑