Aru Vally Ltd - Digital

Cloud Product and Web or Mobile Application Services

Simplifying Web Design and Mobile Application Services. On Engagement with B2B/B2C on Architecture Design, QATesting, Consulting, OnsiteSupport, Web Design, and Mobile Application IT Services. We deliver supports on Database Management, Consulting, Onsite Support, and Delivery of Fixed-Term IT consulting Data Migration, Upgrade Services for Microsoft, Oracle, AWS PaaS platforms.

Features

  • Web Design Technologies and perfect ERP or CRM solutions
  • Mobile Application Design and CRM
  • CRM and eCommerce solutions as the best solution of USP.
  • Secure and User Managements on Website Management systems
  • Build, Configure, Migrate Databases to AWS, Azure, Google Cloud Products
  • QAT and Functional Testing services across domains.
  • Web Design Technologies and perfect ERP or CRM solutions.
  • Build Operate Transfer with Zero Tolerance & Full Satisfactory
  • UI & UX design to deliver as business needs.
  • Mobile Technologies in iOS, Android and Hybrid Applications.

Benefits

  • 24×7×365 services for continuous support, maintenance
  • Support, managed or consulting services any platform
  • Essentials (BAU), LIVE Services and Migration Services
  • DBaaS, PaaS, IaaS as Outsourcing or On-Premises Support
  • Build, Configure, Migrate Databases to AWS, Azure or Google Cloud
  • IT Support Services - B2B / B2C
  • Technical Architecture & Design Enhancements to the WebSite
  • Archiving, Backup & Recovery, Disaster Planning & Assurance
  • Monitoring Process, Message Notification & Log queuing.
  • Secure and User Managements on Database Management systems

Pricing

£150 to £1,200 a person

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aruvallyltd@outlook.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 7 2 8 1 7 7 5 6 6 0 4 3 0 8

Contact

Aru Vally Ltd - Digital Aru Vally Ltd
Telephone: +44 7533199059
Email: aruvallyltd@outlook.com

Service scope

Service constraints
Any constraints will be identified through discussion with the Buyer.
This service is for resource provision only. Resources will normally be provided to any reasonable location within the UK during normal UK business days and office hours. Travel and subsistence may be payable outside London and surrounding area. Unsocial hours payments may be required if service is needed outside normal UK business days and office hours. More information defined in the terms and condition agreements documents.
System requirements
  • AWS, Azure, Oracle Cloud, Google Clouds
  • Unix - AIX, HP, Solaris
  • Linux : Ubuntu, Centos, RHEL, Oracle Linux
  • Windows Servers, Windows - VM, Linux - VM, Oracle VM
  • Oracle Licences, RHEL License for software products
  • Server Operating system Licences and Support Licences
  • Azure, AWS, G-Cloud, Digital Ocean, UK Cloud, Private Cloud
  • Microsoft Server & Microsoft Licences
  • Open Source platform supports

User support

Email or online ticketing support
Yes, at extra cost
Support response times
We don't charge for the email support as an unlimited response until resolving the ticket/reference no. We might charge for the online ticketing support as we've in the situation to pay to third-party application providers.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
Groups: with the name of the company with restricted users in the 'Slack' and Yammer licensed product using WCAG* accessibility standards.
Onsite support
Yes, at extra cost
Support levels
We propose the service charges, onboarding, and transitions/implementation/support based on the projects.
On-Boarding the Service
The following activities will be undertaken to onboard the service:
• Stakeholder identification and hold a kick-off meeting
• Transition and undertake knowledge transfer of the client requirements to the supplier support team. As the initial implementations, deliverables was undertaken by the supplier is the assumption is that this will be performed onsite from a client location
• Cascade knowledge within the supplier support team.
• Execute CLIENT PROJECT Assurance Check
• Set up Performance Reports in collaboration with Client Service AND Application Management team to define requirements
• Conduct Service Acceptance and Readiness Reviews in collaboration with the client and service Application Management team to provide further assurance alongside the deliverables
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Providing onsite training Providing the starter packs
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • Word documents
  • Ppt documents
  • Publisher documents
  • Excel documents
  • Office 365 access to the documents via one drive
  • Google drive
  • Dedicated server access to the documents which stores confidentiality.
End-of-contract data extraction
Using the confluence and proper handover word document, spreadsheets will be prepared to hand over to the supplier before the 2 weeks of the contract ends. Handover – Design:- written as a handover document (a brain-dump, if you like) to detail all of the regular tasks • Regular (30-60 minute) checks • Regular progression checks • Overview per Issue Type • A story, Epic, SubTasks • Dependency, Document, Risk/Issue, Milestone • New Feature, Request, Task • User Access Requests • Follow-up on Un-Assigned, Un-Resolved, Slow-moving & Aged Non-Bugs
End-of-contract process
Any contract comes to end, need to ensure with another handover clients happy with the handovers within the stipulated period of time of the contracts comes to end. Any further delays to the handover which isn't accepted and satisfactory by the new supplier or clients will be additional charges on a daily basis and to the led time with the 3 grace days.

Using the service

Web browser interface
Yes
Using the web interface
HTTP/HTTPS access to web-interface of environment services hosted in Cloud Zone End Service based authentication VPN authenticated user can access web-user interface LDAP based Authentication, Access to Jumpbox over SSH Access to Servers in Cloud Zone based on LDAP group authentication Use SSH Tunnel on Jumpbox to access web-interface of production, preproduction, development environment services
Web interface accessibility standard
WCAG 2.1 A
Web interface accessibility testing
HTTP/HTTPS access to web-interface with 2FA User name & Password - the users' email address so that they can be identified and contacted, Multi-Factor Authentication Token - a short-lived token that is set up using a hardware fob, or a mobile device (Google Authenticator ), Mandating the use of multi-factor authentication (something the users own - the token on their phone or fob, and something they know - their password). We are moving towards a model of using HashiCorp Vault to issue temporary short-lived (30 min in duration)
API
Yes
What users can and can't do using the API
Custom and specific usage with business to business and b2c
Any constraints will be identified through discussion with the Buyer.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
Any constraints will be identified through discussion with the Buyer.

we've secure 2FA and yupkey for managing the user can authenticate and use the command-line interface.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Configuring the high availability, reliability and stability. Openness, Excellence and Reliability’ are embedded in our commercial relationships and service delivery making us stand out from the crowd. Simplifies the Database, Managed and Infrastructure Services, PaaS, IaaS and AruVally Ltd that makes their practices more Productive, Reliable, Securable and Profitable.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • SMS
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Database Performances
  • Database Growths
  • Database Tuning Advices
  • Server Activities
  • Graphs and Business Intelligence Reports
  • Infrastructure recommendations reports
  • Databases and Server Upgrade Recommendations Metrics
  • Business and Infrastructure Performance reports
  • Metrics can be customised and export as office 365 tools
  • Interactive custom based gui and graph reports.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Databases
  • Backup using external tools
  • Online backup
  • Offline backup
  • Backup to tape
  • Virtual machines
  • Servers
  • File backups
  • Remote offline backup
  • External devices
Backup controls
Business Data (BD) The business data is processed through the system. System Data (SD) Data which system uses or generates is vital to the system operation Source Code (SC) Any code is saved in a source control system which is used to build deployable resources. User Activity Log (UAL) Data which is recorded (in log files) about activities System Activity Log (SAL) Data which is recorded (in log files) about activities System Trace Log (STL) All the logging information which gets written into log files Working Data (WD) All of the temporary data that gets written into temp, database tables.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Single datacentre with multiple copies
  • Single datacentre
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Cloud (AWS, Google, Azure) access will have an entry that spans the whole of the VPC subnet. This means it will explicitly state, that the VPC will route any traffic internal to the VPC. 1. Enable AWS/Google/Azure MFA (Multi-Factor Authentication). Virtual MFA is acceptable from a security standpoint. 2. Enable AWS/Google/Azure Cloudtrail for management and support access Core Boundary Control Private Application Zone Data Boundary Control Management Edge Boundary Control External Simulator Zone Data Zone Management Boundary Control
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
SLA:- P1 – 1 hour response time, 2 hour fix time, loss of all functionality to all users P2 – 2 hour response time, 4 hours fix time, loss of some functionality to a subset of users or all users P3 – 4 hour response time, 1 day fix time, loss of data or a single problem or slow to respond leading to no result AN P4 – 8 hour response time, up to 2 days fix time, loss of some functionality If a problem, the supplier to provide a fix within 10 working days. Extensions to this period may be subject to negotiation and agreement. Support hours will be Monday – Friday from 8am to 6pm excluding bank holidays. Extended support hours can be facilitated, Options for such extended hours include: - Provision of a silver service tier model of extended support hours from 7am to 7pm. - Provision of support for high severity incidents (Priority 1 and 2) through on-call resources out of hours on a 24/7 basis including weekends and Bank Holidays. - P1/2 24/7 on-call service with extra costs as an optional additional service. This is not included and subject to contract or variation.
Approach to resilience
We will discuss with the client to provide the resilient with a different data centre with various zones.
Outage reporting
EMail alerts API triggers Phone alerts Private Dashboards and Dashboards through internal tv monitors. Notifications in the web services and service update via internet.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
A dedicated device on a segregated network (providers own provision)
A dedicated device on a government network (for example PSN)
Dedicated device over multiple services or networks
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
31/03/2020
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
N/A
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • HMG Accreditation
  • PSN Accreditation

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
ISO/IEC 9001
Information security policies and processes
Business continuity. keep away from downtime with the management of risk, lawful compliance, and vigilance of future security issues and concerns.
Customer satisfaction. Give clients confidence that their personal information is safe and confidentiality upheld.
Proven business credentials. Independent verification against an internationally known industry standard speaks volumes.

Understand how statutory and regulatory necessities impact your organization and its clients and decrease the risk of facing prosecution and fines.
Ability to win more business. Procurement specifications frequently need certification as a condition to supply, so gaining certification opens doors.
Enhanced risk management. Make sure client records, financial information, and intellectual property is protected from loss, theft, and harm through a systematic framework.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Any change management process:- - To be submitted once all Design, Build and Test activities have been completed and the change is ready for deployment into a controlled IT environment. - Where relevant RfC and Risk & Impact Assessment must be supported by Design, Build and Test evidence. - The full change submission lead-time must be provided. - Normal changes must be submitted prior to the implementation date. - All mandatory requirements must be completed. - Any Expedite Change must be completed. - Failure to provide any pieces of information may result in the change being rejected and a delay.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Maintenance and Security patching to be scheduled into agreed MR releases with agreed outages. The supplier shall provide at least 10 days prior notice and any changes will need to be agreed by the clients with a consultation with customers and end-users. The supplier will be expected to contact clients to clarify and agree with the patches.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Emails, monitoring tools, automation process.
Email Alerts
API triggers
Phone alerts
Private Dashboards and Dashboards through internal tv monitors.
Notifications in the web services and service update via internet.
Incident management type
Supplier-defined controls
Incident management approach
The problem shall be identified, logged, and is acknowledged back to the clients as being worked on. External to incidents, the supplier shall agree with the clients as to the period of time to provide a root cause analysis and fix for the problem. The supplier shall provide written root cause analysis documentation to the clients. In the event of a problem, the supplier should attempt to provide a fix within 10 working days. However, extensions to this period may be subject to negotiation and agreement. The supplier will be expected to align and report on responsiveness to the SLA

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Oracle VM
How shared infrastructure is kept separate
Configuring the Oracle VM, Hyper-V, RHEL Virtualisation or Citrix based on the client requirements with 24x7 uptime and deliverables.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Disclosed upon application.

Pricing

Price
£150 to £1,200 a person
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aruvallyltd@outlook.com. Tell them what format you need. It will help if you say what assistive technology you use.