Rapp Ltd Trading as Code Worldwide

Bespoke Database design, build and hosting

Design and requirements for development and hosting of bespoke database solutions. Including Database warehousing, Archiving and DR. Management of solutions including Databases administration, loading, logging and analysis, intrusion detection and protective monitoring across multiple database and hosting platforms.

Features

  • Full service
  • Self Service
  • Managed service
  • Marcoms
  • Management reporting - logging and analysis of database performance
  • Management of Cloud services (AWS, GOOGLE,AZURE etc)
  • Content delivery network

Benefits

  • No requirement to have any expertise in managing services
  • No need to manage infrastructure or info sec (specialist services)
  • Shared resources allowing better management of peak activity
  • Full E2Edesign and fulfillment of all 1-1 communications
  • Solid and transparant KPIs
  • Removal of internal IT services at scale
  • Fully manage content at scale solution

Pricing

£10,000 to £20,000,000 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.buckley@uk.rapp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 2 5 8 8 9 1 2 4 4 1 5 5 5 1

Contact

Rapp Ltd Trading as Code Worldwide Chris Buckley
Telephone: +447968138934
Email: chris.buckley@uk.rapp.com

Service scope

Service constraints
None
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
Based on SLA
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
This is based on a bespoke SLA
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Bespoke build to requirements including onsite training, online training, user documentation. and phone support
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
As required
End-of-contract data extraction
Based on agreed contract requirements
End-of-contract process
We follow the provisions of the contract set out at the start of the relationship

Using the service

Web browser interface
Yes
Using the web interface
Bespoke build to requirements
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Bespoke build to requirements
Web interface accessibility testing
Bespoke build and test to requirements
API
Yes
What users can and can't do using the API
Bespoke build to requirements
API automation tools
OpenStack
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
  • Other
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
  • Other
Using the command line interface
Bespoke build to requirements

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Based on separate instances and bespoke auto scaling plans
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • SMS
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
We are product Agnostic supporting all platforms

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
All file types, virtual machines or database
Backup controls
Based on Requirements
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Based on Requirements standard is 99%
Approach to resilience
Available on request
Outage reporting
Based on Requirements standard is email alerts

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Available on request meets ISO 27001
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
DQM GRC
ISO/IEC 27001 accreditation date
11/08/2010
What the ISO/IEC 27001 doesn’t cover
Available on request
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
DataSeal

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO 217001, DataSeal accredited, PCI-DSS Compliant, GDPR/Data Protection Registration, Proprietary QMS which follows ISO9000, Data Centres additionally maintain the following SSAE 16 Type II SOC2, ISO9001 and ISO14001

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Based on Requirements and following ISO 27001
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Continuous monitoring of the threats takes place including regular penetration and vulnerability testing, subscribing to to industry vulnerability announcement lists which include US-CERT, Bugtraq, SANS plus security alert lists issued by major security vendors.
Patches are applied monthly and emergency releases at short notice, a forward scheduled is published to clients
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Available on request
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Available on request

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
Different virtual machines and private networks

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Available on Request

Pricing

Price
£10,000 to £20,000,000 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.buckley@uk.rapp.com. Tell them what format you need. It will help if you say what assistive technology you use.