Durable Digital LTD.

Bespoke application development

Durable is a digital agency focused on web, email, CRM and analytics platforms. From strategy, design, and development to training and support, we orchestrate the entire project lifecycle—building our clients’ knowledge and capability as we go.


  • Digital strategy
  • Technical strategy
  • Change management
  • Research
  • Content strategy
  • User experience design
  • Engineering and development
  • Quality assurance
  • Training
  • Support


  • Place our work in the broadest strategic context
  • Holistic approach that considers business strategy, architecture and users
  • Make it easier through planning and participation
  • Qualitative work and action-oriented findings
  • Translate internal strategy into outward-facing communications
  • Advocate for users without losing sight of business goals
  • Decrease risk by formalizing a release process
  • Research diligently, plan strategically, design intelligently, build thoughtfully
  • Helps content editors, designers and marketers to broadly conceptualize
  • Tailored support offering for each situation


£150000 to £1000000 per instance per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

5 4 0 8 1 5 0 3 6 5 9 2 3 2 0


Durable Digital LTD.

Shane Marsden

+44 20 7247 5793


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Durable provides bespoke .NET development services which either sit alongside or integrate with third party systems.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
Service constraints Software development is bespoke to the customer's needs.
System requirements Depends on requirements

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard response times are within 24-hours during business hours. Enterprise customers benefit from faster response times.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing We have performed no such testing.
Onsite support Onsite support
Support levels Various Service Level Agreements and costs offered depending on needs. Technical and Cloud support engineers made available as needed.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We undertake discovery, design and development processes appropriate to your requirements, through to full system testing. Durable provides on-site training for content editors and administrators.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data is securely transferred or downloaded to a physical drive.
End-of-contract process Through request to Durable a full back-up of the instance and accompanying assets can be provided. Durable can provide additional Exit Planning and Management services upon request.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Fully responsive and works across mobile, tablet, desktop and other devices (TV, etc) with the same interface.
Service interface Yes
Description of service interface By default, there is no service interface but one can be added.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing We do formal testing on code that we write.
What users can and can't do using the API Depends on requirements
API documentation Yes
API documentation formats
  • HTML
  • ODF
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Depends on requirements


Independence of resources Per requirements


Service usage metrics Yes
Metrics types Google Analytics, Adobe Analytics, IBM Coremetrics (IBM Digital Analytics), Unica NetInsight, Sitecore Experience Analytics
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported directly from the database or an export can be run that downloads content as a compressed XML file.
Data export formats
  • CSV
  • ODF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Per client requirements
Approach to resilience Available upon request
Outage reporting Email alerts; public dashboard

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels On demand
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach If our clients have a security governance approach, we follow it.
Information security policies and processes Durable maintains a set of security policies aligned with ISO27001 standards. All staff are briefed on the security policy at induction and ongoing compliance supported by an internal learning process.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Durable operates a Change Management process to ensure that all configuration or service changes are put through a controlled process, ensuring that impact and risk are managed, quality is maintained, and that changes are planned, documented and approved.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Durable undertakes periodic independent pen and vulnerability scanning of our networks and network services.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We actively monitor the service at all times. The service is able to detect when a particular site is experiencing extraordinary load and begins to isolate the site in question to leave resources available for other sites. The feature is designed specifically with DDoS in mind but also serves to isolate sites with malfunctioning code.
Incident management type Supplier-defined controls
Incident management approach Durable operates a mature Incident and Service Request Management process. The process is operated by our Service Management tool, which is interactive and can be configured to support the ticket workflow and metrics agreed with customers. Customers can report and update incidents via our interactive portal, email and telephone. Though we operate a core Incident Management policy and process, these can be tailored within customers Service Level Agreements to support common incidents and events.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £150000 to £1000000 per instance per year
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑