DBaaS Ltd

Cloud Product and Web Or Mobile Application Service

Simplifying the Cloud (DevOps) Engineering, Web Application Services. On Engagement with B2B/B2C on Architecture Design, QATesting, Consulting, OnsiteSupport, Web Design and Mobile Application IT Services. We deliver supports on Database Management, Consulting, Onsite Support, and Delivery Fixed-Term IT consulting Data Migration, Upgrade Services for Microsoft, Oracle, AWS PaaS platforms.

Features

• Web Design Technologies and perfect ERP or CRM solutions.
• Mobile Application Design and CRM.
• CRM and eCommerce solutions as the best solution of USP.
• Secure and User Managements on Website Management systems.
• Build, Configure, Migrate Databases to AWS, Azure, Google Cloud Products.
• Innovative cloud solutionsand cloud adoption consultancy.
• Web Design Technologies and perfect ERP or CRM solutions.
• Analysis, design, and development of bespoke applications.
• Build Operate Transfer with Zero Tolerance & Full Satisfactory.
• Multilingual applications including bilingual Welsh / English interfaces.

Benefits

• 24×7×365 services for continuous support, maintenance.
• Support, managed or consulting services any platform.
• Essentials (BAU), LIVE Services and Migration Services.
• DBaaS, PaaS, IaaS as Outsourcing or On-Premises Support.
• Short Term, Long Term, Specific Statement of Work.
• More timely, accurate data from which valuable analysis and reporting.
• Technical Architecture & Design Enhancements to the WebSite.
• Archiving, Backup & Recovery, Disaster Planning & Assurance.
• Monitoring Process, Message Notification & Log queuing.
• Systems that reduce effort and increase the efficiency of processes.

£350 to £1,800 a user a day

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at admin@dbaasltd.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

281453864722757

Contact

DBaaS Ltd
+44 07480 080202
admin@dbaasltd.com

Service scope

• Service constraints: The service excludes any third-party software licensing&third-party support costs(unless these are included in the infrastructure provider pricing)•The service does not include support for database-specific content including data change or deletion or data integrity checks.•The service does not include support to major database RDBMS change&release activities,this is available as a service option•The service excludes the implementation of service requests. These are charged separately on a T&M basis•The service excludes support for security accreditation and testing •The service excludes visits to customer sites,including the attendance of service reviews; attendance will be subject to prior agreement with any expenses incurred charged additionally
• System requirements:
  • 8 GB RAM
  • Windows 10 or Windows 11
  • 256 GB SSD
  • AWS or Azure Cloud Partner
  • Office 365 License-Standard
  • Mac Pro or Mac Airbook

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We respond to all questions within 8 business hours. Normal business hours are 09:00-5:00 Mon-Fri excluding UK holidays. We regularly respond to questions within 4 business hours, and we immediately work on all inbound questions to establish urgency and set appropriate priorities. We provide an SLA based on the clients requirements. Weekends : 10am to 4pm on Saturday and 11am to 3pm on Sunday with extra costs.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Chatbot
• Onsite support: Onsite support
• Support levels: We provide a service desk for our managed services customers. Also, assigned consultants or architects will respond in 8 business hours of response time. Our Support offering is not driven by a standard service catalogue; and also provides the tailored support levels to meet your specific needs to provide the right level of support to meet your business requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We can provide online training, user documentation or Onsite training
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats:
  • PDF
  • Word Document
  • Visio
  • Powerpoint
• End-of-contract data extraction: We do extract all the data of users and prepare the contract handover to your during the contract period ends.
• End-of-contract process: We do full KT (knowledge transfer) and cross-training to the team members and permanent member of the staffs. Preparing the full confluence documents in the intranet or global usage in the organizations. Preparing the full online training or in-house training to the business to technical team and technical to business and non-technical to business teams.

Using the service

• Web browser interface: Yes
• Using the web interface: Using the ultra viewer with the vpn connected interface.
• Web interface accessibility standard: WCAG 2.1 AAA
• Web interface accessibility testing: Yes, all the web interface been tested with the cyber security specialists with Cyber Essentials team.
• API: Yes
• What users can and can't do using the API: User familiarize with the API activities and how to integrated to services to another application. setup via java thin client or nodejs or java or any relative coding's. No limitations to how users can setup
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
• Other API automation tools: Jenkins
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Using the bash scripts or python or shell scripts or windows command centre scripts using the services using the CI/CD or notepad++ or visual studio.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: We keep monitoring 24/7 with a proactive team independently and managing all aspects of business activities to be monitor without affected the BAU and live services.; All users will be under full SLA support as requested and ensure there is zero tolerance and zero downtimes.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Other
• Other metrics:
  • Storage Access
  • Portable wifi Data dongle devices
• Reporting types:
  • API access
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Database
• Backup controls: We do system folders backup and email backups into centralized mapped drives with the one drive or NFS system used in the mapping profiles.
• Datacentre setup: Multiple datacentres
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: A service level agreement (SLA) is a documented agreement between a service provider and a customer that identifies both the services required & expected level of service. The agreement varies between vendors, services, and industries. Handle all incoming Support Queries in accordance with SLA response times attached on DBaaS Ltd Onboarding process page, provided always attempted first (but been unable) to resolve the relevant issue through its own internal IS resources; Communicate via telephone and e-mail; Be available during standard service hours, and only provide telephone or email support through people who are fluent in the English language. Supplier is prevented or delayed in performing its obligations due to Force Majeure. In these circumstances, the Contract Price shall be adjusted and any necessary refund or credit effected in accordance with the Authority’s reasonable instructions.
• Approach to resilience: Provide a full detailed resilient plan and technical documents wrapper around the Service which shall include, but is not limited to, our IT strategy, service resilience, performance monitoring and reporting, service reviews to monitor progress and discuss issues (e.g. quality of delivery, resource, troubleshooting, risks and issues with proposed mitigations). ; Performing all activities within various Systems Development Life Cycle (SDLC) types including Waterfall, Agile and DevOps. Ensure a timely response to address the need, with resilience to provide substitute or replacement capability when required to avoid service disruption. ; Engaging Operations teams to get a buy-in on approach and coordination and scheduling of work to secure technical resource(s) (where applicable) to assist in an emergency. ; Be versatile across multiple channels including web, social and print media. ; Contain elements/icons that can be used across various digital and print mediums including a website.; We need to reflect the tone of the buyer's instance – less emphasis on the ‘touchy feely’ environmental green tropes and more a focus on innovation, action and technical solutions
• Outage reporting: SERVICE LEVEL REPORT 1) Before the 10th calendar day of each month (or the previous day, if the 10th calendar day in the relevant month is not a Working Day), the DBAAS Ltd shall provide GCloud services with a report containing accurate figures of performance against each Service Level including, with regards to Availability, the levels of Scheduled and Unscheduled Downtime in the previous month and in the previous three (3) month period on a cumulative basis and on a rolling basis, together with details of any instances of non-compliance with the Incident Resolution Service Levels. ; Handle all incoming Support Queries in accordance with SLA response times attached on DBaaS Ltd Onboarding process page, provided always attempted first (but been unable) to resolve the relevant issue through its own internal IS resources; Communicate via telephone and e-mail; Be available during standard service hours; and only provide telephone or email support through people who are fluent in the English language.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Gain access to cloud-based data lakes and data warehouses. Their goals are to increase the agility, security, and reliability of their applications, lower costs, and improve data analytics capabilities. Moving cloud-based platforms and software deployment to a new location is a multi-step process that involves tasks that must be identified, planned, implemented, and tested.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Information Security Management System (ISMS)
• ISO/IEC 27001 accreditation date: 30/06/2021
• What the ISO/IEC 27001 doesn’t cover: Nothing to say, it covers most of the services as per Our ISO 27001 accreditation means that we have put all necessary measures in place to ensure that our clients' information is always protected.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 30/06/2021
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: N/A
• PCI certification: Yes
• Who accredited the PCI DSS certification: Barclays
• PCI DSS accreditation date: 30/06/2021
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Memset Hosting
  • GCHQ Certified Master of Cyber Security
  • CISSP
  • CMFS
  • CEH
  • CVI

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: We do follow the CyberEssentials Plus and Memset Hosting.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration&Change Management we follow to control the environment releases by raising a change in the Buyer's support system&linking it to the initial SR/Incident. The approval is sought in a regular CAB meeting scheduled to take place once a week. We can hold emergency CABs-or-seek approval outside CAB from our release manager. We try to limit these approvals outside CAB to a minimum. When working with the support company, the team will attend the CAB meeting to represent the change, but the support company may be asked to fill out some technical details in a 3rd party RFC document.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Automated vulnerability management scanning tools should be run on a monthly frequency and against all solution components and their supporting infrastructure. Vulnerability scanning tools should provide vulnerability risk scores in accordance with the common vulnerability scoring system (CVSS) version 3. Penetration testing (CREST/CHECK/TIGER scheme). Patch management (including any policies and procedures). Version control, Remediation action plans (please detail SLA timescales for high, medium and low CVSS scored vulnerabilities). There also needs to be a requirement for user accountability (logging and monitoring). Is BYOD permitted? If so, is it corporately managed.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring Services which support its strategic communications, media outreach activities and track and measure the success of its PR campaigns; across all sites. We do protective monitoring processes means appropriate technical and organisational measures which may include: pseudonymizing and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of such measures adopted by it
• Incident management type: Supplier-defined controls
• Incident management approach: We can predictive intelligence, which uses detailed incidents reports to respond to requests and Performance analytics to create data visualizations, anticipate trends, prioritize resources, and improve performance and Incident management and problem management to restore services quickly after an unplanned interruption or a major incident Asset management to get a complete, connected view of all assets We can be able to communicate via telephone and e-mail; Be available during standard service hours, and provides telephone or email support through people who are fluent in the English language. a)Incident and Problem Management c)Ticketing Management d)Service Request Management

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Red Hat Virtualisation
• How shared infrastructure is kept separate: We keep the same infrastructure as kept apart as BAU continuity and improving the upcoming projects to delivering the best tactical and strategic solutions to the best of infrastructure

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: We do solution will be based on a cloud-based architecture with the solution hosted within a minimum of two ISO 27001 (2005) accredited datacentres located in the UK. Increasing the use of public / zero emission transport modes. Stimulating demand for energy efficient products and low environment impact services. Contributing to local climate change mitigation targets. Increasing energy efficiency of domestic an operational buildings and business activities. Encouraging local, ethical and fair-trade purchasing.

Social Value

• Fighting climate change:

  Fighting climate change

  We do more to understand your carbon emissions. Drive more efficiently. In particular, observe speed limits and avoid rapid acceleration and excessive braking. Don’t drive aggressively. Commute by carpooling or using mass transit. Plan and combine trips. Drive more efficiently. Switch to “green power.” Switch to electricity generated by energy sources with low or no routine emissions of carbon dioxide.
• Covid-19 recovery:

  Covid-19 recovery

  In light of the Coronavirus disease (COVID-19), it is the intention of buyer's to be as flexible as possible in relation to the procurement process for the GCloud hosting to support the tender however this will remain within the parameters of the Public Contract Regulations 2015 (PCR 2015).; Please note that Suppliers will use reasonable endeavors to notify all tender participants of any potential risks which may delay the procurement process and its subsequent award and implementation.
• Tackling economic inequality:

  Tackling economic inequality

  DBaaS Ltd is committed to tackling economic inequality at the root. Our overriding vision is to help lower the unequal distribution of income and opportunity between different groups in society.
• Equal opportunity:

  Equal opportunity

  1. The Authority and Supplier shall continue to monitor the performance and objectives of this Contract throughout its duration and to make any amendments or changes necessary to this Contract, or its performance or objectives in order further to promote equality, and equal opportunity. ; 2. The Supplier shall notify the Authority immediately in writing as soon as it becomes aware of any investigation or proceedings brought against it in relation to equality, or equal opportunity whether under the Act or otherwise. ; 3. Where any investigation is conducted, or proceedings are brought which arise directly or indirectly out of any act or omission of the Supplier, its staff, employees, workers, consultants, agents, or Sub-Contractors and where there is a finding against the Supplier in any such investigation or proceedings, the Supplier shall indemnify and keep indemnified and hold harmless the Authority and the Chief Constable with respect to all costs, charges, and expenses (including legal and administrative expenses on an indemnity basis) incurred by the Authority during or in connection with any such investigation or proceedings and further indemnify and keep indemnified and hold harmless the Authority from and against all and any compensation, damages, costs, losses, fines, penalties or another award (including any interest) the Authority may be ordered or required to pay. ; 4. If a finding of unlawful discrimination or breach of equal opportunities legislation (including but not limited to the Act) is made against the Supplier or against the Authority arising from the conduct of the Supplier or any of its employees, workers, consultants, agents or Sub-Contractors, the Supplier shall take immediate remedial steps to prevent further recurrences and shall advise the Authority of the steps taken. ; 5. Where any investigation is undertaken by a person or body empowered to conduct such an investigation and/or proceedings are instituted.
• Wellbeing:

  Wellbeing

  The DBaaS Ltd promotes the health, safety, and wellbeing of patients, service users and the public by raising of regulation and voluntary registration of people working in health and care. DBaaS Ltd, is to drive UK global leadership in Intelligent Mobility, promoting sustained economic growth and wellbeing through integrated, efficient and sustainable systems, innovative accelerators and processes to people values: Care, Collaboration, Courage and Integrity.

Pricing

• Price: £350 to £1,800 a user a day
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Demo covers the basic information about the solutions provided on the free version using masking data and don't have testing or real activities data. Actual real or users data is not included Periods will be 3 months maximum derived based on the certain limits based on the cloud services providing.
• Link to free trial: Not Avaliable

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at admin@dbaasltd.com. Tell them what format you need. It will help if you say what assistive technology you use.