DBaaS Ltd

E-Commerce Web development and CRM Support

As an eCommerce website developer with SEO optimized features, we work with the latest technology. We offer all the services that eCommerce businesses need under one roof at DBaaS Ltd. AbanteCard,Drupal, Joomla, Magento, Open Cart,Prestashop,Shopify,Woo Commerce,and WordPress are just a few of the applications we provide on the DBaaS platform.

Features

• Secure Fully Managed DBaaS CMS Platform
• Business Continuity Process
• Database & application coding backups
• Disaster Recovery Options
• Payment Gateway Integration
• Easier browsing & compatiability
• Enhanced basket features and Quicker checkout
• Flexibility for customers
• Seamless API Integration
• Faster buying process

Benefits

• Easy to use out of box functionality
• Fast website deployment
• Update content quickly
• Manage Your Website from Any Computer
• Self-contained system no HTML editing software required
• Secure Platform that can scale as required
• 24x7x365 monitoring, alerting and proactive support
• Several payment modes
• Faster response to buyer/market demands
• Product and price comparison

£250 to £1,400 a user a day

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at admin@dbaasltd.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

294394720701163

Contact

DBaaS Ltd
+44 07480 080202
admin@dbaasltd.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: This service can be designed to specific user requirements
• Cloud deployment model: Private cloud
• Service constraints: The service excludes any third-party software licensing&third-party support costs(unless these are included in the infrastructure provider pricing)•The service does not include support for database-specific content including data change or deletion or data integrity checks.•The service does not include support to major database RDBMS change&release activities,this is available as a service option•The service excludes the implementation of service requests. These are charged separately on a T&M basis•The service excludes support for security accreditation and testing •The service excludes visits to customer sites,including the attendance of service reviews; attendance will be subject to prior agreement with any expenses incurred charged additionally
• System requirements:
  • System requirements will be dependent upon the user designs
  • 8 GB RAM
  • Windows 10 or Windows 11
  • 256 GB SSD
  • AWS or Azure Cloud Partner
  • Office 365 License-Standard
  • Mac Pro or Mac Airbook

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We respond to all questions within 8 business hours. Normal business hours are 09:00-5:00 Mon-Fri excluding UK holidays. We regularly respond to questions within 4 business hours, and we immediately work on all inbound questions to establish urgency and set appropriate priorities. We provide an SLA based on the clients requirements. Weekends : 10am to 4pm on Saturday and 11am to 3pm on Sunday with extra costs.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Chatbot
• Onsite support: Onsite support
• Support levels: We provide a service desk for our managed services customers. Also, assigned consultants or architects will respond in 8 business hours of response time. Our Support offering is not driven by a standard service catalogue; and also provides the tailored support levels to meet your specific needs to provide the right level of support to meet your business requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Yes, we used to provide online training, user documentation, or Onsite training for the service
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: We do extract all the data of users and prepare the contract handover to your during the contract period ends.
• End-of-contract process: We do full KT (knowledge transfer) and cross-training to the team members and permanent members of the staff. Preparing the full confluence documents in the intranet or global usage in the organizations. Preparing the full online training or in-house training for the business to the technical team and technology to business and non-technical to business teams.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We develop the web design and revamp the application based on the coding and redevelop the coding with suits to mobile and desktop application services.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: User familiarizes with the API activities and how to integrate services to another application. setup via java thin client or nodejs or java or any relative coding's. No limitations to how users can setup
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We will co-ordinate with the customers and can customise to the business needs.

Scaling

• Independence of resources: We keep monitoring 24/7 with a proactive team independently and managing all aspects of business activities to be monitored without affecting the BAU and live services. All users will be under full SLA support as requested and ensure there is zero tolerance and zero downtimes.

Analytics

• Service usage metrics: Yes
• Metrics types: We used to provide service in the application of storage Access, Portable wifi Data dongle devices
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Extraction and conversion of raw data from their existing format into a format required by another application. Exporting data is also a way of backing up data or moving it between two different versions of programs.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: A service level agreement (SLA) is a documented agreement between a service provider and a customer that identifies both the services required & expected level of service. The agreement varies between vendors, services, and industries. Handle all incoming Support Queries in accordance with SLA response times attached on DBaaS Ltd Onboarding process page, provided always attempted first (but been unable) to resolve the relevant issue through its own internal IS resources; Communicate via telephone and e-mail; Be available during standard service hours, and only provide telephone or email support through people who are fluent in the English language. Supplier is prevented or delayed in performing its obligations due to Force Majeure. In these circumstances, the Contract Price shall be adjusted and any necessary refund or credit effected in accordance with the Authority’s reasonable instructions.
• Approach to resilience: Provide a full detailed resilient plan and technical documents wrapper around the Service which shall include, but is not limited to, our IT strategy, service resilience, performance monitoring, and reporting, service reviews to monitor progress and discuss issues (e.g. quality of delivery, resource, troubleshooting, risks and issues with proposed mitigations). Performing all activities within various Systems Development Life Cycle (SDLC) types including Waterfall, Agile, and DevOps. Ensure a timely response to address the need, with resilience to provide substitute or replacement capability when required to avoid service disruption. Engaging Operations teams to get a buy-in on approach and coordination and scheduling of work to secure technical resource(s) (where applicable) to assist in an emergency. Be versatile across multiple channels including web, social and print media. Contain elements/icons that can be used across various digital and print mediums including a website. We need to reflect the tone of the buyer's instance – less emphasis on the ‘touchy feely’ environmental green tropes and more a focus on innovation, action, and technical solutions
• Outage reporting: SERVICE LEVEL REPORT 1) Before the 10th calendar day of each month (or the previous day, if the 10th calendar day in the relevant month is not a Working Day), the DBAAS Ltd shall provide GCloud services with a report containing accurate figures of performance against each Service Level including, with regards to Availability, the levels of Scheduled and Unscheduled Downtime in the previous month and in the previous three (3) month period on a cumulative basis and on a rolling basis, together with details of any instances of non-compliance with the Incident Resolution Service Levels. Handle all incoming Support Queries in accordance with SLA response times attached on DBaaS Ltd Onboarding process page, provided always attempted first (but been unable) to resolve the relevant issue through its own internal IS resources; Communicate via telephone and e-mail; Be available during standard service hours, and only provide telephone or email support through people who are fluent in the English language.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Gain access to cloud-based data lakes and data warehouses. Their goals are to increase the agility, security, and reliability of their applications, lower costs, and improve data analytics capabilities. Moving cloud-based platforms and software deployment to a new location is a multi-step process that involves tasks that must be identified, planned, implemented, and tested.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Information Security Management System (ISMS)
• ISO/IEC 27001 accreditation date: 30/06/2021
• What the ISO/IEC 27001 doesn’t cover: Nothing to say, it covers most of the services as per Our ISO 27001 accreditation means that we have put all necessary measures in place to ensure that our clients' information is always protected.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 30/06/2021
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: N/A
• PCI certification: Yes
• Who accredited the PCI DSS certification: Barclays
• PCI DSS accreditation date: 30/06/2021
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Memset Hosting
  • GCHQ Certified Master of Cyber Security
  • CISSP
  • CMFS
  • CEH
  • CVI

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: We do follow the CyberEssentials Plus and Memset Hosting.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration&Change Management we follow to control the environment releases by raising a change in the Buyer's support system&linking it to the initial SR/Incident. The approval is sought in a regular CAB meeting scheduled to take place once a week. We can hold emergency CABs-or-seek approval outside CAB from our release manager. We try to limit these approvals outside CAB to a minimum. When working with the support company, the team will attend the CAB meeting to represent the change, but the support company may be asked to fill out some technical details in a 3rd party RFC document.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Automated vulnerability management scanning tools should be run on a monthly frequency and against all solution components and their supporting infrastructure. Vulnerability scanning tools should provide vulnerability risk scores in accordance with the common vulnerability scoring system (CVSS) version 3. Penetration testing (CREST/CHECK/TIGER scheme). Patch management (including any policies and procedures). Version control, Remediation action plans (please detail SLA timescales for high, medium and low CVSS scored vulnerabilities). There also needs to be a requirement for user accountability (logging and monitoring). Is BYOD permitted? If so, is it corporately managed.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring Services that support its strategic communications, and media outreach activities and track and measure the success of its PR campaigns; across all sites. We do protective monitoring processes means appropriate technical and organizational measures which may include: pseudonymizing and encrypting Personal Data, ensuring confidentiality, integrity, availability, and resilience of systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of such measures adopted by it.
• Incident management type: Supplier-defined controls
• Incident management approach: We can predictive intelligence, which uses detailed incidents reports to respond to requests and Performance analytics to create data visualizations, anticipate trends, prioritize resources, and improve performance, and Incident management and problem management to restore services quickly after an unplanned interruption or a major incident Asset management to get a complete, connected view of all assets We can be able to communicate via telephone and e-mail; Be available during standard service hours, and provides telephone or email support through people who are fluent in the English language. a)Incident and Problem Management c)Ticketing Management d)Service Request Management.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  We do more to understand your carbon emissions. Drive more efficiently. In particular, observe speed limits and avoid rapid acceleration and excessive braking. Don’t drive aggressively. Commute by carpooling or using mass transit. Plan and combine trips. Drive more efficiently. Switch to “green power.” Switch to electricity generated by energy sources with low or no routine emissions of carbon dioxide.
• Covid-19 recovery:

  Covid-19 recovery

  In light of the Coronavirus disease (COVID-19), it is the intention of buyer's to be as flexible as possible in relation to the procurement process for the GCloud hosting to support the tender however this will remain within the parameters of the Public Contract Regulations 2015 (PCR 2015). Please note that Suppliers will use reasonable endeavors to notify all tender participants of any potential risks which may delay the procurement process and its subsequent award and implementation.
• Tackling economic inequality:

  Tackling economic inequality

  DBaaS Ltd is committed to tackling economic inequality at the root. Our overriding vision is to help lower the unequal distribution of income and opportunity between different groups in society.
• Equal opportunity:

  Equal opportunity

  1. The Authority and Supplier shall continue to monitor the performance and objectives of this Contract throughout its duration and to make any amendments or changes necessary to this Contract, or its performance or objectives in order further to promote equality, and equal opportunity. 2. The Supplier shall notify the Authority immediately in writing as soon as it becomes aware of any investigation or proceedings brought against it in relation to equality, or equal opportunity whether under the Act or otherwise. 3. Where any investigation is conducted, or proceedings are brought which arise directly or indirectly out of any act or omission of the Supplier, its staff, employees, workers, consultants, agents, or Sub-Contractors and where there is a finding against the Supplier in any such investigation or proceedings, the Supplier shall indemnify and keep indemnified and hold harmless the Authority and the Chief Constable with respect to all costs, charges, and expenses (including legal and administrative expenses on an indemnity basis) incurred by the Authority during or in connection with any such investigation or proceedings and further indemnify and keep indemnified and hold harmless the Authority from and against all and any compensation, damages, costs, losses, fines, penalties or another award (including any interest) the Authority may be ordered or required to pay. 4. If a finding of unlawful discrimination or breach of equal opportunities legislation (including but not limited to the Act) is made against the Supplier or against the Authority arising from the conduct of the Supplier or any of its employees, workers, consultants, agents or Sub-Contractors, the Supplier shall take immediate remedial steps to prevent further recurrences and shall advise the Authority of the steps taken. 5. Where any investigation is undertaken by a person or body empowered to conduct such an investigation and/or proceedings are instituted.
• Wellbeing:

  Wellbeing

  The DBaaS Ltd promotes the health, safety, and wellbeing of patients, service users, and the public by raising regulation and voluntary registration of people working in health and care. DBaaS Ltd is to drive UK global leadership in Intelligent Mobility, promoting sustained economic growth and wellbeing through integrated, efficient and sustainable systems, innovative accelerators, and processes to people values: Care, Collaboration, Courage, and Integrity.

Pricing

• Price: £250 to £1,400 a user a day
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Demo covers the basic information about the solutions provided on the free version using masking data and doesn't have testing or real activities data. Actual real or users data is not included Periods will be 3 months maximum derived based on the certain limits based on the cloud services providing.
• Link to free trial: Not Available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at admin@dbaasltd.com. Tell them what format you need. It will help if you say what assistive technology you use.