TECHNOLOGY TRANSFORMATION GROUP LTD

Application Development

Our application development services specialise in crafting tailored web, mobile, and integrated applications. We collaborate closely with you from concept to launch, prioritising user-friendliness and functionality to optimise your business operations.

Features

• Custom Web Apps - Web-based applications
• Custom Mobile Apps - Native apps for iOS & Android
• Cross-Platform Apps - Single codebase for both platforms
• API Integration - Connect to existing systems
• Database Integration - Secure data storage & management
• User Interface Design - Intuitive & user-friendly interfaces
• Workflow Automation - Streamline repetitive tasks
• Security Features - Data encryption & access control
• Project Management - Agile development methodology
• Testing & Deployment - Rigorous testing & seamless launch

Benefits

• Increased Efficiency - Improve workflows & productivity
• Enhanced Operations - Streamline business processes
• Mobile Accessibility - Access data & functionality on-the-go
• Improved User Experience - Create intuitive & user-friendly apps
• Data-Driven Insights - Gain valuable insights from data
• Cost Savings - Reduce development & maintenance costs
• Scalability - Adapt applications as your business grows
• Competitive Advantage - Stand out with custom solutions
• Reduced Errors - Automate tasks & minimise human error
• Project Success - Deliver high-quality applications on time

£850 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mehran.alborzpour@thettg.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

211661872434067

Contact

Mehran Alborzpour
07949775566
mehran.alborzpour@thettg.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: We have developed customised software that has integration capabilities with connecting the logistics platform with a customer management system, enabling sharing of data for seamless communication and efficient operations.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No.
• System requirements:
  • Azure tenancy - required to host the platform
  • Reliable internet connection
  • Adequate storage and computing resources
  • Compatible operating systems and software dependencies
  • Secure network infrastructure with appropriate permissions and access controls
  • Compliance with data protection regulations and industry standards
  • Regular backups and disaster recovery mechanisms for data protection
  • Continuous monitoring and performance optimisation for optimal functionality

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide support 365 days a year. Typical First Response: 0-2 hours Typical Resolution Time: 30 mins - 4 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: We've conducted web chat testing sessions with assistive technology users to ensure our platform is accessible to all.
• Onsite support: Yes, at extra cost
• Support levels: We have first, second and third line support plans. All support plans offer access to cloud support engineers who can assist with technical troubleshooting and problem resolution.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To assist users in seamlessly starting to use their apps, we offer a multifaceted approach tailored to their needs. Our services include comprehensive user documentation accessible online, providing clear instructions and troubleshooting tips. Additionally, we offer personalised onsite training sessions for users to gain hands-on experience and address any queries in real-time. For those preferring remote learning, we provide interactive online training sessions conducted by our experienced team. These sessions cover various aspects of the app's functionality, ensuring users are equipped with the knowledge and skills needed for efficient utilisation. Furthermore, our dedicated support team is readily available to assist users with any technical issues or inquiries, offering prompt assistance via email, phone, or live chat. With our holistic support comprising documentation, training, and responsive assistance, users can quickly and confidently use the app.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The client has full access to their data for extract, or they can ask us to extract the data for them.
• End-of-contract process: The contract will terminate at end-of-contract. There is no additional cost at contract termination.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile service is optimised for smaller touchscreens, offering a streamlined interface and simplified navigation. It has been prioritised for mobility, leveraging features like GPS and camera integration, whereas the desktop version has been prioritised for multitasking capabilities and advanced features that utilise the typically greater data processing capabilities of a desktop.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: The service interface offers a user-friendly and intuitive design, with seamless navigation and interaction. It features clear and concise menus, allowing users to access various functionalities effortlessly. The interface is visually appealing, with well-organised layouts and intuitive controls for an enhanced user experience. It includes interactive elements such as buttons and forms to maximise user utilisation efficiency. Overall, the service interface prioritises simplicity, efficiency, and accessibility to ensure a productive and practical user experience.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: We've conducted testing sessions with assistive technology users to ensure our platform is accessible to all.
• API: Yes
• What users can and can't do using the API: Users can utilise the API to set up the service by configuring certain settings, creating entities and defining workflows relevant to their work. Through API endpoints, users can initiate setup processes, specify parameters, and establish connections with external systems or data sources. They can also make changes to the service by sending requests to update existing data, modify configurations, or trigger specific actions. However, there are limitations imposed on certain setup or modification actions, such as administrative tasks requiring elevated permissions. Restrictions are also applied to safeguard critical functionalities, sensitive data, or prevent unauthorised modifications through the API. In general, anything that would have been required as part of the system developed.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We design the service such that it is fully customisable to the customer's requirements.

Scaling

• Independence of resources: Constant monitoring of our environment ensures our infrastructure scales to accommodate demand variations, ensuring seamless access to the app for users. With robust infrastructure management and proactive measures, we guarantee uninterrupted service even during the highest peak usage. Our utilisation of load balancing and redundancy further ensures continuous service availability for users at all times.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide service metrics to give users information into the performance and usage of the app. There are many metrics, however, the key metrics are user engagement, such as active users and session durations, as well as data on system availability and response times, including error rates and uptime. Users can also track feature adoption and provide their feedback in order to continually improve the app's functionality and user experience.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data through a simple process within the app interface. By navigating to the export feature, users select the desired data sets and format preferences. With just a few clicks, the app generates downloadable files containing the requested data.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We guarantee a high level of availability for our service, as outlined in our Service Level Agreements (SLAs). Our SLAs specify a minimum uptime percentage, exceeding 99.9%, ensuring users can access the app with minimal disruption. In the event that we did not meet the guaranteed availability levels, users are eligible for refunds or service credits. These refunds are provided based on the extent of the downtime and the impact on users' operations. Our commitment to reliability and accountability ensures users can trust in the consistent performance and availability of our service.
• Approach to resilience: The service is designed to be resilient from any service disruptions. Our infrastructure is built with redundancy at its core, featuring multiple layers of failover mechanisms and backup systems. We employ distributed architecture and data replication to ensure continuous operation even in the event of hardware failures or network outages. Our system is equipped with automated monitoring and recovery processes, promptly detecting and mitigating issues to minimise downtime. ; We conduct disaster recovery and performance tests to validate the effectiveness of our resilience and refine it as required.
• Outage reporting: In the event of any outage, automatic email alerts are sent to users and stakeholders immediately upon detection of an outage. The system is designed to report outages through the public dashboard and APIs. The public dashboard provides real-time visibility into the service status, allowing users to monitor for any disruptions. Our API enables automated monitoring and integration, facilitating proactive outage detection.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We restrict access by the following means: Role-Based Access Control (RBAC); Least Privilege Principle; Multi-Factor Authentication (MFA) and Access Controls and Permissions.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 11/03/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO 9001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Risk Assessment and Management: We regularly perform risk assessments to identify potential threats, vulnerabilities, and risks. Access Control and User Management: We implement access control policies and processes to regulate access to systems, applications, and data based on the principle of least privilege. We utilise multi-factor authentication (MFA), and regularly review user access rights to ensure they align with business needs and security requirements. Encryption and Data Protection: We protect data both at rest and in transit by encrypting sensitive data using strong encryption algorithms. Supplier Risk Management: We regularly assess the security of third-party suppliers and service providers, conducting due diligence assessments. Security Awareness Training: We conduct security awareness training and education programs to all employees, contractors, and third-party partners Security Monitoring and Logging: We employ security monitoring tools and solutions to continuously monitor network traffic, system activities, and user behaviour for signs of suspicious or malicious activity. Continuous Improvement and Review: We regularly review and update information security policies and processes to address emerging threats, technology advancements, and organisational changes. Compliance to Regulatory Requirements: We have developed policies and processes to ensure compliance with regulations such as GDPR.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We adhere to A.12.1.1 in ISO/IEC 27001. We do this by: Policy and Procedures: We document policies, procedures, and guidelines for managing changes to information systems, including hardware, software, networks, processes, and procedures. Change Management Process: We have implemented a change management process that includes steps for requesting, assessing, authorising, implementing, and reviewing changes. Change Authorisation: We have implemented mechanisms for authorising changes based on predefined criteria, such as risk assessments, impact analysis, and approval by designated authorities. Change Review and Audits: We conduct reviews and audits of the change management process to assess its effectiveness and areas for improvement.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We adhere to A.12.1.1 in ISO/IEC 27001. We do this by: Risk Assessments: We conduct regular risk assessments to identify potential vulnerabilities in information systems, networks, and applications. Vulnerability Identification: We implement processes for identifying and cataloguing vulnerabilities within our IT infrastructure, including hardware, software, and configurations. Patch Management: We implement patch management processes to ensure that security patches and updates are promptly applied to vulnerable systems and software. Security Configuration Management: We implement security configuration management practices to reduce the attack surface and minimise the likelihood of exploitation of vulnerabilities.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We adhere to ISO/IEC 27001. We do this by: Monitoring Controls: We implement monitoring controls to detect security incidents, unauthorised activities, and anomalies in real-time or near real-time. Event Logging and Collection: We have configured systems, applications, and network devices to generate detailed logs and audit trails of security-relevant events and activities. Incident Detection and Response: We have developed procedures for detecting, analysing, and responding to security incidents identified through monitoring activities. Periodic Review and Analysis: We conduct reviews and analysis of monitoring data to identify trends, patterns, and recurring security issues.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We adhere to ISO/IEC 27001. We do this by: Incident Logging, Recording, Classification and Prioritisation: We maintain detailed records of security incidents, including incident descriptions, timestamps, affected systems or assets, and initial assessment findings. We also classify and prioritise security incidents based on their severity, impact, and urgency. Response Planning and Coordination: We have developed incident response plans and procedures that outline roles, responsibilities, and actions to be taken in response to security incidents. Root Cause Analysis: We conduct thorough investigations and root cause analysis to determine the underlying causes and contributing factors of security incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We support environmental sustainability by promoting the use of digital solutions such as Microsoft's cloud Azure services, which help reduce the carbon footprint associated with traditional on-premises infrastructure. This leads us to enabling organisations to optimise their IT resources, reduce energy consumption, and minimise the environmental impact of their operations.

  Covid-19 recovery

  Our service plays a vital role in supporting COVID-19 recovery efforts by providing access to essential technology solutions for remote working, collaboration, and digital transformation. In addition, we encourage companies to leverage Microsoft's cloud-based Azure tools, communication platforms and collaboration software to enable flexible work arrangements, maintain continuity of operations and deliver essential services

  Tackling economic inequality

  Our service addresses economic inequality by democratising access to essential technology solutions, empowering individuals and organisations regardless of their socioeconomic status. By offering cost-effective and scalable solutions, we bridge the digital divide and provide opportunities for underserved communities to participate in the digital economy. Through affordable pricing models, training programs, and community initiatives, we strive to level the playing field and create pathways for economic empowerment. Additionally, our service emphasises inclusivity and diversity, ensuring that our products and services cater to the needs of diverse populations. We collaborate with non-profit organisations and educational institutions.

  Equal opportunity

  Our organisation fosters equal opportunity by providing accessible and affordable solutions. We offer flexible pricing structures and comprehensive training materials which empower individuals from all backgrounds. Moreover, we prioritise diversity and inclusivity in our development teams, ensuring that our apps cater to diverse user needs. By offering inclusive access to app development tools and resources, we create a level playing field where everyone, regardless of background, can participate and thrive in the digital economy.

  Wellbeing

  We prioritise wellbeing within our app development by focusing on user-centred design and accessibility, ensuring that our apps are inclusive and easy to use for individuals of all backgrounds and abilities. We also create a supportive and balanced work environment by offering flexible working arrangements and encourage healthy work-life integration for our team members. Our development process emphasises collaboration and communication, reducing stress and promoting a positive team atmosphere. By leveraging technology to enhance wellbeing, we contribute to a healthier and more resilient society.

Pricing

• Price: £850 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mehran.alborzpour@thettg.com. Tell them what format you need. It will help if you say what assistive technology you use.