Thoughtworks Limited

Cloud Software Supply Chain

Software supply chain governance is a key challenge for many organisations.
The complexity of modern applications constructed from many components brings with it the need to manage dependencies, vulnerabilities and license types.

Working with you to educate teams, automate, analyse licences, reduce malicious attack risks and unplanned/accidental outages.

Features

• Visibility of policy and process compliance replacing trust based approval
• Private repository of dependencies with Scanning, heritage, provenance and auditability
• Centralised access point for all software dependencies entering production environments
• Understand current exposure and provide dependency visibility
• Controlled deployment to production support with segmentation of responsibilities
• Dependency drift fitness function to track these dependencies over time
• Security policies as code automating protection from threats and disruption
• Lets you compare current state with strategic architecture
• Automated reporting of dependencies

Benefits

• Resilience to availability of software dependency changes in public repositories
• Reliable and repeatable software builds when external dependencies are unavailable
• Centralised knowledge of software build dependencies for security and licencing
• Reduced vulnerability windows of unpatched services
• Understand current dependencies and risk
• Understand alignment to strategic software fit
• Reduce risk of copy-left licensing
• Provide automated scanning, heritage, provenance and auditability of key dependencies
• Understand usage across the organisation
• Reduce the risk of ageing dependencies introducing vulnerabilities and risk

£475 to £1,670 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@thoughtworks.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

261410406880317

Contact

Matt Simons
020 3437 0990
bidteam@thoughtworks.com

Planning

• Planning service: Yes
• How the planning service works: At Thoughtworks, we begin with an inception where all the stakeholders define a shared understanding of the project scope, constraints, measures of success and communications strategies.; ; The outcomes of each session are documented and then played back at a showcase to validate the decisions.; ; The knowledge from the sessions will then be used to create a prioritised plan ensuring the areas of greatest value and/or risk are resolved early.; ; The planning phase will confirm all the required access to systems and people to ensure work can proceed productively.; ; Thoughtworks likes to work collaboratively with our clients and so where possible we will pair with client teams so that we can share knowledge and experience. This delivers rapid realisation of benefits and sets up the capability to sustain the outcomes for the long term.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Collaboration is key to the way we work and through partnering with you and ensuring knowledge transfer is part of daily delivery activity we enable our client’s teams to build their own capability and skills.; Your team members will be paired up with Thoughtworks team members in similar roles. This allows them to benefit from shared experience and domain knowledge in a positive environment where they can ask questions and learn on the job.; This collaborative learning can be supported and supplemented through formal and informal methods where applicable. These can include workshops, literature and “bite size” Zoom sessions.; Part of our way of working is ensuring the client teams we work with are left with the knowledge, experience and confidence to continue evolving the system at when our engagement ends.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Sustainable outcomes including a smooth setup and eventual migration are part of working with Thoughtworks. Our tested, repeatable process is the foundation of our engagement and exit on all projects.; Detailed On- and Off-boarding checklists allow people to transition smoothly onto the project ensuring you have a hassle-free start, as each of our staff have a clear understanding of their roles and responsibilities. This means they are able to engage with your teams and stakeholders from the start with a clear view of team structure, responsibilities and communication processes.; Knowledge transfer is a cornerstone process of our engagements and we create a knowledge repository, ensuring learnings are preserved and the decision-making process is clearly documented. With the rapid evolution of cloud services this is key to a successful project as well as handover and migration once we have completed the work.; Your overall project risk is minimised by our incremental approach to delivery, we take smaller steps, bringing ongoing benefits and validating strategy early on avoiding the risks “big bang” releases bring.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Your solution will have our quality approach embedded into its delivery. Quality is incorporated across the agile software development lifecycle and is the whole delivery team’s responsibility. Minimising error and maximising quality, we use automation extensively for technical cloud migration and testing, ensuring repeatability and removing bias.; Our quality analysts are part of the development process from early on, analysing requirements and encouraging a testing mindset during development. This ensures teams understand how best to test their work, highlighting risks early, assuring quality by continual testing throughout development and monitoring in production. Frequent touch points between quality analysts and developers allows for quick reactions when defects occur, saving time and money by effecting fixes early on.; We bring extensive experience in performance (often coupled with zero-downtime tests), security, data migration and operational testing to add to standard functional quality assurance processes. Enabling time and money savings, we can help build appropriate tests ensuring your service is behaving as it should, taking into account any non-functional requirements.; We ensure services and systems are highly observable and well monitored so any uncaught or operational issues are detected in the live service, minimising disruption and downtime.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Security testing
• Certified security testers: No

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: Our DAMO managed service capability delivers continuous service evolution, enhancement and improvement alongside traditional support services. Using cutting edge tooling and approaches, our engineering teams aim to make all your services “zero maintenance” over time, improving user experiences and significantly reducing support costs.; ; We are happy to support services that we have helped deliver on the cloud, via this service or via our Managed Cloud Services offering, also available in GCloud14.

Service scope

• Service constraints: This is a consultancy service intended to help buyers optimise their experience with cloud based project delivery. ; ; Therefore our service is relatively free of constraints and is guided almost entirely by your needs.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We will work with you as part of the service to understand and agree SLAs.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We will leverage your existing departmental web chat
• Web chat accessibility testing: We will leverage your existing departmental web chat and testing
• Support levels: Support is provided during service development during working hours by the delivery team as part of the overall DevOps approach to the engagement, with response times to be agreed during initial engagement. We are happy to explore any additional needs at the outset of the service.; ; Our DAMO managed service capability delivers continuous service evolution, enhancement and improvement alongside traditional support levels 1-3. Using cutting edge tooling and approaches, our engineering teams aim to make all your services “zero maintenance” over time, improving user experiences and significantly reducing support costs.; ; We will work with you as part of the service to understand your needs and plan and agree the scope of the support service you require, including costs. ; ; All accounts are supported by an account manager and are staffed with engineers with the appropriate skills and experience to suit your needs.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Thoughtworks is committed to helping address all aspects of social responsibility, including our industry’s carbon footprint and contribution to climate change. We have developed a responsible tech playbook which considers sustainability and environmental impact of tech solutions alongside other aspects of corporate responsibility (see https://www.thoughtworks.com/en-gb/about-us/social-change/responsible-tech-playbook; our Building Responsible Cloud Services GCloud offering). We are working in partnership with multiple clients on solutions in the greener and cleaner energy space, and of course we monitor and take steps to reduce our own carbon footprint in line with our carbon reduction plan. ; Our cloud services can help fight climate change by reducing the carbon impact of legacy (non-cloud) services, by optimising cloud services to reduce carbon impact, and by using the cloud to develop solutions whose purpose is to reduce carbon impact. Our Social Impact Leads will help us to shape a relevant and impactful social value offer for you, aligned to your requirements and scaled appropriately to fit with the scope and size of any engagement. We will provide a clear plan, agree success metrics, and report our activities and benefits against the relevant MAC sub-criteria.

  Covid-19 recovery

  The UK has faced a disruptive period as a result of the pandemic, and whilst we have adapted, there are ongoing health, economic and social impacts. Thoughtworks helped the NHS to stabilise the 111 service when it was under significant pressure in the early days of the pandemic, and we are committed to supporting our public services in targeted recovery plans in areas such as well-being, education and skills development, employment, economic inequality etc. Our Social Impact Leads will help us to shape a relevant and impactful social value offer for you, aligned to your requirements and scaled appropriately to fit with the scope and size of any engagement. We will provide a clear plan, agree success metrics, and report our activities and benefits against the relevant MAC sub-criteria.

  Tackling economic inequality

  Our past activities in this area have included; - Creating new jobs e.g. 20 jobs in the North East to support public sector clients; - Supporting training in disadvantaged areas e.g. sponsoring career changers on IT courses, mentoring, career talks, and interview training; - Providing work experience opportunities under contracts e.g. paid placements and internships; - Providing training to our supply chain to help them enter new markets and win business independent of Thoughtworks; ; Our Social Impact Leads will help us to shape a relevant and impactful social value offer for you, aligned to your requirements and scaled appropriately to fit with the scope and size of any engagement. We will provide a clear plan, agree success metrics, and report our activities and benefits against the relevant MAC sub-criteria.

  Equal opportunity

  Thoughtworks strongly believes in equal opportunities, inclusion, and the value of diversity. We have a large body of knowledge and training assets, as well as active communities and dedicated leaders in our business, who are in high demand to support clients in developing strategies to mirror Thoughtworks’ own success in building our diverse team. In past engagements we have offered social value programmes creating employment opportunities for those who face barriers to employment e.g. sponsoring 6 students from disadvantaged/minority backgrounds through university. Our Social Impact Leads will help us to shape a relevant and impactful social value offer for you, aligned to your requirements and scaled appropriately to fit with the scope and size of any engagement. We will provide a clear plan, agree success metrics, and report our activities and benefits against the relevant MAC sub-criteria.

  Wellbeing

  We recognise the huge range of factors that can impact physical and mental wellbeing and resilience, from diet, exercise and sleep quality to financial worries, psychological safety, work opportunities, and access to services – and often these intersect. Thoughtworks provides holistic support, wellbeing programmes, sign-posting and training to our own consultants in these and other areas, and can help you develop offerings either within your own organisation, or targeted towards specific communities. Our Social Impact Leads will help us to shape a relevant and impactful social value offer for you, aligned to your requirements and scaled appropriately to fit with the scope and size of any engagement. We will provide a clear plan, agree success metrics, and report our activities and benefits against the relevant MAC sub-criteria.

Pricing

• Price: £475 to £1,670 a unit
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@thoughtworks.com. Tell them what format you need. It will help if you say what assistive technology you use.