PDMS Limited (Professional Data Management Services Limited)

Hosting and Managed Service

PDMS provide a complete and high availability (uptime exceeding 99.9%) end-to-end Hosting and Managed Services provision and have the track record, expertise, infrastructure, systems, accreditations and partnerships to provide the systems we develop on a fully managed-service or software-as-a-service basis. Includes security, business continuity, disaster recovery, backup and patching services.

Features

• Virtualisation providing high levels of resilience
• Certified and accredited secure infrastructure and facilities
• 24/7/365 monitoring
• Geographically separated hosting facilities
• Multiple tiers of security between the application and internet
• Cyber Essentials Certified

Benefits

• High levels of availability
• High levels of security
• Full redundancy in critical systems infrastructure
• Fully managed services
• Rapid deployment

£1,000 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at saasenquiries@pdms.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

191820897588671

Contact

Catriona Watt
+44 (0) 1624 664000
saasenquiries@pdms.com

Service scope

• Service constraints: PDMS provided software
• System requirements: PDMS Software

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: A response to a support request can typically be expected to be received within four working hours of the support call being raised, however PDMS will work to agree SLAs with the buyer and can provide higher levels of service where required.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: As standard, PDMS provide support 09.00 - 17.00 Monday to Friday excluding UK bank holidays. The support level depends on the type and scope of the solution being supported, and the support hours required. Please see they SFIA rate card for our standard rates. Technical account management/support engineers are available where required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: See service definition document.
• Service documentation: No
• End-of-contract data extraction: See service definition document.
• End-of-contract process: See service definition document.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Client level resource segregation.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Secure Tier 3 Data centres; Secure containers, racks or cages; Physical access control; Encryption of Physical media; Safe destruction of physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines
  • Databases
  • Files
  • Logs
  • Customer Specific, requested by agreement
• Backup controls: Nightly backups of the data within the Application database will be taken to a local disk on the database server for the purposes of allowing a quick recovery from unexpected issues such as database corruption, or to enable a roll back of recently applied changes or updates etc.; Nightly backups of the data will be taken to a remote disk. This enables quick recovery from database server failure.; Nightly snapshots of the virtual machines will be taken to a remote disk, to enable for quick recovery of the web/application tier if the operating system fails.
• Datacentre setup: Multiple datacentres
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: See Service Definition document.
• Approach to resilience: No single points of failure within a datacentre and active active set-up across datacentres.; ; Further information available on request.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Management interfaces are only allowed to internal staff.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register Quality Assurance (LRQA)
• ISO/IEC 27001 accreditation date: Held since 25/03/2003
• What the ISO/IEC 27001 doesn’t cover: All areas of the business and our services are in scope
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: As part of its ISMS, PDMS have the following policies and processes; Information Security Policy, Secure Development Process, Acceptable Use Policy, Change Control Policy, Data Classification and Handling Policy, Data Protection Policy, Business Continuity Policy and an Incident Management Process, all of which are governed, managed and audited through our ISO certifications. All policies are owned and regularly reviewed by the relevant departmental manager. It is the responsibility of each departmental manager to ensure that all of their staff follow the information security policies and processes, however compliance is audited by the Quality and Standards Manager, with any issues identified reported to the relevant manager, for rectification. Operationally, Information Security is jointly managed by the Chief Operating Officer and the Quality and Standards Manager, both of whom report directly to the Chief Executive Officer, who has overall ownership at Executive Level for Security, allowing issues that require immediate escalation to be reported to the Executive Team. Operational Issues that do not require immediate escalation are discussed at the monthly management meetings, where it is a standing issue. All issues discussed during these meetings that require escalation are reported upwards to the Executive Team for it to be discussed, where appropriate.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have change management processes in place for both system and software changes. These processes are part of the lifecycle of each system or service. They involve the use of tools and technical controls, as well as policies and procedures for our engineers to follow.; ; All changes are documented and tracked. This includes peer review and approvals before any changes are implemented in our environments.; ; We control changes and releases through automated pipelines. This provides repeatable, audited, and secure methods for introduction of environment changes.; ; Notifications from the change management process ensures that relevant stakeholders are aware of the changes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Firstly, we promptly apply updates from the providers/manufacturers of devices and operating software that constitute our hosting platform. Updates are typically applied within a 14-days of release, barring any exceptional circumstances hindering successful deployment.; ; Secondly, we employ vulnerability management tools to scrutinise the installed software/configuration within our environments. The data generated is aggregated and examined by our engineers. If modifications are deemed necessary, they are managed through change management processes.; ; Lastly, through our software development lifecycle, we use code analysis and vulnerability scanners to detect known vulnerabilities within our developed software. This proactive approach addresses potential issues before impacting systems/services.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We operate systems that gather/process telemetry from a range of aspects related to our hosting/service offerings, extending the scope of vulnerability management system monitoring.; ; Telemetry provides valuable insight to our operations teams, who maintain security/stability of hosted systems. Identified issues/operational enhancements are prioritised/delegated/resolved appropriately.; ; Security findings are overseen by qualified engineers, allowing for a customised response/remediation process.; ; Where telemetry indicates potential compromise, it’s escalated through incident management procedures.; ; The tools/methods we use continually evolves. As new insights/remediations are discovered, they contribute to ongoing improvement of operational procedures and overall environment. This iterative process ensures systems remain secure, efficient and up-to-date.
• Incident management type: Supplier-defined controls
• Incident management approach: PDMS allow all staff the ability to report security incidents through a number of methods, including email, telephone, and system based forms. Ultimately all reported incidents are managed by the Chief Operating Officer, who follows the Incident Management Process, which identifies how the incident should be managed, including when to provide updates to any customers that may be affected. Customer Incident Reports are normally provided in a written document. ; All incidents are reviewed following their satisfactory conclusion, to determine what lessons can be learned, and to improve the process or prevent future occurrences.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Different virtual machines and virtual networks per client.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  PDMS is committed to reducing our impact on the environment and has held the ISO I4001 environmental certification for over 10 years. PDMS holds the Bronze Level Social Value Quality Mark accreditation which recognises distinction in values-led business that benefits customers, communities, and the planet. It is one of the most rigorously tested standards of its kind in the UK. As part of our certification, we have pledged to develop a comprehensive roadmap to achieve Net Zero by 2023 and offset our carbon emissions. We have a fully documented Carbon Reduction Plan which is published on our website. ; ; PDMS uses an online portal to report and calculate our carbon footprint, which is then forwarded to an external provider for offsetting through carbon credits. In addition, we have recently helped to fund a local carbon credit project by purchasing land that will support a tree-planting initiative with the dual purpose of carbon sequestration and biodiversity enhancement. ; ; We installed solar panels at our Global House head office which now produce 50-60% of our annual energy consumption based on a daytime energy consumption. ; ; Our employees have embraced Treekly, a platform that plants trees for every day they achieve over 5,000 steps, effectively "turning footsteps into forests." This initiative not only promotes reforestation but also enhances both mental and physical wellbeing among our staff.; ; Chris Gledhill, our founder, is the sector lead for the local Chamber of Commerce Climate Change Programme which enables us to share best practice across the business community. We cover environmental issues as part of our Lunch Time Learning sessions empowering our team to make environmentally conscious decisions both at work and at home. ; ; We also ensure that environmental protection and improvement is a key consideration of any partners or suppliers we work with.

  Covid-19 recovery

  COVID-19 took a toll on the physical and mental health of many people and within our organisation, we have expanded our comprehensive support programme for our staff and their family wellbeing, helping to reduce the burden on local healthcare services. This includes providing paid time off to attend any health-related appointments, access to bereavement support and counselling, externally trained mental health first aiders and private health care. In addition, we have provided all our staff with access to the HeadSpace meditation app to help support mental health app. ; ; We have improved workplace conditions that support the COVID-19 recovery effort by introducing a flexible policy allowing employees to decide whether they want to work from home or in our offices. ; ; We work with our local authority clients who have our employment and skills portal, SignedUp Skills, supporting their work to create employment, re-training and other return to work opportunities for those left unemployed by COVID-19, and new opportunities in their chosen high growth sectors.; ; During Covid we supported recovery by supporting our clients with various initiatives including rapidly developing a Covid-19 website for the Isle of Man Government.

  Tackling economic inequality

  When working with our clients in central and local government we assess where we can add social and economic value to the local communities both in where our clients work and where we work. We will collaborate with you to ensure that our social value commitments agreed as part of a contract are well aligned with your organisation’s specific social value priorities. ; ; PDMS holds the Bronze Level Social Value Quality Mark accreditation. The Social Value Quality Mark recognises distinction in values-led business that benefits customers, communities and the planet. It is one of the most rigorously tested standards of its kind in the UK. We have pledged to:; ; Provide opportunities for young people to gain valuable work experience which supports their future employment and to create sustainable employment opportunities in PDMS.; ; Actively support skills development and knowledge sharing and to promote awareness and understanding of career opportunities in the technology sector to help address the digital skills gap.; ; Be a force for good in our local communities by investing our time, expertise and money to positively impact people and our environment. ; ; Some of the varied activities we undertake that contribute to our pledges above, in relation to economic inequality, include donating our time to digital sector career talks, career mentoring, mock interview sessions and work buddies. We regularly host work experience students in different parts of our business from development and UX through to infrastructure and marketing. We have a structured apprenticeship programme and one in six of our technical staff originally started with use as an apprenticeship. ; ; Our team are allocated time for mentoring young people schemes including MCR Pathways and the Digital Critical Friends Programme. PDMS is also a key supporter of Junior Achievement; a global organisation that helps provide financial literacy, employability and entrepreneurship education to students.

  Equal opportunity

  We passionately believe in fostering inclusive environments that champion equal opportunity for all, regardless of gender, ethnicity, or background. Our commitment extends across the company ensuring that we have robust hiring practices that emphasis fairness and impartiality. We ensure that all candidates are evaluated solely on their qualifications and also merit based. Our promotion policies are transparent and merit-based too. We actively support career progression for all employees, regardless of their background or working pattern.; ; Given the gender gap in the technology sector we are involved in initiatives to help address this. We are proud that 34% of our tech roles are performed by females which is above the national average of 26% and we strive for greater representation. Our generous Maternity Pay is 12 weeks full pay and 12 weeks half pay.; ; We operate a fully hybrid working model, where our staff chose whether to work from home or come into the office and flexible working patterns to suit individual needs. ; ; PDMS has supported the Empowering Women programme through sponsorship and participation. This is a cross-industry initiative, backed by industry and government partners. The programme is unique as it is directed at women who work in digital transformation roles with the aim of building a collaborative and powerful community of emerging women leaders in digital transformation across all industry sectors. ; ; We also support charities that help women and young girls to progress a career in technology such as LoveTech and have STEM ambassadors in our team and focus on promoting awareness of accessibility and diversity in digital design – speaking at third party events and hosting our own webinars to highlight the importance of ensuring that all digital services cater to diverse user needs. ; We celebrate diversity, empower women, and work tirelessly to create an environment where everyone thrives.

  Wellbeing

  At PDMS, we promote an open culture around wellbeing and mental health. We conduct regular anonymous staff surveys every six weeks to monitor how staff feel in relation to workload, stress, health and mental health issues. This regular feedback helps form the support we provide to our team. Our Health & Wellbeing score is 8.6 which puts us in the top 25% of technology companies.; We measure our performance, and our results are also benchmarked against other companies in our sector. ; ; We operate inclusive and accessible recruitment practices and have a flexible work policy where our employees decide whether they want to work from home or the office.; ; We have an internal Wellbeing Team and a dedicated Wellbeing Channel within our corporate intranet along with the following in support of the wellbeing of our staff:; ; • Externally trained mental health first aiders; • Access to bereavement support and counselling; • Access to private health care including online tools to help support mental health and access to specialist one-to-one counselling covering a range of issues from money worries to a relationship breakdown; • A regular series of talks from external experts on mental and physical health covering topics including nutrition, dealing with stress & anxiety, mindfulness, addiction and posture; • Time off to attend any medical, dentist, opticians, or health related appointments; • Subsidised gym membership to encourage physical activity; • Every member of staff has a minimum of 2 days allocated to undertaking work to support a local charity or not for profit ; • Free access for our staff and their family to the HeadSpace app; ; We also put emphasis on training and continuing professional development supporting paid support for professional qualifications and study leave. We also support a range of different charities that focus on mental health.

Pricing

• Price: £1,000 a unit a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at saasenquiries@pdms.com. Tell them what format you need. It will help if you say what assistive technology you use.