APaaS Application Packaging Services

Application Packaging and Migration

To enable end user migration to cloud services (e.g. Amazon WorkSpace, private VDI), through application preparation and packaging for mass deployment, Integration of packaged applications in to enterprise standard deployment tools, user acceptance testing, release management and enforcement in line with user entitlement.

Features

• Application estate discovery
• Application rationalisation
• Application technical discovery
• Application packaging
• Application integration for mass deployment
• Application user acceptance testing (UAT)
• Application deployment
• Application in-life management
• Release management

Benefits

• Understand the application landscape, what applications are used by whom
• Regain control of application strategy, consolidate licensing, reduce cost
• Reduce future cost by documenting how each application is configured
• Reduce end-user support cost by managing and standardising application configuration
• Automated tooling reduces time and cost
• Reduce risk of user disruption through effective testing
• Reduce support cost and improve user productivity with approved applications
• Reduce TCO by keeping applications up to date
• Reduce TCO, improve productivity with robust release process

£125 to £1,500 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at admin@apaas.org. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

282098275176724

Contact

APaaS Sales Team
07442010362
admin@apaas.org

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Our Software and Hardware Asset Management service ensures comprehensive oversight of your IT resources. We track licences, monitor usage, and optimise inventory to minimise costs and enhance security. Gain control over your technology assets with our tailored solutions, reducing risks and maximising efficiency across your organisation.
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: No specific requirements

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 8 hour business day response
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Technical account manager support including application packaging feasibility, deployment planning and post deployment support.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Once engaged we will facilitate a workshop with the customer to agree application packaging standards and processes.; We will provide authorised users with access to our application lifecycle management tracker and they can immediately start raising requests for application packaging.; ; For all other components of the service in scope work with the customer representatives to deliver the services in the most efficient and cost effective manner.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data within the application lifecycle management tracker is available for exportin .csv or .doc formats
• End-of-contract process: Any non-standard reports or data extraction would be at additional cost. At contract end the customer access to the application lifecycle management tracker will be revoked and the customer data held within the service will be deleted after 30 days.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Application Lifecycle Management tracker provided via a Web portal, this displays every application requested by the customer, the current status of the application within the process, documentation relating to the application request, dependencies and pre-requisite applications.; The web portal would only generally be made available to members of the customer team managing the application lifecycle process and not to all users.; Authorised users have the ability to raise an application packaging request, view the current status of all applications within the process, documentation relating to the application request, dependencies and pre-requisite applications.
• Accessibility standards: None or don’t know
• Description of accessibility: The service interface is offered via web browser, users can benefit from all the accessibility features provided by the device OS and browser of choice.
• Accessibility testing: The requirement has not arisen, the portal is used by a small number of people who require access to application lifecycle management tracking, as opposed to something all users can access.
• API: Yes
• What users can and can't do using the API: API standards are documented and can be implemented with support from this service
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: All components of this service are modular:; Application estate discovery; Application rationalisation; Application technical discovery; Application packaging; Application integration for mass deployment; Application user acceptance testing (UAT); Application deployment; Application in-life management; Release management; Buyers can select any or all of the service components to customise the exact service delivery they require. ; There is no minimum volume for this service although volume discounts can be agreed.

Scaling

• Independence of resources: Solution is fully flexible, built on Azure Cloud with performance monitoring

Analytics

• Service usage metrics: Yes
• Metrics types: All data within the portal view can be provided including application title, version, requester, status, etc
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users do not generally export their data but the portal does allow users to generate reports using a data mining engine. The reports can be exported in multiple formats
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: Msdmr
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Service Availability 99.9% Penalties will be defined and agreed during contract negotiations
• Approach to resilience: Service is built in Microsoft Azure with Azure Backup and Disaster Recovery, Azure Auto Scaling and Azure Application Insights.
• Outage reporting: Service outage will be available via API and email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: The level of access for each user of the system is controlled centrally, only validated users can access the service portal. Each authorised user of the system can only access parts of the portal they have been granted permission to see.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have a number of in-house policies specific to out business to ensure security governance covering Cyber and Information Security, Recruitment and Vetting, Data Protection.
• Information security policies and processes: APaaS has adopted an Information Security Policy that complies with stringent legal requirements and provides the necessary assurance that data held and processed by the APaaS is treated with the highest appropriate standards to keep it safe. Ultimate responsibility for information security rests with the Directors of APaaS. They shall be responsible for managing and implementing the policy and related procedures. Team leaders are responsible for ensuring that their permanent and temporary team members and contractors are aware of: The information security policies applicable in their work areas Their individual responsibilities for information security How to access advice on information security matters

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management process involves thorough documentation of system configurations and controlled procedures for implementing changes. It includes: Baseline Configuration: Establishing a known and stable configuration state. Change Control Board (CCB): Reviewing and approving proposed changes. Version Control: Managing changes with clear versioning and tracking. Testing and Validation: Verifying changes in a controlled environment. Documentation: Maintaining detailed records of configurations and changes. Continuous Improvement: Iteratively refining processes based on feedback and outcomes. This approach ensures system integrity, minimizes risks, and supports efficient troubleshooting and maintenance.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process involves systematic identification, assessment, prioritization, mitigation, and monitoring of security vulnerabilities in IT systems. Discovery: Using scanning tools to identify vulnerabilities. Assessment: Analyzing and prioritizing vulnerabilities based on severity and impact. Remediation: Implementing patches, updates, or configurations to mitigate vulnerabilities. Verification: Validating that vulnerabilities have been effectively addressed. Ongoing Monitoring: Continuously scanning and assessing for new vulnerabilities. Reporting and Communication: Providing clear reports and updates to stakeholders. This proactive approach helps protect against potential threats and ensures the security and resilience.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring process involves continuous monitoring of systems and networks to detect and respond to security threats in real-time. Event Collection: Gathering logs and data from systems and devices. Detection: Analyzing events for signs of unauthorized activity or anomalies. Alerting: Notifying security teams of potential incidents for immediate investigation. Incident Response: Rapidly responding to and containing security breaches. Forensic Analysis: Conducting detailed investigations to understand the scope and impact of incidents. Continuous Improvement: Iteratively refining monitoring rules and response procedures based on findings. This proactive approach enhances threat detection and minimizes the impact of security incidents.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management process involves a structured approach to quickly identify, respond to, and resolve IT incidents to minimize business impact. Incident Identification: Prompt detection and logging of incidents. Incident Categorization: Classifying incidents based on impact and urgency. Initial Response: Immediate triage and assignment to appropriate support teams. Investigation and Diagnosis: Thorough analysis to determine root cause. Resolution: Implementing corrective actions to restore normal service. Closure and Documentation: Formal closure of incidents with detailed records for analysis. Continuous Improvement: Learning from incidents to enhance preventive measures and response procedures. This systematic approach ensures efficient incident resolution and continuous service improvement.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality

  Fighting climate change

  By providing Cloud-based IT services we can play a significant role in combating climate change by enabling organizations to adopt more sustainable and environmentally friendly practices: Energy Efficiency: Cloud providers invest heavily in data center efficiency. By consolidating computing resources and optimizing server utilization, cloud services can achieve higher energy efficiency compared to traditional on-premises data centers. This reduces overall energy consumption and carbon emissions associated with IT operations. Server Virtualization: Cloud platforms utilize server virtualization, allowing multiple virtual machines to run on a single physical server. This consolidation minimizes the number of physical servers needed, reducing hardware requirements and associated energy use. Dynamic Scaling: Cloud services offer elastic scaling, allowing organizations to dynamically adjust computing resources based on demand. This capability enables efficient resource utilization, avoiding over-provisioning of servers that would otherwise remain idle and consume unnecessary energy. Remote Work and Collaboration: Cloud-based tools facilitate remote work and collaboration, reducing the need for commuting and business travel. This leads to decreased greenhouse gas emissions from transportation and supports a shift towards sustainable work practices. Renewable Energy Adoption: Cloud providers commit to using renewable energy to power data centers. They invest in large-scale renewable energy projects such as solar and wind farms to offset their energy consumption. By leveraging cloud services, organizations indirectly contribute to increasing demand for renewable energy sources. Optimized Resource Utilization: Cloud services enable efficient use of computing resources through automated load balancing, which minimizes idle capacity and energy waste. In summary, our cloud-based service offers a pathway towards greener and more sustainable practices by optimizing energy efficiency, promoting remote work, supporting renewable energy adoption, and enabling resource-efficient operations.

  Tackling economic inequality

  By providing Cloud-based IT services we can contribute to tackling economic inequality by providing access to scalable and affordable technology solutions, leveling the playing field for individuals across different economic strata: Remote Work Opportunities: Cloud technologies facilitate remote work and telecommuting, breaking geographical barriers and expanding job opportunities beyond traditional urban centers. This flexibility can benefit individuals in rural or economically disadvantaged areas by providing access to employment opportunities and reducing the necessity for costly commuting.

Pricing

• Price: £125 to £1,500 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at admin@apaas.org. Tell them what format you need. It will help if you say what assistive technology you use.