Rapp Ltd Trading as Code Worldwide

Bespoke Database design, build and hosting

Design and requirements for development and hosting of bespoke database solutions. Including Database warehousing, Archiving and DR. Management of solutions including Databases administration, loading, logging and analysis, intrusion detection and protective monitoring across multiple database and hosting platforms.

Features

  • Full service
  • Self Service
  • Managed service
  • Marcoms
  • Management reporting - logging and analysis of database performance
  • Management of Cloud services (AWS, GOOGLE,AZURE etc)
  • Content delivery network

Benefits

  • No requirement to have any expertise in managing services
  • No need to manage infrastructure or info sec (specialist services)
  • Shared resources allowing better management of peak activity
  • Full E2Edesign and fulfillment of all 1-1 communications
  • Solid and transparant KPIs
  • Removal of internal IT services at scale
  • Fully manage content at scale solution

Pricing

£10,000 to £20,000,000 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.buckley@uk.rapp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 8 1 7 6 4 8 6 9 4 2 7 1 0 9

Contact

Rapp Ltd Trading as Code Worldwide Chris Buckley
Telephone: +447968138934
Email: chris.buckley@uk.rapp.com

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
Bespoke to client requirements
Cloud deployment model
Hybrid cloud
Service constraints
None
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
Based on SLA
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
This is based on a bespoke SLA
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Bespoke build to requirements including onsite training, online training, user documentation. and phone support
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Based on agreed contract requirements
End-of-contract process
We follow the provisions of the contract set out at the start of the relationship

Using the service

Web browser interface
No
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Bespoke to client requirements

Scaling

Independence of resources
Based on separate instances and bespoke auto scaling plans

Analytics

Service usage metrics
Yes
Metrics types
Based on client requirements
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
We are product Agnostic supporting all platforms

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Based on client requirements
Data export formats
  • CSV
  • Other
Other data export formats
.txt
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
.txt

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Based on Requirements standard is 99%
Approach to resilience
Based on Requirements standard is 99%
Outage reporting
Based on Requirements standard is email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Available on request meets ISO 27001
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
DQM GRC
ISO/IEC 27001 accreditation date
11/08/2010
What the ISO/IEC 27001 doesn’t cover
Available on request
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
DataSeal

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO 217001, DataSeal accredited, PCI-DSS Compliant to level 1nGDPR/Data Protection Registration, Proprietary QMS which follows ISO9000, Data Centres additionally maintain the following SSAE 16 Type II SOC2, ISO9001 and ISO14001

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Based on Requirements and following ISO 27001
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Continuous monitoring of the threats takes place including regular penetration and vulnerability testing, subscribing to to industry vulnerability announcement lists which include US-CERT, Bugtraq, SANS plus security alert lists issued by major security vendors. Patches are applied monthly and emergency releases at short notice, a forward scheduled is published to clients
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Available on request
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Available on request

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10,000 to £20,000,000 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.buckley@uk.rapp.com. Tell them what format you need. It will help if you say what assistive technology you use.