ZALTEK LIMITED

Software and Website Development

Our service specializes in crafting tailored software solutions and dynamic websites, catering to diverse needs. We blend creativity with functionality, ensuring user-friendly experiences and efficient performance. From sleek interfaces to robust backend systems, we empower businesses to thrive in the digital realm.

Features

• Digital Design
• User Research
• Website Development
• Software Development
• App Development
• SaaS Platform Development
• Digital Transformation
• CMS Development
• CRM Development
• Low/No code solutions

Benefits

• Attract customers with bold designs
• Publish content from multiple devices
• Lower carbon footprint with environmentally friendly hosting providers
• Easily implement new features with scalability built in

£1,000 to £50,000 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at annmarie@zaltek.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

221733833818642

Contact

Ann-marie Middleton
07917152994
annmarie@zaltek.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: N/a
• System requirements: Best-practice security measures should be in place

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to respond to qestions within 1 hour.; During weekends, non-urgent queries will be responded to the next working day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our development service operates a single high priority support framework at no extra cost during the design/development stages and into the maintenance stage. Multiple channels and an account manager can expertly handle all requests.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Discovery Phase: We initiate with a comprehensive discussion to understand your vision, goals, and requirements. Through detailed consultations, we gather insights to tailor solutions precisely to your needs.; Proposal Presentation: Following the discovery phase, we present a detailed proposal outlining project scope, timeline, deliverables, and cost estimates. This transparent approach ensures alignment and fosters trust.; Contract Agreement: Upon acceptance of the proposal, we formalize our partnership through a clear and concise contract. This document outlines terms, conditions, and responsibilities, protecting both parties' interests.; Kickoff Meeting: With the contract finalized, we schedule a kickoff meeting to introduce key team members, establish communication channels, and outline project milestones. This collaborative session sets the tone for effective teamwork and communication throughout the project lifecycle.; Development Phase: Our experienced team diligently works on transforming your vision into reality, providing regular updates, and seeking feedback to ensure alignment with your expectations.; Testing and Deployment: Rigorous testing procedures are conducted to ensure the reliability, security, and performance of the developed solutions. Upon your approval, we deploy the finalized products to the live environment.; Post-launch Support: Our commitment extends beyond deployment, providing comprehensive support, maintenance, and training to ensure optimal performance and user satisfaction.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: Short-form video
• End-of-contract data extraction: 1. Data Export Request: Users submit a formal request for data extraction, specifying the scope and format required.; 2. Verification and Authorization: To ensure data security, we verify the user's identity and authorization to access the requested data.; 3. Data Extraction Process: Our team initiates the extraction process, retrieving the user's data from our systems in a secure and compliant manner.; 4. Data Delivery: Once extracted, the data is packaged and delivered to the user through a secure channel, such as encrypted files or secure cloud storage.; 5. Confirmation and Closure: Upon receiving the data, the user confirms its completeness and accuracy. Any remaining concerns or queries are addressed promptly to ensure a smooth closure of the agreement.; 6. Data Deletion: Following data extraction, any residual data related to the user is securely deleted from our systems, adhering to data protection regulations and privacy standards.
• End-of-contract process: At no additional cost:; ; Documentation Transfer: All project documentation, including technical specifications, user manuals, and relevant guides, are transferred to the client. This ensures they have access to essential resources for future reference and maintenance.; ; Source Code Access: Clients receive complete access to the source code repository, enabling them to modify, enhance, or maintain the software independently or with another service provider if desired.; ; Data Export: Users can request data extraction as per their needs, ensuring they retain ownership and control over their data assets post-contract. This includes any user-generated content, user profiles, or other pertinent data stored within the system.; ; Training and Knowledge Transfer: If requested, we provide training sessions to client teams on using and maintaining the software effectively. This ensures clients are equipped with the necessary skills and knowledge to manage the solution autonomously.; ; Closure Meeting: A final meeting is conducted to review the handover process, address any outstanding concerns, and ensure both parties are satisfied with the transition. Any remaining administrative tasks, such as contract closure or billing adjustments, are also addressed.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our products are designed to offer the same function regardless of device.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: No

Scaling

• Independence of resources: Scalable Infrastructure: We utilize cloud-based services and scalable infrastructure to dynamically allocate resources based on demand.; Load Balancing: We employ load balancing techniques to distribute incoming requests evenly across multiple servers, preventing any single user or group of users from monopolizing resources.; Resource Monitoring and Optimization: Continuous monitoring of system resources allows us to identify potential bottlenecks and optimize resource allocation in real-time.; User Quotas and Limits: Implementing user quotas and rate limiting mechanisms helps prevent individual users from overwhelming the system with excessive requests.; Capacity Planning: Regular capacity planning exercises help anticipate future demand trends and scale infrastructure accordingly.

Analytics

• Service usage metrics: Yes
• Metrics types: User traffic and related data.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User data is exportable upon request.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Network monitoring services.

Availability and resilience

• Guaranteed availability: Our SLAs outline the following:; ; Availability Guarantee: We commit to maintaining a minimum level of service availability, typically 99.9% uptime over a specified time period, such as a month or a year.; Monitoring and Reporting: We continuously monitor our systems for uptime and performance metrics. If service availability falls below the agreed threshold, we promptly identify and address the issue.; Remedy and Compensation: In the event of service disruptions exceeding predefined thresholds, users may be entitled to refunds or service credits as compensation. The specific terms and conditions for refunds or credits are outlined in our SLAs.; Communication Protocol: We maintain transparent communication with users regarding planned maintenance activities and unexpected downtime. Timely updates and notifications are provided to minimize inconvenience.
• Approach to resilience: Redundant Infrastructure: We employ redundant components at every level of our infrastructure, including servers, networking equipment, and storage systems.; Geographically Distributed Datacenters: Our datacenters are strategically located in geographically diverse regions, reducing the risk of service interruptions due to localized events.; High Availability Clustering: Critical services are deployed in high availability clusters, where multiple instances of the service are distributed across different servers or datacenters.; Load Balancing and Failover: We utilize load balancing techniques to distribute incoming traffic across multiple servers, optimizing performance and preventing any single server from becoming a bottleneck.; Real-time Monitoring and Alerting: Our systems are continuously monitored for performance metrics and potential issues. Automated alerts notify our operations team of any anomalies or impending failures.; Data Replication and Backup: Critical data is replicated across multiple datacenters in real-time, ensuring data durability and availability.; Disaster Recovery Planning: Comprehensive disaster recovery plans are in place to guide our response to catastrophic events. These plans include procedures for data restoration, failover to secondary datacenters, and communication protocols.
• Outage reporting: Direct Communication: Upon detecting an outage, our monitoring services trigger immediate alerts to our dedicated operations team. They assess the situation and initiate resolution procedures promptly. If necessary, direct communication channels such as internal messaging systems ensure rapid coordination and updates.; API Integration: If included in project scope, users can leverage APIs to access real-time status updates and monitor service health programmatically. This integration enables seamless integration with users' existing monitoring tools, facilitating proactive outage detection and response.; Email Alerts: We offer email alerts to notify users of any service disruptions. These alerts provide comprehensive information about the outage, including its nature, severity, and estimated resolution time.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
  • Other
• Other user authentication: Allowed IP address list.
• Access restrictions in management interfaces and support channels: Role-based Access: Access privileges are assigned based on user roles, granting only necessary permissions for specific tasks.; Multi-factor Authentication: Users are required to authenticate using multiple factors, such as passwords and one-time codes, to access sensitive interfaces.; Audit Trails: All access activities are logged and monitored, enabling traceability and accountability.; Encryption: Data transmission and storage within management interfaces are encrypted to safeguard against unauthorized access.; Regular Review: Access permissions are regularly reviewed and updated to align with evolving security requirements and user roles.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Allowed IP list.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 05/04/2023
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our information security framework aligns with ISO 27001 and Cyber Essentials certifications, ensuring stringent data protection measures. Policies encompass access control, data encryption, and incident response protocols. Regular audits and compliance monitoring validate adherence, with findings reported to senior management for action.; ; Access control measures enforce the principle of least privilege, utilizing multi-factor authentication and role-based access controls. Encryption protocols safeguard data in transit and at rest, mitigating unauthorized access risks. An incident response framework guides prompt detection, reporting, and resolution of security incidents, minimizing their impact.; ; Employee training fosters awareness of security best practices, encouraging proactive reporting of security incidents. Our reporting structure includes designated security officers overseeing operations and compliance. External certifications validate our commitment to international standards and best practices. Continuous monitoring and automated alerts facilitate real-time detection of policy violations, enabling immediate remediation. Through these measures, we uphold the highest standards of information security, safeguarding our systems and data against emerging threats.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management ensure service stability and security. We track components in a centralized database, evaluate changes via a structured workflow and risk assessments, and conduct thorough testing. Documentation and communication keep stakeholders informed, and post-implementation reviews address any issues. These processes minimize disruption and risk while maintaining service integrity.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process proactively safeguards our services:; Threat Assessment: We assess potential threats using threat intelligence feeds, security advisories, and ongoing monitoring.; Patch Deployment: Patches are deployed swiftly based on criticality, with automated tools expediting the process to mitigate vulnerabilities promptly.; Information Sources: We source threat information from trusted sources, including security researchers, vendors, industry reports, and threat intelligence platforms.; This approach ensures rapid response to emerging threats, minimizing exposure and enhancing the resilience of our services.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Identification: We use advanced monitoring tools and anomaly detection techniques to identify potential compromises, including unusual activities or suspicious behavior.; Response: Upon detection, our dedicated incident response team initiates immediate investigation and containment procedures to mitigate the impact and prevent further damage.; Response Time: Incidents are addressed swiftly, with response times tailored to the severity and criticality of the threat, ensuring prompt resolution and minimizing disruption to our services and users.
• Incident management type: Supplier-defined controls
• Incident management approach: Pre-defined Processes: We have pre-defined processes for common events, detailing steps for identification, escalation, and resolution.; User Reporting: Users report incidents through dedicated channels, including a helpdesk portal, email, or phone support, enabling prompt response and resolution.; Incident Reports: Upon resolution, incident reports are generated and shared with stakeholders, providing transparency on the incident's impact, root cause analysis, and preventive measures for future mitigation.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are actively combating climate change through various initiatives and practices:; ; Carbon Reduction Strategies: Implementing carbon reduction strategies across operations, such as energy-efficient technologies, renewable energy sources, and sustainable practices like recycling and waste reduction, significantly reduces carbon emissions.; Green Supply Chain Management: Partnering with suppliers who adhere to environmentally responsible practices and sourcing materials locally or from sustainable sources minimizes carbon footprint throughout the supply chain.; Innovation and Research: Investing in research and development of innovative technologies and solutions for clean energy, sustainable agriculture, and carbon capture advancements contributes to the broader fight against climate change.; Collaborative Partnerships: Collaborating with other organizations, research institutions, and governments to share knowledge, resources, and best practices amplifies impact and accelerates progress towards common climate goals.

  Covid-19 recovery

  Employee Well-being: Prioritizing employee well-being through flexible work arrangements, mental health support services, and vaccination incentives ensures a healthy and resilient workforce, contributing to overall societal resilience.; Economic Recovery: Supporting small businesses, entrepreneurs, and job creation initiatives through financial assistance, mentorship programs, and capacity-building efforts stimulates economic recovery, mitigating the socio-economic impacts of the pandemic.

  Tackling economic inequality

  We tackle economic inequality through a multifaceted approach that addresses systemic barriers and empowers marginalized communities:; Diversity and Inclusion: Implementing robust diversity and inclusion policies ensures equitable representation and opportunities for individuals from diverse backgrounds within your organization. This fosters a more inclusive workplace culture and promotes economic empowerment at all levels.; Fair Wages and Benefits: Paying fair wages and offering competitive benefits, including healthcare, parental leave, and retirement plans, ensures employees can meet their basic needs and achieve financial stability, narrowing income disparities within the workforce.; Supplier Diversity: Partnering with diverse suppliers, including minority-owned, women-owned, and small businesses, strengthens local economies and promotes economic opportunities for underrepresented groups, fostering inclusive economic growth.; Transparency and Accountability: Maintaining transparency in pay practices, promotion decisions, and corporate governance ensures accountability and helps identify and address disparities in opportunity and compensation.; Collaborative Partnerships: Collaborating with government agencies, non-profit organizations, and other stakeholders amplifies impact and facilitates a coordinated approach to tackling economic inequality, leveraging resources, expertise, and networks to create lasting change.

  Equal opportunity

  We are committed to fostering equal opportunity through a comprehensive approach that promotes diversity, equity, and inclusion:; Diverse Recruitment: Implementing inclusive recruitment practices ensures diverse candidate pools and equitable hiring processes. This includes outreach to underrepresented groups, unconscious bias training for hiring managers, and standardized interview protocols to mitigate bias.; Equitable Policies: Developing and enforcing policies that promote fairness and equity in all aspects of employment, including recruitment, compensation, benefits, and career advancement opportunities, ensures equal treatment for all employees regardless of background.; Training and Education: Providing ongoing diversity, equity, and inclusion training for employees at all levels cultivates awareness, empathy, and understanding of diverse perspectives, fostering a culture of respect and inclusivity.; Workplace Accommodations: Offering reasonable workplace accommodations for employees with disabilities or unique needs ensures equal access to opportunities and promotes a supportive and inclusive work environment.; Leadership Commitment: Demonstrating visible leadership commitment to diversity, equity, and inclusion initiatives through top-down support, accountability, and allocation of resources fosters a culture where equal opportunity is a core organizational value.

  Wellbeing

  Work-Life Balance: Promoting work-life balance through flexible work arrangements, remote work options, and clear boundaries between work and personal time allows employees to manage their responsibilities effectively while prioritizing self-care and personal interests.; Social Connection: Fostering social connection and camaraderie through team-building activities, virtual social events, and employee recognition programs strengthens relationships among colleagues, enhances morale, and combats feelings of isolation or loneliness, especially in remote work environments.; Professional Development: Investing in professional development opportunities, such as training programs, skill-building workshops, and mentorship initiatives, empowers employees to grow and advance in their careers, enhancing job satisfaction and overall well-being.; Leadership Support: Modeling and promoting a culture of well-being from the top down, with visible leadership support and participation in wellness initiatives, demonstrates organizational commitment and encourages employees to prioritize their own well-being.; Feedback Mechanisms: Establishing open channels for feedback and communication, such as anonymous surveys, focus groups, and regular check-ins with managers, allows employees to voice their concerns, provide input on wellness initiatives, and feel heard and valued by the organization.

Pricing

• Price: £1,000 to £50,000 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at annmarie@zaltek.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.