Razorblue Group Ltd

Application Development

Our bespoke C# application development service creates tailored software solutions for diverse needs, including but not limited to web applications, desktop software, enterprise solutions, systems integration and mobile apps.

Features

• Bespoke application development
• Opportunities for systems integration
• API development
• Mobile Apps Design and Development
• Agile development
• Project Management
• Waterfall development

Benefits

• Software tailored to meet business needs

£850 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@razorblue.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

289927035260553

Contact

Hannah Muir
03333446344
tenders@razorblue.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: We can develop software to extend any existing service provided there is an API available.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No specific constraints.
• System requirements:
  • Applications require hosting either on premise or in the cloud
  • Access to database system

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Incidents are responded to 24/7 depending on severity. Change requests are responded to within normal working hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support is provided by our Service Desk, 24/7. Account management and technical advice is included.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As part of the on-boarding process, users will be offered a walkthrough and Q&A session. Documentation is also available.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Software ownership exists with the client therefore the ownership of the data sits with the client.
• End-of-contract process: We will package the application and pass the software to the client.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Reactive and responsive web design.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The API will be customised to your needs of your applications.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The application is custom to the needs of the client.

Scaling

• Independence of resources: Capacity management plan in place to ensure that sufficient levels of capacity are always available with sufficient time to grow the architecture as needed.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide whatever application metrics are required.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data exports can be managed as part of the application development process.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Platform availability SLA is 100% excluding any scheduled maintenance. See service description/manual for more information.
• Approach to resilience: All datacentre plant/infrastructure is N+1 as a minimum. The platform itself uses multiple components at each level. Further information is available upon request.
• Outage reporting: Our outage & scheduled maintenance notification platform is hosted off-network and includes a public dashboard, e-mail alerts, SMS alerts and twitter notifications.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Role based access control
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR
• ISO/IEC 27001 accreditation date: 31/10/2016
• What the ISO/IEC 27001 doesn’t cover: A.10.1.1 - Policy on the use of cryptographic controls, excluded - cryptographic process is automated A.10.1.2 - Key management, excluded - cryptographic process is automated A.14.2.7 - Outsourced development. excluded - not applicable. No outsourced development
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO 9001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Razorblue operates an ISMS (Information Security Management System) which is accredited and audited to ISO 27001 by a third party. The ISMS includes policies and procedures covering our staff, recruitment processes, supplier management, technical configuration management, patch management, and so forth.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our change process is aligned to ITIL and other industry standards. All infrastructure and assets are tracked through a CMDB. Our change control process includes provision for assessing potential changes for security impact, including peer approval for any security related change.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: This process forms part of our ISO 27001 ISMS. Our engineers monitor CVE and other supplier bulletins for vulnerabilities that could potentially affect our platform. Patches are deployed at varying intervals dependent on the risk and ability to exploit the vulnerability. The exact details of this process are not disclosed. Our engineers and technical architects also regularly attend industry training sessions to understand generic risks and how to combat them.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Proactive monitoring forms part of our ISO 27001 ISMS. We have detailed incident response processes in place which have varying levels of responsiveness and actions dependent on the specific circumstances. Our processes include notification of clients and regulatory bodies.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have established processes for incident and outage management. Users can contact us to report incidents, or in some cases we will report these to customers before they are necessarily aware of them. We have a standardised incident reporting process which provides detailed documentation.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We believe that businesses have a crucial role to play in shaping a sustainable future for our planet, which is why we are taking a proactive approach to reduce our carbon footprint, striving to create a greener world. Our most significant carbon contributor is data centre usage. In response to this sector-wide challenge, we have made a conscientious choice to partner exclusively with datacentres that operate on clean and renewable energy, upholding the highest standards of environmental responsibility. By adopting cloud technologies, and promoting this throughout our client base, we not only enhance efficiency and productivity but significantly reduce the carbon emissions that would have been generated by conventional server infrastructures. We have optimised our office spaces to be energy efficient, integrating automatic LED lighting and heat recovery systems for heating and ventilation. We also embrace a paperless approach, aiming to minimise waste and resource consumption. We heavily promote recycling throughout all offices and have multiple recycling bins and facilities. As part of our broader vision, we are promoting the transition to electric vehicles (EVs). While the charging infrastructure in the UK presents challenges, we remain steadfast in our goal to replace our fleet of cars with EVs. To accelerate this transition, we have introduced an EV car scheme for our entire workforce, encouraging employees to embrace eco-friendly transportation options.

  Tackling economic inequality

  razorblue are constantly striving to improve economic, social, and environmental wellbeing. In line with our dedication to supporting the local community, we proudly support local sports teams and clubs and work with local schools and colleges to promote education and skill-building opportunities. By working with local educational institutes, we aim to contribute to the growth and development of the younger generation. We have partnerships with universities colleges and schools, such as Teesside University, Darlington College, and Middlesbrough College, with plans to extend partnerships to other institutions within the North East, Manchester, and Scotland and further afield to encourage people into STEM roles.

  Equal opportunity

  We are in the process of partnering with the Power of Women, which is a movement to inspire young girls and help them throughout their journey at school, and hopefully open their eyes to a career in technology.

  Wellbeing

  The team culture here is one of total transparency and a shared vision to challenge, innovate, push boundaries, and exceed client expectations. Our in-house Head of People places significant focus on the culture of our company and leads this strategy to give our team an excellent employee experience. We regularly seek and act upon employee feedback so we can continually improve as an employer. Our employees have multiple ways to submit feedback, whether that is via our company intranet, HR software or in regular catch ups. Feedback is immediately acted upon by the board, and we use this to improve policies, practises, and culture. We learn from the people who do the doing, which is why we have multiple channels out there for our workforce to voice opinions and they can do so anonymously if desired. Each team is given a quarterly budget to do something fun of their choice, this is there to build better relationships and remove the hierarchy between management and staff so they can approach them on a more personal level. In addition to this we have regular team-building days, a yearly company-wide team building fun day, as well as an Employee Awards Evening to which employees and partners are all invited and paid for. Our leadership team undergo regular training to help them become amazing and supportive leaders. This training focuses on prioritising the wellbeing and development of employees and demonstrates commitment to creating a positive and empowering workplace culture. Nearly all our leadership team are Mental Health First Aiders, with the aim of all of them being qualified by August 2023. What’s more we operate an open office with senior leadership and directors opting to work amongst staff and communicate directly as opposed to residing in closed off offices.

Pricing

• Price: £850 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@razorblue.com. Tell them what format you need. It will help if you say what assistive technology you use.