G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Hortor Limited are still valid.
Hortor Limited

Hortor Limited Cloud Software Development Tools Services

Hortor Limited provides a full set of Cloud Software Development Tool Services, including scoping, UI, data import/export, application analytics/ scaling, in-transit/operational/staff security/asset protection, availability/resilience, identity/authentication support in a secure, certified and documented way, training/demonstrations (including Service Design), and ongoing support of products it builds along with its partners'/other selected products.

Features

  • Fully Agile-based techniques and methods supported.
  • End-to-end support of Continuous Integration Testing (CIT)
  • Supports best practice "mixed" (waterfall/agile) environments as well
  • Service-based Cloud Software Development Tools
  • Cloud Software Development Tool planning and design
  • Cloud Software Development Tools set up/build and configuration
  • Cloud Software Development Tools documentation and training (including Service Design)
  • Cloud Software Development Tools Security
  • Cloud Software Development Tools On-Going Support

Benefits

  • Agile-based development is 30-40% more efficient than waterfall approaches
  • CIT achieves 35-45% few defects in 25-35% less development time
  • Applies above best practices to "mixed" environment where practical
  • Service-based, Lifecycle Managed Cloud Software Development Tools
  • Cloud Software Development Tool benefits/risks/costs are clearly understood
  • Cloud Software Development Tool products/services work as designed
  • Cloud Software Development Tool services are well understood and used
  • Secure CloudSoftware Development Tool services are provided
  • Business critical use of Cloud Software Development Tools is supported

Pricing

£500 a person a day

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nrr@hortor.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

4 2 8 6 6 7 3 9 1 7 7 8 8 7 7

Contact

Hortor Limited Nick Rowlands-Ridley
Telephone: +44 7592 502 685
Email: nrr@hortor.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
No specific constraints - usually, our constraints are those that our client sets (cost, time, usage criteria, etc.)
System requirements
  • Amazon Web Services (AWS)
  • Microsoft Azure Services
  • IBM Cloud Services
  • Client's own Cloud or physical services
  • Our Cloud or physcial services

User support

Email or online ticketing support
Email or online ticketing
Support response times
See following for general definitions of Hortor's three service levels (Bronze, Silver and Gold). Hortor Bronze Support means that Hortor will provide an Initial Response and Acknowledgement for issues over an email during working hours only, without specific commitment on time of response, and will provide Software updates when available. For Hortor Silver or Gold Support, Hortor will respond to support requests and will provide workarounds or fixes in accordance with agreed priority: Initial Response & Acknowledgment: P1, 8 hours, P2, Next business day. Targeted Fix Date or Workaround: P1, 2 days, P2, 1 week
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Unknown
Web chat accessibility testing
None
Onsite support
Yes, at extra cost
Support levels
Again, Hortor Limited provides one of three levels of Support: Bronze, Silver or Gold. Every level of Hortor Support provides email and a web-based portal for submitting cases and tracking case status. In the case of Bronze Support and in addition to the above, next business day support will be provided during normal business days. In the case of Silver Support and in addition to the above, same business day support will be provided during normal business days. In case of Gold Support and in addition to the above, 24x7x365 phone-based support will be provided by Hortor Limited. Pricing is dependent on the nature of the platform(s) and/or infrastructure being supported, but generally there is a 1X/2X/4X relationship between bronze, silver and gold support levels. Generally Hortor Limited will provide a technical account manager to provide a single interface for a client's support issues and concerns
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Usually, what we provide depends on the product or service being provided to a client and the client's needs in getting to have the product/service well understood and used for its users and/or customers. Documentation is usually provided (user guides, operations guides, high-level design documents, code frameworks, etc.), along with demonstrations, on-site and/or on-line training that, through experience, gets the client to the adoption level they want by a certain time.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • Word Documents
  • Powerpoint
  • Visio
End-of-contract data extraction
Usually, we will provide data extraction methods and directly support this activity set as our client directs.
End-of-contract process
Usually, what is included is specific to the product or service we are providing the client, ranging from performing activities for the client as a finished service to assisting them with performing these activities themselves. What is included and what is at addional cost is as contractually negotiated.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Usually, the UI for our application designs are responsive, so that they can be used on both mobile and desktop services
Service interface
Yes
Description of service interface
The type of service interface depends on the product or service we provide to our client, but generally this functionality is provided
Accessibility standards
None or don’t know
Description of accessibility
Unknown
Accessibility testing
None
API
Yes
What users can and can't do using the API
Usually this is defined as part of the product or service we provide to our client, and emulation of all user functionality on the API is our preferred target
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
We will support any customer need to modify a "standard" service we provide to support their specific requirements.

Scaling

Independence of resources
Generally, our products and services are specific to a particular client. We do have services for specific clients that are shared within that client's users, which are designed to meet SLA's as the customer requires (see following).

Analytics

Service usage metrics
Yes
Metrics types
The usage metrics we provide are usually specific to the product or service we are providing to our client, ranging from general login/frequency counters to how specific functions are used.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Other
Other data at rest protection approach
Generally, we support the protection methods as specified by our clients for the products and service we provide them. We have used most physical (e.g., SSAE-16) and logical (sharding) known today as required.
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Data export methods that we support vary widely based on the product or service we are providing to the client, ranging form simple, delimited flat files to specific databased export/import constructs.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
On request, specific database export constructs
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
On request, specific database import constructs

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
The SLA's we furnish are specific to the product or service we are providing to a client, but generally supports the client's availability metrics where practical. Compensation for not meeting SLA's is contractually agreed, and varies from service credits to re-working unsatisfactory output(s).
Approach to resilience
This information is proprietary, but can be made available on request
Outage reporting
Outage reporting is a fundamental part of how we support our products and services provided to our clients. We can and have used single- and multi-channel methods to report outages, including dashboards, API's, e-mails, SMS, etc., all tailored to our clients' needs.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
We usually restrict access to management interfaces and support channels based on the customers requirements (most common methods is user id/password along with a second factor authentication method like Authy), with the main goal of ensuring the person/device requesting access is who they say the are and are authorized for the access they are requesting
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Our security certifications are in alignment with the above standards

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Usually, we support security governance as directed by our clients for their products and services.
Information security policies and processes
Usually, we support information security policies and processes as directed by our clients for their products and services.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We prefer to use Agile development methodologies. We use Github Workflow (and other standards-based tool kits) for development feature, release and hot-fix branch managment. We are focused on output quality, assured by a static code analysis tool, frequent code review processes and daily automated tests. We are DevOps-based, and employ: 1) Continuous integration and delivery processes based on Jenkins, with (a) Pipelines for build/test/deploy, (b) Nightly builds, and (c) Structured Release promotion 2) A Simplified, well-tested release process based on Docker images. This approach is security assessed at least yearly.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
This is proprietary information, but can be shared on request
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
On Compromises, this is proprietary information, but this can be shared when requested and the need is understood and agreed. Please see the following concerning response times.
Incident management type
Supplier-defined controls
Incident management approach
Again, Hortor Limited provides one of three levels of Support: Bronze, Silver or Gold. Every level of Hortor Support provides email and a web-based portal for submitting cases and tracking case status. In the case of Bronze Support and in addition to the above, next business day support will be provided during normal business days. In the case of Silver Support and in addition to the above, same business day support will be provided during normal business days. In case of Gold Support, and in addition to the above, 24x7x365 phone-based support will be provided by Hortor Limited.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£500 a person a day
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
If there is an application we've previously built for another client, we will consider a free trial to others for up to two (2) months.
Link to free trial
Link(s) provided on request.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nrr@hortor.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.