VRP CONSULTING LTD.

Salesforce.com managed services

As a Salesforce Consulting Partner, VRP provides a dedicated managed service to customers for support, administration and small enhancements of their platform with flexible packages of monthly hours.

Features

  • Multi-tenant platform-as-a-service cloud solution
  • API rich connectivity and integration services
  • High extensibility with native apps from the Salesforce AppExchange
  • Declarative workflow capability
  • Declarative configuration through Lightning Web Components and framework
  • Secure user, role and access management
  • Mobile-first interfaces
  • Sandbox and test environments with full devops capability
  • Fully customisable though code

Benefits

  • Sales automation with configure, price, quote
  • Customer services and case management automation
  • Customer engagement with personalised experience
  • Marketing automation for lead nurturing and personalised journeys
  • Customer 360 data for holistic view of customers
  • Reporting, intelligence, predictive analytics
  • Field service with offline capability

Pricing

£140.00 to £260.00 a user a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at will.lamb@vrpconsulting.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 5 3 3 1 7 9 6 6 4 8 1 2 8 5

Contact

VRP CONSULTING LTD. Will Lamb
Telephone: 07766735102
Email: will.lamb@vrpconsulting.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Salesforce has rich API connectivity and can be integrated to many other core systems, e.g. finance, ERP. Native Salesforce apps from the AppExchange can also be configured as part of the solution to extend functionality.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Salesforce.com is responsible for maintenance of its multi-tenant SAAS platform
System requirements
  • Licenses procured from Salesforce
  • Licenses procured from other other ISVs

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Within 3 to 6 hrs depending on the level of managed service procured
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
VRP Managed Services
Standard - triage response within 6 hrs = £70ph
Premium - triage response within 3 hrs = £80ph
24/7 - follow the sun model (3hrs response) = £90ph
All Managed Service accounts have a dedicated Delivery Manager and access to the dedicated resource pool of support analysts, consultants, architects, developers and QA engineers.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Implementations include training, usually as 'train-the-trainer' approach. This can be supported with quick start guides, videos and platform technical documentation.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Google Docs
  • MS Word
End-of-contract data extraction
Export of data and metadata can be run from Salesforce at any time, or scheduled to a backup system.
End-of-contract process
At the end of the services contract, a project completion document is created and signed, access to the systems for the project team are removed, and a full handover of documentation is performed.

Post-go-live support or ongoing managed services to support the platform can be contracted separately.

A 90 day warranty is included as standard for all implementation work at no additional cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile user experience via Salesforce standard mobile with limited differences to desktop
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
Either an app installed into the customer Salesforce org, or a self--service portal with secure access.
Accessibility standards
None or don’t know
Description of accessibility
Create, edit, manage tickets.
View capacity and prioritise tickets.
Reporting
Accessibility testing
As per Salesforce standards
API
Yes
What users can and can't do using the API
Salesforce offers a range of platform and data API’s enabling external systems to interact with the Salesforce platform. The API’s cover data, process and metadata capabilities. The REST and SOAP APIs allow you to create, read, update, and delete records, search or query data, retrieve object metadata, and access information about org limits. The Bulk API is designed for asynchronous processing of volume-based operations on Salesforce. The Streaming API encapsulates newer, event-based integration patterns such as CDC (Change Data Capture) and Platform Events. For more complex use cases, Salesforce enables developers to create and host custom web services using APEX SOAP and REST services.

Application developers define the client side logic in their tool or language of choice, and engage with Salesforce using one of the APIs. API authentication is supported using Username/Password, oAuth 2.0, oAuth JWT flows.

Salesforce applies limits to the number of inbound API requests that can be made in a 24 hour window to your Salesforce instance based on the number of licenses purchased for your environment. A typical Salesforce instance has a baseline allowance of 100,000 inbound API calls, plus 5000 calls multiplied by the number of licenses purchased.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
All areas of the platform can be customised using declarative settings, Lightning Web Components, Apex code and CSS to provide tailored functionality, processes, data, automation, integration and user experience. Salesforce architects, developers and configurators make changes in sandbox environments that are tested and promoted via best practice dev ops to production.

Scaling

Independence of resources
For professional services implementation contracts, resources are dedicated to projects according to the roles, effort, timeline and utilisation that is agreed.

For managed services contracts, monthly hours are agreed and reviewed quarterly. Additional hours can be consumed up to set limits with no notice period, or extended limits with two weeks notice so the resource pool can be managed effectively.

Analytics

Service usage metrics
Yes
Metrics types
Our managed service reporting includes ticket volume, throughput and SLA metrics. Platform usage metrics are available as standard via Salesforce reports or to a deeper level of logging and security through the Salesforce Shield add-on.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be exported by running reports, or programmatically using a data loader tool, or on a schedule to a backup system.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • JSON
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • JSON

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Customers agree an SLA directly with Salesforce as part of their MSA when procuring licenses. Typically this will be >99.5% availability guaranteed and service credits may apply.
Approach to resilience
Salesforce publishes it security standards here - https://compliance.salesforce.com/en/documents/a005A00000k4aypQAA
Outage reporting
Salesforce has live updates at https://trust.salesforce.com/en/
Users are notified in advance when they login of upcoming planned outages.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Authentication controls supported: Multifactor authentication, single sign-on (both as IDP and SP), custom login flows, connected apps (open ID connect), user password management, device controls, session security controls
Data access controls supported: The Salesforce sharing model provides Row Level Security per data entity. A baseline sharing default is setup per object defining what access all users have to records in that object. To open up access, Sharing Rules, Role Hierarchies, other declarative and programmatic Sharing mechanisms are leveraged to provide access to individuals or groups of users. This ensures record level security is correctly administered and maintained in the platform.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
TNV System Certification P Ltd
ISO/IEC 27001 accreditation date
10/04/2021
What the ISO/IEC 27001 doesn’t cover
N/A - Following Shared Responsibility model, VRP and Salesforce's SoAs cover all controls.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISB is chaired by CEO, including all relevant Regional Management Stakeholders from different support functions which are in charge of:
- Reviewing and approving control design, implementation and effectiveness
- Allocate the needed resources to implement and maintain the ISMS system at an operational level.
- Approval of Regional/Local exemptions to the compliance of the ISMS
- Gather insights on changes that might impact the ISMS
- Review ISMS performance in order to inspect and adjust the suitability, adequacy and effectiveness of it
This happens no less than every quarter.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Templated workspaces and process in tools such as Confluence, Jira, Slack, Salesforce and Google with rights management access and protection on information accessibility based on role profiles. Access is permission based and governed by senior personnel. Where change is process based, change control are either policy, system or personnel controlled. Depending on the nature of data retention needs and the lifecycle of customer engagements, spaces and data is either retained, archived or destroyed.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Please refer to https://compliance.salesforce.com/en/documents/a005A00000vMpyYQAS
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Salesforce Shield supports Monitoring, preventing, and mitigating threats to sensitive data.
With Event Monitoring, you can see who is accessing critical business data, when, and from where.
Failed or suspicious login attempts are flagged and reported in real time. Data downloads are tracked with IP addresses logged. Other critical events can be monitored in real time or using log files
Prevent data loss with Transaction Security Policies
Detect insider threats and report anomalies
Audit user behaviour and measure custom application performance
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
VRP Consulting has its own Incident Management process with playbooks per each scenario, including notification to third parties. Incidents can be reported through our internal portal or via email. Reports are provided using a predefined template containing further details, impact assessment, action log, decisions and lessons learnt, among others.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

Fighting climate change

Fighting climate change

We partner with Plant for the Planet and for every 40 hours of services we sell to clients we plant 1 tree on behalf of our clients. This is part of our 1% pledge, aligned with Salesforce's 100 million trees campaign.
https://forest.plant-for-the-planet.org/vrp-consulting/
Covid-19 recovery

Covid-19 recovery

We developed a free telehealth app PatientX, available on the Salesforce AppExchange
https://appexchange.salesforce.com/appxListingDetail?listingId=a0N3A00000G0y0sUAB

Pricing

Price
£140.00 to £260.00 a user a month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at will.lamb@vrpconsulting.com. Tell them what format you need. It will help if you say what assistive technology you use.