BDQ provide a hosted DevOps platform based on the Atlassian Stack (JIRA, Confluence, Bitbucket and JIRA Service Desk), alongside Zephyr, Sonatype and Dynatrace.
We host this solution on virtual infrastructure provided by UKCloud, a provider which focuses purely on the UK public sector, or AWS.
- Atlassian Stack - JIRA, Confluence, etc
- Zephyr Enterprise real-time test management
- Sonatype Nexus automates open source governance and DevSecOps
- Dynatrace provides application performance management
- Hosted at UKCloud, AWS, customer preferred hosting supplier or on-prem
- License management
- Configuration and set up consultancy
- Optionally, systems administration and ongoing support
- Customisation based on user requirements e.g. secure JIRA Service Desk
- License management or hosting for customer required software
- Turnkey infrastructure to host DevOps
- Hosted in a secure, public sector focused infrastructure
- Atlassian Solutions Partner expertise in best-practice configuration
- No on-premise installation required.
- Secure hosting in UK datacentres
£900 per server per month
+44 (0)844 8265 236
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
We do not provide SSH access to the underlying VM itself.
Every Friday there will be a reserved window from 9pm to 12 midnight where we may take the service down for maintenance. This window will not be used every week and can be moved to another scheduled time.
|System requirements||See supported browsers.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Monday - Friday 9am to 5pm we respond within 4 hours and 2 days depending on severity.
Outside of standard office hours we can provide additional coverage at additional cost.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Standard support - included in standard pricing.
Enhanced support - depends on the level of support required.
Each customer is assigned to a named technical account manager.
|Support available to third parties||Yes|
Onboarding and offboarding
We can provide onsite or public training courses for the products and consultancy services to make sure that your projects get off to the best possible start and follow best practice guidance.
Full user documentation is available for all the products.
|End-of-contract data extraction||The Atlassian and Zephyr products provide tools which allow the contents of the products to be extracted to open formats.|
|End-of-contract process||At additional cost we can provide consultancy services to off-board the data. Please see our SFIA rate card for pricing.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||When you view the Atlassian and Zephyr products on a mobile device an optimised version of the page is displayed. It is possible to switch to a desktop view if required.|
|Accessibility standards||WCAG 2.0 AA or EN 301 549|
WCAG 2.0 AA or EN 301 549
Service interface testing
Atlassian test their software using a variety of screen readers and browsers and their design guidelines have been created with accessibility in mind. They audit their product to ensure that they are compliant with Section 508 and WCAG 2.0 AA, and publish the VPAT documents that describe how their products address the requirements of the US Rehabilitation Act. They also encourage users to report any problems that they have with accessibility concerns.
|What users can and can't do using the API||The Atlassian and Zephyr products have extensive REST-based APIs that allow configuration of the services and editing of the data within the product. For example, here is the documentation for JIRA Cloud: https://docs.atlassian.com/jira/REST/cloud/|
|API documentation formats||HTML|
|API sandbox or test environment||No|
|Description of customisation||
Customers can change the visual appearance of the applications to match their own branding. Themes can be applied to change the colour scheme and custom logos can be added.
Additionally, add-ons from the Atlassian Marketplace can be used to add to the functionality of the products. We can also provide bespoke add-on development services, should the customer require some functionality or custom integration that is not available in the Marketplace.
Issue types and workflows can also be customised to match the business or development processes that the customer follows.
|Independence of resources||
Each customer's users are partitioned into separate Virtual Machines hosted at UKCloud. In order to ensure that the demands placed by one set of customers does not affect others, they use resource reservations and bandwidth shaping to prevent contention.
In addition, UKCloud's capacity planning team ensure that usage in terms of resources are constantly monitored and increased depending on user demand patterns.
|Service usage metrics||No|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||UKCloud, Atlassian and Zephyr|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Users can export data from within the application to a number of different formats.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||Word|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||We can offer various levels of SLA depending on customer requirements. For those customers requiring high availability was can offer the Atlassian and Zephyr Data Center versions which provide increased reliability. These options are additional cost and will require more virtual hardware. Please contact us for details.|
|Approach to resilience||Available on request.|
|Outage reporting||Public StatusPage dashboard with email and SMS alerts available.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Only those users assigned to the administrator groups have access to the management user interface. A buyer specified set of users are permitted to raise support requests.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||Between 1 month and 6 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||Between 1 month and 6 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||We follow the best practices described in the Cyber Essentials guidance.|
|Information security policies and processes||Our CTO has direct responsibility for our security policies and all employees are empowered to raise any security concerns that they may have regarding information security. Each employee's contract has a specific section in it which describes their responsibility to ensure the confidentiality and security of our customers' data. Within our Active Directory group policies we ensure password complexity and the frequency with which the system enforces a password change.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
We track the configuration of each of the virtual machines that we use for customer's data. This includes details of the OS version and the Atlassian and Zephyr products installed in it.
Changes are tested in a non-production environment prior to being deployed to customer production systems.
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||As an Atlassian Solution Partner and a Zephyr Expert partner we keep up to date with potential problems in the software and deploy fixes as soon as they become available. We are provided information regarding potential threats from the product vendors. We also ensure that the underlying operating system is regularly updated to ensure that any threats are addressed in a timely fashion.|
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||We monitor access logs for unusual activity and will respond by contacting the named customer representative to verify if the activity is authorised or not. For more obvious events we would temporarily disable access to the system. If informed of potential problems we will respond within 2 hours.|
|Incident management type||Undisclosed|
|Incident management approach||We have a series of predefined incident management workflows based on the Information Technology Infrastructure Library (ITIL) incident management workflow. Users can report incidents via our JIRA Service Desk or by email. Incident reports are sent to end customers via email.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£900 per server per month|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|