Co-produced software development services
Bitjam is an ethical software company that develops innovative solutions for web, mobile, IoT and AI systems. We are a highly experienced team using co-production and agile methodology, focusing on accurately fit the needs of the users. Proven experience in multi-national public sector systems with a social impact.
Features
- Tailored to each client
- Ethical company, driven by social impact
- Experienced development team
- Apps and web services proven to benefit communities
- Highly collaborative process
- Adept at both multinational and smaller projects
- Agile methodology
- Reliable technologies
Benefits
- Accessible on mobile and web
- Supports remote working
- Easy to use final product developed with users
- Scalability
Pricing
£450 a person a day
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at carl@bitjam.org.uk.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 12
Service ID
6 4 1 9 7 1 0 5 7 0 2 0 5 6 8
Contact
Bitjam Limited
Carl Plant
Telephone: 01782 454304
Email: carl@bitjam.org.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Hybrid cloud
- Service constraints
- Dependant on SLA
- System requirements
- Nil
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Standard Support Monday to Friday: 09:00 - 17:00
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Dependent upon agreed SLA
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Video or face to face meeting(s) carried out to scope out specifications that are documented and agreed upon. Letter of engagement signed along with terms and conditions. User documentation or videos supplied on completion.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Bitjam are data processors only so the client has control of data management during and after our R&D services have completed.
- End-of-contract process
- Full data copy provided to customer, then service terminated and all data deleted
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- We design products to be mobile-friendly. Differences between the mobile and desktop service depend on application specifications
- Service interface
- Yes
- Description of service interface
- Dependant on specific product
- Accessibility standards
- WCAG 2.1 A
- Accessibility testing
- A blind student has tested out our main types of software.
- API
- No
- Customisation available
- Yes
- Description of customisation
- Software is co-produced with the client.
Scaling
- Independence of resources
- Dedicated client servers, and SLA for support time.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Usage and performance
- Reporting types
-
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- EU-US Privacy Shield agreement locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- Less than once a year
- Penetration testing approach
- In-house
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Login, depending on permissions, they can select data and download to their local machine as a CSV.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- Json
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Dependent upon agreed SLA
- Approach to resilience
- Available on request
- Outage reporting
- We set up Emails alerts and text message alerts for specific users. We also provide access to dashboards.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
- Access restrictions in management interfaces and support channels
- We have identity management processes (IAM in AWS for example) and 2Fa, with each user registered on a access list per software or service we use.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
- Cyber Essentials Plus
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- Cyber Essentials Plus
- Information security policies and processes
-
We are a small team of three so reporting is done immediately following any learning experience or incident.
We have DPIA assessments and privacy statements (where necessary) for each new project. We have data protection, data privacy, records management and information security policies in place.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
We use Gitlab to track changes and change requests.
We develop using a staging environment where we can test new features, for any changes to existing code we assess if the change has low, medium or high risk on data security and integrity. Each level has increasing levels of testing and user acceptance testing. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- We monitor using Anti virus scanner and https://vuls.io. We patch the service when we get notified of high level security patches from ubuntu-security-announce.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Enhanced alerting - 16 hours per working day. Customer access to analysed data.
We scan applications we host for vulnerabilities plus malware scanning. We monitor any system we host for abnormal traffic or abnormal resource utilisation, we review access logs and error logs for any suspicious activity.
Regular reporting. - Incident management type
- Supplier-defined controls
- Incident management approach
- Yes we have a policy that states how incidents are reported and escalated. We have a duty to report to our clients if any data breach has occurred. We also have a process to review near misses and action against them.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- NHS Network (N3)
Pricing
- Price
- £450 a person a day
- Discount for educational organisations
- No
- Free trial available
- No
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at carl@bitjam.org.uk.
Tell them what format you need. It will help if you say what assistive technology you use.