DevOps Hosted Platform

BDQ provide a hosted DevOps platform based on the Atlassian Stack (Jira, Confluence, Bitbucket and JIRA Service Desk), alongside Zephyr, Sonatype and Dynatrace.

We host this solution on virtual infrastructure provided by UKCloud, a provider which focuses purely on the UK public sector, or AWS.


  • Atlassian Stack - Jira, Confluence, etc
  • Zephyr Enterprise real-time test management
  • Sonatype Nexus automates open source governance and DevSecOps
  • Dynatrace provides application performance management
  • Hosted at UKCloud, AWS, customer preferred hosting supplier or on-prem
  • License management
  • Configuration and set up consultancy
  • Optionally, systems administration and ongoing support
  • Customisation based on user requirements e.g. secure JIRA Service Desk
  • License management or hosting for customer required software


  • Turnkey infrastructure to host DevOps
  • Hosted in a secure, public sector focused infrastructure
  • Atlassian Solutions Partner expertise in best-practice configuration
  • Scalable
  • No on-premise installation required.
  • Secure hosting in UK datacentres


£900 a server a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

8 8 0 9 1 3 0 9 8 6 1 5 6 7 4


BDQ Dominic Bush
Telephone: +44 (0)844 8265 236

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
We do not provide SSH access to the underlying VM itself.

Every Friday there will be a reserved window from 9pm to 12 midnight where we may take the service down for maintenance. This window will not be used every week and can be moved to another scheduled time.
System requirements
See supported browsers.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Monday - Friday 9am - 5pm. Our response time is between 4 hours and 2 days depending on the severity of the issue. Out of hours support is available at additional cost.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Standard support - included in standard pricing.

Enhanced support - depends on the level of support required.

Each customer is assigned to a named technical account manager.
Support available to third parties

Onboarding and offboarding

Getting started
We can provide onsite or public training courses for the products and consultancy services to make sure that your projects get off to the best possible start and follow best practice guidance.

Full user documentation is available for all the products.
Service documentation
Documentation formats
End-of-contract data extraction
The Atlassian and Zephyr products provide tools which allow the contents of the products to be extracted to open formats. BDQ can provide expert advice regarding extracting the data or can carry this work out as part of a consulting engagement.
End-of-contract process
At additional cost we can provide consultancy services to off-board the data. Please see our SFIA rate card for pricing.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
When you view the Atlassian and Zephyr products on a mobile device an optimised version of the page is displayed. It is possible to switch to a desktop view if required.
Service interface
What users can and can't do using the API
The Atlassian and Zephyr products have extensive REST-based APIs that allow configuration of the services and editing of the data within the product. For example, here is the documentation for Jira Cloud:
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Customers can change the visual appearance of the applications to match their own branding. Themes can be applied to change the colour scheme and custom logos can be added.

Additionally, add-ons from the Atlassian Marketplace can be used to add to the functionality of the products. We can also provide bespoke add-on development services, should the customer require some functionality or custom integration that is not available in the Marketplace.

Issue types and workflows can also be customised to match the business or development processes that the customer follows.


Independence of resources
Each customer's users are partitioned into separate Virtual Machines hosted at UKCloud. In order to ensure that the demands placed by one set of customers does not affect others, they use resource reservations and bandwidth shaping to prevent contention.

In addition, UKCloud's capacity planning team ensure that usage in terms of resources are constantly monitored and increased depending on user demand patterns.


Service usage metrics


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
UKCloud, Atlassian and Zephyr

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users can export data from within the application to a number of different formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Word
  • Excel
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We can offer various levels of SLA depending on customer requirements. For those customers requiring high availability was can offer the Atlassian and Zephyr Data Center versions which provide increased reliability. These options are additional cost and will require more virtual hardware. Please contact us for details.
Approach to resilience
Available on request.
Outage reporting
Public StatusPage dashboard with email and SMS alerts available.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
Only those users assigned to the administrator groups have access to the management user interface. A buyer specified set of users are permitted to raise support requests.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We follow the best practices described in the Cyber Essentials guidance.
Information security policies and processes
Our CTO has direct responsibility for our security policies and all employees are empowered to raise any security concerns that they may have regarding information security. Each employee's contract has a specific section in it which describes their responsibility to ensure the confidentiality and security of our customers' data. Within our Active Directory group policies we ensure password complexity and the frequency with which the system enforces a password change.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We track the configuration of each of the virtual machines that we use for customer's data. This includes details of the OS version and the Atlassian and Zephyr products installed in it.

Changes are tested in a non-production environment prior to being deployed to customer production systems.
Vulnerability management type
Vulnerability management approach
As an Atlassian Solution Partner and a Zephyr Expert partner we keep up to date with potential problems in the software and deploy fixes as soon as they become available. We are provided information regarding potential threats from the product vendors. We also ensure that the underlying operating system is regularly updated to ensure that any threats are addressed in a timely fashion.
Protective monitoring type
Protective monitoring approach
We monitor access logs for unusual activity and will respond by contacting the named customer representative to verify if the activity is authorised or not. For more obvious events we would temporarily disable access to the system. If informed of potential problems we will respond within 2 hours.
Incident management type
Incident management approach
We have a series of predefined incident management workflows based on the Information Technology Infrastructure Library (ITIL) incident management workflow. Users can report incidents via our JIRA Service Desk or by email. Incident reports are sent to end customers via email.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£900 a server a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.