G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Pulsion Technology Limited are still valid.
Pulsion Technology Limited

System Migration

We offer system migration services for all popular technologies. The key aim of our service is to ensure a risk-free migration, which provides a long-term system migration solution.

Features

  • Full migration of your existing system
  • Full system review to identify areas for improvement
  • Identification of new solutions
  • Active collaboration with key stakeholders
  • Iterative testing and refinement
  • Open source, PHP and Microsoft technologies
  • Delivered in-line with ISO 9001 and ISO 27001 processes

Benefits

  • Minimise both project and long-term costs
  • A secure migration process that protects your existing data
  • Minimise risk with regular testing, feedback and refinement
  • Client has full transparency of the migration via regular meetings
  • Secure the long-term stability of your system
  • We use the latest versions of industry leading technologies
  • Solution is based specifically on your business and user needs

Pricing

£550 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dcurrie@pulsion.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

9 2 1 9 3 8 3 7 7 0 8 0 3 7 0

Contact

Pulsion Technology Limited Daniel Currie
Telephone: 0141 352 2280
Email: dcurrie@pulsion.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
There are no constraints.
System requirements
  • Functional internet browser
  • Working connection to the internet

User support

Email or online ticketing support
Email or online ticketing
Support response times
SLA's are variable depending on Client requirements. Our standard response time is within 2 hours for 'critical' issues, within 4 hours for 'high priority' issues, and within 1 business day for all other issues.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We work to client approved support levels. As such, we will review our standard support offering against the aims and objectives for your software support. Our offering will then be suitably tailored to provide the best possible service. As standard, we offer a technical account manager and dedicated in-house support team - an online Help Desk with direct phoneline and email support - a test version of your software - maintenance of a dedicated support wiki - agreed escalation points - and regular performance reviews in-line with the SLA's. All of our pricing is highly competitive and will be determined, based on the complexity and demand of your support requirements.
Support available to third parties
No

Onboarding and offboarding

Getting started
We provide a combination of training and user documentation, which caters for both novice and experienced users. Firstly, we will collaborate with you to discuss the likely user tasks and establish both short and long-term aims of the training/documentation. We will then agree the most suitable training method(s), which typically include Group Sessions, Train the Trainer, and working with a dedicated training system. User Documentation will be clear and concise, to compliment the training session(s) and minimise your reliance on external support.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Our client owns all IPR and therefore there is no requirement for data extraction.
End-of-contract process
The contract pricing outlines everything in our proposal, to be delivered within the agreed timescales. Additional costs would only occur if the client requests further services that are outwith the original scope (e.g. additional functionality or extra training). At the end of the contract, the client will approve all of our work with a simple sign-off. As the client maintains all IPR for our services, they will then have full capability to maintain the service.

Using the service

Web browser interface
No
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
We use a mobile first design strategy. This initially confirms and tests the design for the smallest screen (i.e. a smartphone), before progressively moving to larger screens (i.e. a tablet, then desktop). This ensures that the key UI/UX features are displayed on all devices, and provides a quality User Experience, with minimal differences between the mobile and desktop service.
Service interface
No
API
Yes
What users can and can't do using the API
Our use of an API varies depending on the individual clients requirements. Full details will be provided in the API documentation, if an API is required.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Our service allows for full customisation before, during and beyond the project delivery. Before the delivery, we determine the initial scope of UI/UX requirements with our client. At this point, we are essentially working with a blank canvas and our team can customise all aspects of the solution. Both the Client and their users can shape the level of customisation at this point. During the delivery, we work in-line with PRINCE2 and agile principles. This gives the Client full transparency throughout the project, via regular progress meetings and UAT. As such, both the Client and their users can influence further customisation (to all UI/UX features), throughout the delivery phase. After the delivery, our client can determine multiple user access permissions (e.g. Administrator) which can be used to customise functions of the solution. Users may also have customisable features, such as editing their user profile. We provide full support and training for customising functionality.

Scaling

Independence of resources
This service offers a stand-alone client-only design. As such, we will follow a design which is dependent on the client’s specified user stories and expected usage. We will work with the client to monitor performance, which will be reported at an agreed frequency, in a method that is client-approved. Where practical, we will also assist in scaling the service.

Analytics

Service usage metrics
Yes
Metrics types
We provide service metrics through Google Analytics.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can request data exportation and Pulsion will provide this service for them.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We guarantee 99.9% availability. In the extremely rare event that this is not the case, we will treat this as a Critical Issue and will work continuously on the problem until it is resolved. User refunds will be agreed prior to our engagement, and will reflect the significance of the issue and time exposure.
Approach to resilience
This information is available on request.
Outage reporting
We set up instant notifications, which tell us if our there is a service outage. We then contact our Client directly, to inform them of this issue. This is not an automated process, but it managed by our dedicated support team.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
We use IP restrictions, on top of authentication.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
LRQA
ISO/IEC 27001 accreditation date
08/04/2016
What the ISO/IEC 27001 doesn’t cover
Our ISO 27001 certification underpins all of our relevant processes.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
We are ISO 27001 and Cyber Essentials Plus accredited. Reporting comprises of automated notifications to Pulsion for any incident which suffers an outage, or required administrative access or an update. A breach in security would be reported to senior staff (i.e. Staff Member > Line Manager > Head of Service). All incidents and breaches in security will be immediately reported to the client, via our dedicated account manager. We ensure that policies are followed through regular external audits, as well as frequent internal reviews.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We operate a change request process, which ensures both the requester and approver focus on five key points: has the change been tested; is there a rollback plan; which resources are required; what risks are involved; have relevant parties been informed. We approve change requests through relevant management representatives, as well as client contacts, where appropriate. We also record change requests against the appropriate project, and update related version documentation accordingly.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We assess potential threats to our service through continuous monitoring and by receiving instant notifications for required patches. Notifications come immediately from trusted vendors only. Once we receive a notification, we will begin the process of deploying a patch as soon as possible. This will often require testing from the offset, to ensure that no levels of customisation are broken. All patches are communicated with the Client, from first notification, straight through to deployment.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We perform a comprehensive range of testing methods on all of our development work, prior to deployment. This is conducted by our in-house Quality Assurance specialist, and serves to immediately detect compromises and vulnerabilities. Once identified, we may conduct additional testing after deployment, to specifically ascertain if the issue applies to our work. If it does, we will take action to patch this as soon as possible. If it doesn’t, we will assess the severity and choose an appropriate action, after discussion with the client. We respond to all incidents within client-approved service levels.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incidents are reported to line management via task management system as per our Integrated Management System processes, as well as by email and/or in person. Reporting would carry on up to CEO/Managing Director level where deemed appropriate. Account managers will inform affected clients where applicable through similar means – email, phone call and/or in person.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Pricing

Price
£550 a unit a day
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dcurrie@pulsion.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.