CTI Digital

GDS Agile Project Delivery Management

GDS Agile project delivery enables organisations to innovate and respond quickly to evolving user needs and requirements. Undertaking a phased approach to any project allows you to focus on understanding user needs & goals with a prototype (Alpha), perform user testing and refinement/validation (Beta) before full scale launch.

Features

• Small units of high-quality software released frequently
• Collaborative tools using JIRA, Confluence and slack instant chat
• Requirements can evolve
• Designed to pass GDS Service Assessment process
• Collaborative & cooperative approach between all stakeholders
• Feature delivery prioritised by end user benefit and business value
• Structured delivery process with accountability and audit trail
• Emphasis on building right solution
• Integrated testing throughout project lifecycle
• Frequent reporting, thorough documentation and recording

Benefits

• Faster route to market. Working product achieved sooner.
• Small manageable units allow team focus on high-quality development
• Tangible benefits realised earlier.
• Scope and features may change. Requirements may emerge and evolve.
• Collaborative approach encourages client involvement delivering high visibility for stakeholders
• Lower defect density. Critical bugs caught early in the project.
• Small releases allow response to real world changes
• Path to project success is expedited
• High return on investment
• Exposure to project risk minimised

£700 to £850 a person a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@ctidigital.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

470485515860587

Contact

Steve Gale
0161 713 2434
tenders@ctidigital.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Drupal application, Drupal build, Drupal Design & build and Drupal Development services.; ; Umbraco application, Umbraco build, Umbraco Design & build and Umbraco Development services.; ; Magento application, Magento build, Magento Design & build and Magento Development services.
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: None.
• System requirements:
  • Drupal Application
  • Umbraco Application
  • Magento Application
  • Bespoke .NET application
  • Bespoke php application
  • Customer business workflow

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email or online ticketing support Yes Support response times Service operates consistently: 24 hours, 7 days a week. Critical Faults: Response 15 Mins / Target Fix 1 Hour Urgent Faults: Response 1 Hour / Target Fix 8 Hours Important Fault: Response 5 Hours / Target Fix 3 Days User can manage status and priority of support tickets Yes Online ticketing support accessibility WCAG 2.1 A
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: A Web chat accessibility testing Atlassian suite is a tried and tested industry-leading third-party software package.
• Onsite support: Yes, at extra cost
• Support levels: Office Hours; Hosting Support - 24 hours a day, 7 days a week; Helpdesk / Application Support - 09:00 to 17:00, Mon to Fri; ; Extended Hours; Hosting Support - 24 hours a day, 7 days a week; Helpdesk / Application Support - 07:00 to 23:00, Mon to Fri; ; All Hours; Hosting Support - 24 hours a day, 7 days a week; Helpdesk / Application Support - 24 hours a day, 7 days a week; ; All services include allowances for Technical Account Manager & Cloud Support Engineer within costs.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: This service begins with an onboarding exercise which includes (if required) a health check of the buyers existing platform. Buyers are given an onboarding and orientation session to provide training on our systems.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: A data export can be provided upon request. As we use JIRA, you can import the data into your own instance of JIRA and Confluence so you are not tied to us as a supplier.
• End-of-contract process: We do not include and off-boarding cost within the contract. Buyers can use the remaining resource allocation at the time of notice to terminate towards the off-boarding process. Additional time may be purchased if required.; ; The off-boarding process will differ for each buyer, depending upon the services the buyer has taken. ; ; We offer a variety of off-boarding options:; A) Unassisted Pull request. (typically no cost); GIT Repository access granted for a defined period of time.; ; B) Assisted Service Transition (typically 5 days / £2,500); We consult with receiving supplier to manage the transition period.; Typically includes application and documentation orientation.; ; C) Service Retirement (typically 2 days / £1,000); We provide an offline storage (USB hard drive) with the application, data and documentation.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The content layout is prioritised to suit available screen real estate.
• Service interface: Yes
• Description of service interface: The service is viewed through the Atlassian JIRA and Confluence cloud-based applications.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have tested the interface using our in-house Quality Assurance and testing team; using assistive devices from our Quality Assurance testbed hardware.
• API: Yes
• What users can and can't do using the API: The system is accessed through a REST API service. Buyers can develop their own API to access information within the scope of the system's API layer.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The service provides a selection of development and delivery options, each of which can be tailored to suit the buyer's requirements.

Scaling

• Independence of resources: This service provides a guaranteed resource for the agreed amount.; We carefully manage requests and capacity for additional resource.

Analytics

• Service usage metrics: Yes
• Metrics types: We operate Atlasssian suite of tools. We provide you full transparent access to all project data and service reports. These accessible in real time, and automatically sent on at regular intervals (Typically monthly)
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: A number of options are available depending on the nature of the site:; ; A) User dashboard - self download.; B) Admin user - download and send.; C) Developer - pull from database and send.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Service operates consistently: 24 hours a day, 7 days a week.; Critical Faults: Response 15 Mins / Target Fix 1 Hour; Urgent Faults: Response 1 Hour / Target Fix 8 Hours; Important Fault: Response 5 Hours / Target Fix 3 Days
• Approach to resilience: Hosting is usually provided by Amazon Web Services, however, alternatives are available if required.; Our unique implementation details are available upon request.
• Outage reporting: We report service outages via multiple channels to nominated stakeholders. (Typically The Product Owner); ; Automated notifications; - Monitoring alert; - JIRA alert; - Email; - Text; ; Manual notification; - Call; - Online chat

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: We can operate a detailed hierarchy of access permissions.; Your application 'self managed', allowing a superuser to manage others permissions.; ; Public key authentication (including by TLS client certificate) ; Identity federation with existing provider (for example Google apps) ; Username or password Other Other
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: CTI Digital Information Services Team (IST) has been established to manage information services within the organisation, chaired by a Technical Director or Director. The IST is made up of appropriate senior organisational managers. It exists, in part, to:; ; Ensure that CTI Digital and its staff and students meet the requirements of extant UK legislation and regulations in relation to Information Security;; ; Ensure that there is clear direction and visible management support for security initiatives within the organisation;; ; Ensure that appropriate risk management assessments are resourced an undertaken; and; ; Promote security through appropriate commitment and adequate resourcing.
• Information security policies and processes: Responsibility for ensuring the protection of information systems and ensuring that specific security processes are carried out lies with the Technical Director in collaboration with the heads of departments within CTI Digital who manage information systems.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We adhere to each platform's best practice and rigorous QA process to review code before and test after deployment. Supported platforms include Drupal, Magento, Umbraco and SiteCore.; ; Regular service reviews capture your requirements to security and make changes to our testing process, and identifies remedial work that should take place to reach the new benchmark of compliance.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We adhere to each platforms best practice for deploying patches to our service.; The threat is assessed to identify urgency vs impact on a case by case basis.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We implement New Relic monitoring to provide detail reports on service performance and on-going vulnerability.; Notifications are handled inline with our SLAs. ; ; Service operates consistently: 24 hours a day, 7 days a week.; Critical Faults: Response 15 Mins / Target Fix 1 Hour; Urgent Faults: Response 1 Hour / Target Fix 8 Hours; Important Fault: Response 5 Hours / Target Fix 3 Days
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Certain service outages have automated recovery response potentially bringing services online within 2 minutes of an issue.; We have common workflow process which resolve 80% of all issues.; A further 10% of all issues are resolved with Systems administration intervention and only the final 10% of issues usually result in the need to write new code.; Issues are reported by automated monitoring, servicedesk, helpline, email or chat.; You receive realtime access to incident reports, and are sent regular service performance reports.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £700 to £850 a person a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@ctidigital.com. Tell them what format you need. It will help if you say what assistive technology you use.