Nitrous is a leader in the UK's CivTech and GovTech ecosystems, helping government, SMEs and industry innovate together. We deliver GDS complaint solutions, secured on government networks, in artificial intelligence, big data and blockchain to enable cost effective digital transformation in the public sector.
- Integration of cloud APIs into legacy apps and websites
- Artificial intelligence used for better cloud and SME procurement
- Technology to discover and integrate with cloud systems
- Cloud based tools for big data service development
- Cloud collaboration features for co-creation
- Identifying talent and tools for co-creation projects
- Development and integration of GovTech cloud solutions
- Secure, UK based, GDS Technology Code of Practice Compliant
- Agile trials of leading cloud technologies
- Cloud analytics and insights for innovative office space management
- Improve operational efficiency through continuous cloud updates
- Complimentary cloud tools and solutions to support innovation
- Enhance collaboration between government and industry
- Access low-cost or complimentary trials of cloud and data technologies
- A proven and validated approach to cloud innovation with ROI
- Deliver better cloud-based services to the public quicker
- Get better ROI from open data and cloud strategies
- Leverage cutting edge technologies like blockchain and AI faster
- Access artificially intelligent features for new services
£10 per person per month
- Education pricing available
- Free trial available
Tech City Ventures
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Business day response SLA = 5 hours
No weekend email support without additional agreement
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Chat is provided by Intercom and has some accessibility functionality.|
|Web chat accessibility testing||Limited|
|Onsite support||Onsite support|
Support levels are universal for all our customers
Each client is assigned a Customer Success Manager
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Onsite training and user documentation|
|End-of-contract data extraction||All our user data can be extracted as an ODF or XML file and our support team can aid in this process. After 112 days we will securely and permanently delete all content remaining on the platform.|
Our data export tool enables the retrieval of all file content and data.
When an account is suspended, admin users are provided with restricted access to all data for limited period of time. After 112 days we will securely and permanently delete all content remaining on the platform.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||No significant differences|
|Accessibility standards||None or don’t know|
|Description of accessibility||All functionality is provided by the supported web browser with no extra embed features|
|Accessibility testing||We regularly test to ensure the service is HTML 5 compliant. This allows is to use assistive technology.|
|What users can and can't do using the API||
API is set up through submitting a support ticket with our technology team.
Users must request changes to the API via a support ticket.
Our API allows for automated provisioning on boarding users and uploading and downloading of data.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
Some features include; Custom URL domains, visual customisation and branding such as logos.
We can look at supporting extra customisation on a case by case basis.
|Independence of resources||We use UKCloud, a cloud provider which allows scaled usage without sacrificing speed quality. We further use NewRelic, a cloud solution which provides detailed real-time and historical analysis of our solutions' current and future capacity requirements.|
|Service usage metrics||Yes|
|Metrics types||Each client has a customer success manager who provides reports detailing activity metrics and data analytics.|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Various|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||Physical access control, complying with SSAE-16 / ISAE 3402|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||In-built export capability or 3rd party file synchronisation via our APIs|
|Data export formats||
|Data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
99.9% guaranteed uptime
5 working day SLA.
Our Users will be refunded by a % defined in our contract, for each working day lost of the contract value they don't have access to our software.
|Approach to resilience||Our hosting partner UKCloud, has resilience built into the platform to reduce single points of failure and also a second independent disaster recovery data centre. Replication between two geographically disparate data centres is completed in realtime for optimum protection.|
For planned maintenance outages, all administrators are notified minimum 7 days via email.
Unplanned outages are reported via our notifications system, social media and our intercom support portal.
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||We use Role-Based Access Control (RBAC) for all users.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||No audit information available|
|Access to supplier activity audit information||No audit information available|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||We are prepared to certify up to SC cleared|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||All of our systems are protected with 256-bit encryption and all software requires passwords to be accessed.|
|Information security policies and processes||We utilise an information security filing system where we store all our policies and standards.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||We log all changes of our solutions and their individual modules throughout the application lifecycle.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
All threats our platforms are checked on an ongoing basis for potential impact. Where vulnerabilities exceed our risk threshold remediation is managed.
We frequently develop patches and will do on an ad-hoc basis where required with significant threats.
We constantly keep up to date with the latest threats and ensure we are in the best position to react.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Our software utilises third party tools to detect intrusions and our technical team will have access to an on-call 24*7/365 support engineer who will investigate.
We categorise all our issues based on threat level to ensure we can deliver the appropriate response.
|Incident management type||Supplier-defined controls|
|Incident management approach||Our third party supplier provides us bi-annual reporting.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£10 per person per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Fully functioning platform access, with full use of key features and support options|