Hortor Limited Cloud Software Development Tools Services
Hortor Limited provides a full set of Cloud Software Development Tool Services, including scoping, UI, data import/export, application analytics/ scaling, in-transit/operational/staff security/asset protection, availability/resilience, identity/authentication support in a secure, certified and documented way, training/demonstrations (including Service Design), and ongoing support of products it builds along with its partners'/other selected products.
Features
- Fully Agile-based techniques and methods supported.
- End-to-end support of Continuous Integration Testing (CIT)
- Supports best practice "mixed" (waterfall/agile) environments as well
- Service-based Cloud Software Development Tools
- Cloud Software Development Tool planning and design
- Cloud Software Development Tools set up/build and configuration
- Cloud Software Development Tools documentation and training (including Service Design)
- Cloud Software Development Tools Security
- Cloud Software Development Tools On-Going Support
Benefits
- Agile-based development is 30-40% more efficient than waterfall approaches
- CIT achieves 35-45% few defects in 25-35% less development time
- Applies above best practices to "mixed" environment where practical
- Service-based, Lifecycle Managed Cloud Software Development Tools
- Cloud Software Development Tool benefits/risks/costs are clearly understood
- Cloud Software Development Tool products/services work as designed
- Cloud Software Development Tool services are well understood and used
- Secure CloudSoftware Development Tool services are provided
- Business critical use of Cloud Software Development Tools is supported
Pricing
£500 a person a day
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
4 2 8 6 6 7 3 9 1 7 7 8 8 7 7
Contact
Hortor Limited
Nick Rowlands-Ridley
Telephone: +44 7592 502 685
Email: nrr@hortor.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- No specific constraints - usually, our constraints are those that our client sets (cost, time, usage criteria, etc.)
- System requirements
-
- Amazon Web Services (AWS)
- Microsoft Azure Services
- IBM Cloud Services
- Client's own Cloud or physical services
- Our Cloud or physcial services
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- See following for general definitions of Hortor's three service levels (Bronze, Silver and Gold). Hortor Bronze Support means that Hortor will provide an Initial Response and Acknowledgement for issues over an email during working hours only, without specific commitment on time of response, and will provide Software updates when available. For Hortor Silver or Gold Support, Hortor will respond to support requests and will provide workarounds or fixes in accordance with agreed priority: Initial Response & Acknowledgment: P1, 8 hours, P2, Next business day. Targeted Fix Date or Workaround: P1, 2 days, P2, 1 week
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Unknown
- Web chat accessibility testing
- None
- Onsite support
- Yes, at extra cost
- Support levels
- Again, Hortor Limited provides one of three levels of Support: Bronze, Silver or Gold. Every level of Hortor Support provides email and a web-based portal for submitting cases and tracking case status. In the case of Bronze Support and in addition to the above, next business day support will be provided during normal business days. In the case of Silver Support and in addition to the above, same business day support will be provided during normal business days. In case of Gold Support and in addition to the above, 24x7x365 phone-based support will be provided by Hortor Limited. Pricing is dependent on the nature of the platform(s) and/or infrastructure being supported, but generally there is a 1X/2X/4X relationship between bronze, silver and gold support levels. Generally Hortor Limited will provide a technical account manager to provide a single interface for a client's support issues and concerns
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Usually, what we provide depends on the product or service being provided to a client and the client's needs in getting to have the product/service well understood and used for its users and/or customers. Documentation is usually provided (user guides, operations guides, high-level design documents, code frameworks, etc.), along with demonstrations, on-site and/or on-line training that, through experience, gets the client to the adoption level they want by a certain time.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- Other
- Other documentation formats
-
- Word Documents
- Powerpoint
- Visio
- End-of-contract data extraction
- Usually, we will provide data extraction methods and directly support this activity set as our client directs.
- End-of-contract process
- Usually, what is included is specific to the product or service we are providing the client, ranging from performing activities for the client as a finished service to assisting them with performing these activities themselves. What is included and what is at addional cost is as contractually negotiated.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- MacOS
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Usually, the UI for our application designs are responsive, so that they can be used on both mobile and desktop services
- Service interface
- Yes
- Description of service interface
- The type of service interface depends on the product or service we provide to our client, but generally this functionality is provided
- Accessibility standards
- None or don’t know
- Description of accessibility
- Unknown
- Accessibility testing
- None
- API
- Yes
- What users can and can't do using the API
- Usually this is defined as part of the product or service we provide to our client, and emulation of all user functionality on the API is our preferred target
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- ODF
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- We will support any customer need to modify a "standard" service we provide to support their specific requirements.
Scaling
- Independence of resources
- Generally, our products and services are specific to a particular client. We do have services for specific clients that are shared within that client's users, which are designed to meet SLA's as the customer requires (see following).
Analytics
- Service usage metrics
- Yes
- Metrics types
- The usage metrics we provide are usually specific to the product or service we are providing to our client, ranging from general login/frequency counters to how specific functions are used.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- EU-US Privacy Shield agreement locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
- Other
- Other data at rest protection approach
- Generally, we support the protection methods as specified by our clients for the products and service we provide them. We have used most physical (e.g., SSAE-16) and logical (sharding) known today as required.
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Data export methods that we support vary widely based on the product or service we are providing to the client, ranging form simple, delimited flat files to specific databased export/import constructs.
- Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
- On request, specific database export constructs
- Data import formats
-
- CSV
- ODF
- Other
- Other data import formats
- On request, specific database import constructs
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
- The SLA's we furnish are specific to the product or service we are providing to a client, but generally supports the client's availability metrics where practical. Compensation for not meeting SLA's is contractually agreed, and varies from service credits to re-working unsatisfactory output(s).
- Approach to resilience
- This information is proprietary, but can be made available on request
- Outage reporting
- Outage reporting is a fundamental part of how we support our products and services provided to our clients. We can and have used single- and multi-channel methods to report outages, including dashboards, API's, e-mails, SMS, etc., all tailored to our clients' needs.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Limited access network (for example PSN)
- Username or password
- Access restrictions in management interfaces and support channels
- We usually restrict access to management interfaces and support channels based on the customers requirements (most common methods is user id/password along with a second factor authentication method like Authy), with the main goal of ensuring the person/device requesting access is who they say the are and are authorized for the access they are requesting
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Limited access network (for example PSN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
- Our security certifications are in alignment with the above standards
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- Usually, we support security governance as directed by our clients for their products and services.
- Information security policies and processes
- Usually, we support information security policies and processes as directed by our clients for their products and services.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- We prefer to use Agile development methodologies. We use Github Workflow (and other standards-based tool kits) for development feature, release and hot-fix branch managment. We are focused on output quality, assured by a static code analysis tool, frequent code review processes and daily automated tests. We are DevOps-based, and employ: 1) Continuous integration and delivery processes based on Jenkins, with (a) Pipelines for build/test/deploy, (b) Nightly builds, and (c) Structured Release promotion 2) A Simplified, well-tested release process based on Docker images. This approach is security assessed at least yearly.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- This is proprietary information, but can be shared on request
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- On Compromises, this is proprietary information, but this can be shared when requested and the need is understood and agreed. Please see the following concerning response times.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Again, Hortor Limited provides one of three levels of Support: Bronze, Silver or Gold. Every level of Hortor Support provides email and a web-based portal for submitting cases and tracking case status. In the case of Bronze Support and in addition to the above, next business day support will be provided during normal business days. In the case of Silver Support and in addition to the above, same business day support will be provided during normal business days. In case of Gold Support, and in addition to the above, 24x7x365 phone-based support will be provided by Hortor Limited.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £500 a person a day
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- If there is an application we've previously built for another client, we will consider a free trial to others for up to two (2) months.
- Link to free trial
- Link(s) provided on request.