Tech City Ventures

Nitrous delivers innovation through artificial intelligence, big data and blockchain solutions

Nitrous is a leader in the UK's CivTech and GovTech ecosystems, helping government, SMEs and industry innovate together. We deliver GDS complaint solutions, secured on government networks, in artificial intelligence, big data and blockchain to enable cost effective digital transformation in the public sector.


  • Integration of cloud APIs into legacy apps and websites
  • Artificial intelligence used for better cloud and SME procurement
  • Technology to discover and integrate with cloud systems
  • Cloud based tools for big data service development
  • Cloud collaboration features for co-creation
  • Identifying talent and tools for co-creation projects
  • Development and integration of GovTech cloud solutions
  • Secure, UK based, GDS Technology Code of Practice Compliant
  • Agile trials of leading cloud technologies
  • Cloud analytics and insights for innovative office space management


  • Improve operational efficiency through continuous cloud updates
  • Complimentary cloud tools and solutions to support innovation
  • Enhance collaboration between government and industry
  • Access low-cost or complimentary trials of cloud and data technologies
  • A proven and validated approach to cloud innovation with ROI
  • Deliver better cloud-based services to the public quicker
  • Get better ROI from open data and cloud strategies
  • Leverage cutting edge technologies like blockchain and AI faster
  • Access artificially intelligent features for new services


£10 per person per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10


Tech City Ventures

George Johnston


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints N/a
System requirements
  • Proxy/public internet access or whitelisting for our solution
  • Internet Explorer 11 and above
  • Firefox (latest 2 versions)
  • Chrome (latest 2 versions)
  • Safari on Mac (latest 2 versions)
  • Windows 7 SP1 (and above)
  • MacOSX/MacOS (10.8 and above)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Business day response SLA = 5 hours
No weekend email support without additional agreement
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Chat is provided by Intercom and has some accessibility functionality.
Web chat accessibility testing Limited
Onsite support Onsite support
Support levels Support levels are universal for all our customers
Each client is assigned a Customer Success Manager
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite training and user documentation
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction All our user data can be extracted as an ODF or XML file and our support team can aid in this process. After 112 days we will securely and permanently delete all content remaining on the platform.
End-of-contract process Our data export tool enables the retrieval of all file content and data.

When an account is suspended, admin users are provided with restricted access to all data for limited period of time. After 112 days we will securely and permanently delete all content remaining on the platform.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No significant differences
Accessibility standards None or don’t know
Description of accessibility All functionality is provided by the supported web browser with no extra embed features
Accessibility testing We regularly test to ensure the service is HTML 5 compliant. This allows is to use assistive technology.
What users can and can't do using the API API is set up through submitting a support ticket with our technology team.
Users must request changes to the API via a support ticket.
Our API allows for automated provisioning on boarding users and uploading and downloading of data.
API documentation Yes
API documentation formats
  • HTML
  • ODF
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Some features include; Custom URL domains, visual customisation and branding such as logos.

We can look at supporting extra customisation on a case by case basis.


Independence of resources We use UKCloud, a cloud provider which allows scaled usage without sacrificing speed quality. We further use NewRelic, a cloud solution which provides detailed real-time and historical analysis of our solutions' current and future capacity requirements.


Service usage metrics Yes
Metrics types Each client has a customer success manager who provides reports detailing activity metrics and data analytics.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Various

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach In-built export capability or 3rd party file synchronisation via our APIs
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability 99.9% guaranteed uptime
5 working day SLA.

Our Users will be refunded by a % defined in our contract, for each working day lost of the contract value they don't have access to our software.
Approach to resilience Our hosting partner UKCloud, has resilience built into the platform to reduce single points of failure and also a second independent disaster recovery data centre. Replication between two geographically disparate data centres is completed in realtime for optimum protection.
Outage reporting For planned maintenance outages, all administrators are notified minimum 7 days via email.

Unplanned outages are reported via our notifications system, social media and our intercom support portal.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels We use Role-Based Access Control (RBAC) for all users.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications We are prepared to certify up to SC cleared

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach All of our systems are protected with 256-bit encryption and all software requires passwords to be accessed.
Information security policies and processes We utilise an information security filing system where we store all our policies and standards.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We log all changes of our solutions and their individual modules throughout the application lifecycle.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All threats our platforms are checked on an ongoing basis for potential impact. Where vulnerabilities exceed our risk threshold remediation is managed.
We frequently develop patches and will do on an ad-hoc basis where required with significant threats.
We constantly keep up to date with the latest threats and ensure we are in the best position to react.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our software utilises third party tools to detect intrusions and our technical team will have access to an on-call 24*7/365 support engineer who will investigate.
We categorise all our issues based on threat level to ensure we can deliver the appropriate response.
Incident management type Supplier-defined controls
Incident management approach Our third party supplier provides us bi-annual reporting.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • New NHS Network (N3)
  • Joint Academic Network (JANET)
  • Other


Price £10 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Fully functioning platform access, with full use of key features and support options

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Terms and conditions
Service documents
Return to top ↑