Pulsion Technology Limited

Application Design and Development

We provide application design and development services which transform the user experience and integrate with your existing business systems. Our application design and development solutions are built using open source, PHP and Microsoft technologies, and are delivered using various methodologies to meet your design and development requirements.


  • User-centred approach to design
  • Agile approach to development
  • PRINCE2 approach to project management
  • Responsive design across all popular devices, browsers and operating systems
  • Open source, PHP and Microsoft technologies
  • Microsoft ASP .NET MVC and SQL Server technologies
  • Cloud-based platform for hosting (e.g. Microsoft Azure, Amazon Web Services)
  • Custom and Commercial Off-The-Shelf features
  • Responsive across all popular browsers, devices and operating systems


  • Long-term sustainability of your application
  • Developed using latest versions of industry leading technologies
  • Designed to specifically meet your business and user needs
  • Improve internal efficiencies
  • Reusable components reduce both risks and costs
  • UI/UX features directly influenced by your users
  • UI/UX design which supports your users with accessibility needs


£600 per unit per day

Service documents

G-Cloud 9


Pulsion Technology Limited

Daniel Currie

0141 352 2280


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints There are no constraints.
System requirements
  • Functional internet browser
  • Working connection to the internet

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times will be agreed with the client, prior to the engagement, and will be documented in the contract service levels.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We work to client approved support levels. As such, we will review our standard support offering against the aims and objectives for your software support. Our offering will then be suitably tailored to provide the best possible service. As standard, we offer a technical account manager and dedicated in-house support team - an online Help Desk with direct phoneline and email support - a test version of your software - maintenance of a dedicated support wiki - agreed escalation points - and regular performance reviews in-line with the SLA's. All of our pricing is highly competitive and will be determined, based on the complexity and demand of your support requirements.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a combination of training and user documentation, which caters for both novice and experienced users. Firstly, we will collaborate with you to discuss the likely user tasks and establish both short and long-term aims of the training/documentation. We will then agree the most suitable training method(s), which typically include Group Sessions, Train the Trainer, and working with a dedicated training system. User Documentation will be clear and concise, to compliment the training session(s) and minimise your reliance on external support.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Our client owns all IPR and therefore there is no requirement for data extraction.
End-of-contract process The contract pricing outlines everything in our proposal, to be delivered within the agreed timescales. Additional costs would only occur if the client requests further services that are outwith the original scope (e.g. additional functionality or extra training). At the end of the contract, the client will approve all of our work with a simple sign-off. As the client maintains all IPR for our services, they will then have full capability to maintain the service.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service We use a mobile first design strategy. This initially confirms and tests the design for the smallest screen (i.e. a smartphone), before progressively moving to larger screens (i.e. a tablet, then desktop). This ensures that the key UI/UX features are displayed on all devices, and provides a quality User Experience, with minimal differences between the mobile and desktop service.
Accessibility standards WCAG 2.0 AAA
Accessibility testing Our service is accessible for all users of assistive technology, and adheres to Level AAA of the Web Content Accessibility Guidelines. Firstly, we identify user groups such as disabled people, older people and other people who use assistive technologies. We then identify and discuss their user needs in our Discovery Phase, with both individual users and the client. This helps shape the UI/UX of our solution, which we test on all relevant devices, browsers and operating systems. We include users of assistive technology in UAT, and also perform our own testing to ensure full accessibility and working functionality. This is driven by a Quality Assurance specialist, which is a standard role in our multi-disciplined project teams.
What users can and can't do using the API Our use of an API varies depending on the individual clients requirements. Full details will be provided in the API documentation, if an API is required.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Our service allows for full customisation before, during and beyond the project delivery. Before the delivery, we determine the initial scope of UI/UX requirements with our client. At this point, we are essentially working with a blank canvas and our team can customise all aspects of the solution. Both the Client and their users can shape the level of customisation at this point. During the delivery, we work in-line with PRINCE2 and agile principles. This gives the Client full transparency throughout the project, via regular progress meetings and UAT. As such, both the Client and their users can influence further customisation (to all UI/UX features), throughout the delivery phase. After the delivery, our client can determine multiple user access permissions (e.g. Administrator) which can be used to customise functions of the solution. Users may also have customisable features, such as editing their user profile. We provide full support and training for customising functionality.


Independence of resources This service offers a stand-alone client-only design. As such, we will follow a design which is dependent on the client’s specified user stories and expected usage. We will work with the client to monitor performance, which will be reported at an agreed frequency, in a method that is client-approved. Where practical, we will also assist in scaling the service.


Service usage metrics Yes
Metrics types We provide service metrics through Google Analytics.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can request data exportation and Pulsion will provide this service for them.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We guarantee 99.9% availability. In the extremely rare event that this is not the case, we will treat this as a Critical Issue and will work continuously on the problem until it is resolved. User refunds will be agreed prior to our engagement, and will reflect the significance of the issue and time exposure.
Approach to resilience This information is available on request.
Outage reporting We set up instant notifications, which tell us if our there is a service outage. We then contact our Client directly, to inform them of this issue. This is not an automated process, but it managed by our dedicated support team.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels We use IP restrictions, on top of authentication.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 LRQA
ISO/IEC 27001 accreditation date 08/04/2016
What the ISO/IEC 27001 doesn’t cover Our ISO 27001 certification underpins all of our relevant processes.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials Plus
Information security policies and processes We are ISO 27001 and Cyber Essentials Plus accredited. Reporting comprises of automated notifications to Pulsion for any incident which suffers an outage, or required administrative access or an update. A breach in security would be reported to senior staff (i.e. Staff Member > Line Manager > Head of Service). All incidents and breaches in security will be immediately reported to the client, via our dedicated account manager. We ensure that policies are followed through regular external audits, as well as frequent internal reviews.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We operate a change request process, which ensures both the requester and approver focus on five key points: has the change been tested; is there a rollback plan; which resources are required; what risks are involved; have relevant parties been informed. We approve change requests through relevant management representatives, as well as client contacts, where appropriate. We also record change requests against the appropriate project, and update related version documentation accordingly.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We assess potential threats to our service through continuous monitoring and by receiving instant notifications for required patches. Notifications come immediately from trusted vendors only. Once we receive a notification, we will begin the process of deploying a patch as soon as possible. This will often require testing from the offset, to ensure that no levels of customisation are broken. All patches are communicated with the Client, from first notification, straight through to deployment.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We perform a comprehensive range of testing methods on all of our development work, prior to deployment. This is conducted by our in-house Quality Assurance specialist, and serves to immediately detect compromises and vulnerabilities. Once identified, we may conduct additional testing after deployment, to specifically ascertain if the issue applies to our work. If it does, we will take action to patch this as soon as possible. If it doesn’t, we will assess the severity and choose an appropriate action, after discussion with the client. We respond to all incidents within client-approved service levels.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incidents are reported to line management via task management system as per our Integrated Management System processes, as well as by email and/or in person. Reporting would carry on up to CEO/Managing Director level where deemed appropriate. Account managers will inform affected clients where applicable through similar means – email, phone call and/or in person.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • New NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Other


Price £600 per unit per day
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑