This G-Cloud 12 service is no longer available to buy.

The G-Cloud 12 framework expired on Monday 28 November 2022. Any existing contracts with Bitjam Limited are still valid.
Bitjam Limited

Co-produced software development services

Bitjam is an ethical software company that develops innovative solutions for web, mobile, IoT and AI systems. We are a highly experienced team using co-production and agile methodology, focusing on accurately fit the needs of the users. Proven experience in multi-national public sector systems with a social impact.

Features

  • Tailored to each client
  • Ethical company, driven by social impact
  • Experienced development team
  • Apps and web services proven to benefit communities
  • Highly collaborative process
  • Adept at both multinational and smaller projects
  • Agile methodology
  • Reliable technologies

Benefits

  • Accessible on mobile and web
  • Supports remote working
  • Easy to use final product developed with users
  • Scalability

Pricing

£450 a person a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at carl@bitjam.org.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 4 1 9 7 1 0 5 7 0 2 0 5 6 8

Contact

Bitjam Limited Carl Plant
Telephone: 01782 454304
Email: carl@bitjam.org.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
Dependant on SLA
System requirements
Nil

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard Support Monday to Friday: 09:00 - 17:00
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Dependent upon agreed SLA
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Video or face to face meeting(s) carried out to scope out specifications that are documented and agreed upon. Letter of engagement signed along with terms and conditions. User documentation or videos supplied on completion.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Bitjam are data processors only so the client has control of data management during and after our R&D services have completed.
End-of-contract process
Full data copy provided to customer, then service terminated and all data deleted

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
We design products to be mobile-friendly. Differences between the mobile and desktop service depend on application specifications
Service interface
Yes
Description of service interface
Dependant on specific product
Accessibility standards
WCAG 2.1 A
Accessibility testing
A blind student has tested out our main types of software.
API
No
Customisation available
Yes
Description of customisation
Software is co-produced with the client.

Scaling

Independence of resources
Dedicated client servers, and SLA for support time.

Analytics

Service usage metrics
Yes
Metrics types
Usage and performance
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
In-house
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Login, depending on permissions, they can select data and download to their local machine as a CSV.
Data export formats
  • CSV
  • Other
Other data export formats
  • Json
  • Pdf
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Dependent upon agreed SLA
Approach to resilience
Available on request
Outage reporting
We set up Emails alerts and text message alerts for specific users. We also provide access to dashboards.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
We have identity management processes (IAM in AWS for example) and 2Fa, with each user registered on a access list per software or service we use.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
We are a small team of three so reporting is done immediately following any learning experience or incident.

We have DPIA assessments and privacy statements (where necessary) for each new project. We have data protection, data privacy, records management and information security policies in place.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We use Gitlab to track changes and change requests.

We develop using a staging environment where we can test new features, for any changes to existing code we assess if the change has low, medium or high risk on data security and integrity. Each level has increasing levels of testing and user acceptance testing.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We monitor using Anti virus scanner and https://vuls.io. We patch the service when we get notified of high level security patches from ubuntu-security-announce.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Enhanced alerting - 16 hours per working day. Customer access to analysed data.

We scan applications we host for vulnerabilities plus malware scanning. We monitor any system we host for abnormal traffic or abnormal resource utilisation, we review access logs and error logs for any suspicious activity.

Regular reporting.
Incident management type
Supplier-defined controls
Incident management approach
Yes we have a policy that states how incidents are reported and escalated. We have a duty to report to our clients if any data breach has occurred. We also have a process to review near misses and action against them.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
NHS Network (N3)

Pricing

Price
£450 a person a day
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at carl@bitjam.org.uk. Tell them what format you need. It will help if you say what assistive technology you use.