Skip to main content

Help us improve the Digital Marketplace - send your feedback

JBi Digital

General Cloud Hosting

JBi Digital are well-versed in managing secure & reliable cloud hosting services. We are experienced in using AWS, Acquia & other leading hosting providers. Our service provides a fully configured, multiple security domain that hosts all applications safely and requires limited support from your team.

Features

  • Automated deployment & code management
  • Monitoring, alerting & logging systems
  • Data backup, restore & recovery
  • Secure, holistic hosting with firewalls & layers of protection
  • Protective monitoring & intrusions detection systems
  • Scalable (auto) solution with resilience
  • Encrypted services (including VPNs & secure tunnels)
  • Domain support & management (DNS & SSL services)

Benefits

  • Increased flexibility across IT services
  • 99.95% uptime availability
  • Network infrastructure & server security
  • Clear incident & escalation process included in SLA
  • Piece of mind for customers with less operational overhead
  • Ensuring your systems are secure

Pricing

£640 to £1,320 a user a day

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@jbidigital.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

2 9 7 6 3 2 3 8 7 3 7 5 2 1 5

Contact

JBi Digital David Gelb
Telephone: 0207 043 2510
Email: tenders@jbidigital.co.uk

Service scope

Service constraints
When third-party services are used and they may incur any licence or other fees, the supplier (client organisation) will be responsible for covering these. In addition, this will not be required if any open source software is utilised.
System requirements
  • Simple administration panels
  • Secure connections
  • Anti-virus / protection
  • Protective monitoring
  • Scalable service (automated)
  • Role based access control system

User support

Email or online ticketing support
Yes, at extra cost
Support response times
All response times are defined as part of our Service Level Agreements (SLAs) and tailored for each client’s specific requirements. We also carry out regular reviews to ensure that all services listed in the SLA’s are being adhered to.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
N/A
Web chat accessibility testing
N/A
Onsite support
No
Support levels
JBi provide a range of support services to suit each client’s requirements. Services include design, development, security, marketing, testing and hosting. In addition to a ticketing system, JBi offer a personalised account management service to discuss all aspects of the account. All services are charged at the same rate as part of the support contract. The only additional support charges are for out of hours which is charged at 1.5 our normal day rate.
Support available to third parties
No

Onboarding and offboarding

Getting started
As part of our service, JBi offer a tailored training session on the system being developed. Training can be delivered at JBi Head Office, on-site or via a webinar. JBi can also offer additional training sessions, user guides or application support as part of an ongoing maintenance agreement at the end of the project.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
There will be a handover or extraction of the database depending on where the database is stored. This can be done via CSV or database-export and will depend on the requirements of the new product owner.
End-of-contract process
We have a defined Project Exit Plan which will be explained in detail in a handover session between our team and the new product owner. This plan will cover things like the end of contract agreement, project specifications (including digital assets, domains, SSL etc) and any research that was done, tailored to each product and owner. JBi will be available for the entire handover phase (timeline dependent on SLA) to make sure we assist with the transition at every step of the way.

Using the service

Web browser interface
Yes
Using the web interface
Our web interface is reliant on the underlying hosting provider - such as AWS, Acquia and other leading hosting providers.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
Our web interface is reliant on the underlying hosting provider - such as AWS, Acquia and other leading hosting providers.
API
Yes
What users can and can't do using the API
Our API is reliant on the underlying hosting provider - such as AWS, Acquia and other leading hosting providers.
API automation tools
  • Ansible
  • OpenStack
  • Terraform
API documentation
Yes
API documentation formats
HTML
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
Our CLI services are reliant on the underlying hosting provider - such as AWS, Acquia and other leading hosting providers.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
We set up each hosting account individually with no shared resources between users i.e. isolated incidents between one hosting service to another.
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • File Storage
  • Databases
  • Web server instances
  • Entire solutions
  • Server image snapshots
  • Full configuration
Backup controls
We ensure that users will have full control of the backup using features provided by the underlying hosting providers (should they require it).

Our team will assist with by providing an SLA, offering proactive support, execute upgrades & monitor all cloud-related infrastructure and services.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Availability is dependent on the particular platform, and any SLAs are tied to that platform uniquely and specifically.
SLAs are agreed on a per-customer basis covering aspects relating to workload. Most of the SLA are to the 99.95%+ uptime levels.
Approach to resilience
We provide tailored solutions with baked-in resilience. Our professional services include web-app firewalls and advance DDoS mitigated solutions. Solutions are based upon discussions with each customer and tailored to their project requirements. Further information is available upon request.
Outage reporting
Primary, public, and customer information is reported primarily by email alert. Should SMS notifications be required, we can add these at an additional charge. Internally, we have a number of tools and closed monitoring systems that allow us to monitor outages, and other service reporting indicators.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Role-Based Access Control (RBAC) are defined at the outset of all admin and management systems. These define user permissions within each interface, ensuring only authorised personnel have access to specific functionalities.

MFA is mandatory for all management interfaces and support channel access.

Secure Protocols with strong ciphers and public-key authentication for encrypted communication, should these be required.

Firewall rules and IP restrictions control access to our tools, server access, and back-end development platforms and systems are in place.

User management reviews of system users to ensure only active users who need access have access and are actioned periodically.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
CyberEssentials and CyberEssentials Plus Certification guidelines are strictly adhered to.
Information security policies and processes
We are Cyber Essentials Plus certified.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow a defined approach to changes based on impact analysis and controlled through release logs and patch logs, depending on the SLA requirements.

When changes are required to infrastructure, the tech team implement these and revert back to the customer.
We also have a roll-back process if changes don't get implemented.
Finally, we implement subversioning and version control by specific IDs, as well as look at up-and-coming end of life processes where appropriate.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We subscribe to several sources that monitor vulnerability across all systems. More information on these sources, both internal and external, is available upon request.
Our management approach centres around identification and classification: We identify the urgency of the vulnerability through a needs assessment, then categorise it into two levels: priority and severity. Based on that, we will take action in a specific time frame.
We offer IT health checks and penetration scanners on a case to case basis, with frequency dependent on the customer.
For critical patches and urgent security issues, our turnaround is 24hrs-5 days (depending on threat assessment).
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We do a threat assessment based on severity and priority.

Response to critical-level threats is usually within the hour response. Response time is based on the severity of the threat.

We alert stakeholders via phone and email communication depending on threat severity.

Our IPS system is integrated with our IDS system in order to serve fast and accurate assessments.

Response to critical-level threats is usually within the hour response. Response time is based on the severity of the threat, as well as the client SLA.

We alert stakeholders via phone and email communication depending on threat severity.
Incident management type
Supplier-defined controls
Incident management approach
JThe incident management process starts with the identification and assessment of the priority and severity of the issue/event.
Incident responses are worked on in accordance with client communications plans to provide quick and clear communication updates and deploy a team of professionals to address the incident and bring services back to a normal state.
The JBi tech team plays a crucial role in mitigating the incident on our end for the fastest possible resolution. Communication with the end user about the incident depends on the client's SLAs and specific agreements.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
We would work to segregate and isolate each hosting server.

Yet, the underlining infrastructure could be shared to support scalability and resilience in cloud hosting solutions.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
All of datacentres adhere to the EU Code of Conduct for Energy Efficient datacentres.

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

JBi Digital is aware of its responsibility to the environment - our teams employ industry best-practices for environmentally friendly web development. All websites are designed and developed with streamlined, user-optimised navigations, optimised imagery and UK-based hosting providers to minimise the amount of CO2 production per view. Clients are given the option to have their website's environmental footprint assessed pre- and post-launch, with recommendations made on how to reduce their impact further. In addition to a best practice approach to development, JBi Digital offers a "Cycle to Work" scheme to all employees, encouraging the use of environmentally friendly commuting options as an alternative to public transport and cars. The office is also set up with clear recycling stations for recyclable items, such as plastics, compost, and glass.

Covid-19 recovery

The JBi team has adapted its service to streamline post-pandemic operations, offering both in-person and remote meetings while maintaining a "business-as-usual" relationship with all clients. Employees retain the option to work from home and isolate where necessary, but are now being encouraged to return to the office for at least two days a week in order to supplement the local economy. The agency is also actively involved with The Childhood Trust, London's child poverty charity, as it seeks to mitigate the impacts of COVID-19 on disadvantaged children in the capital. Whilst childhood poverty was prevalent before the coronavirus pandemic, its scale and complexity has been compounded by recent economic and political circumstances. Founded in 2013, The Childhood Trust supports grassroots charities and projects across the city through match-funding, with the goal of providing aid to the 700,000 children in the capital living below the poverty line. By funding local projects, supporting children through volunteering and advocating for disadvantaged families, The Childhood Trust is alleviating the pandemic's impact on London's vulnerable youth. JBi Digital has been The Childhood Trust's long term digital partner since 2020, and launched an award-winning website for the charity in 2021. JBi Digital has also run several digital campaigns that have helped increase the number of donations and level of awareness the charity receives.

Tackling economic inequality

JBi Digital is keenly aware of the social responsibility it has to its employees, clients and local community. In order to fulfil this responsibility, JBi: - Offers above minimum wage to all employees - Actively supports employees in fast tracking their careers, investing in training and education - Recruits from across the UK without socio-economic bias - Commits a portion of its revenue every year to charitable causes JBi Digital is also proud to have been The Childhood Trust's long term digital partner since 2020. Founded in 2013, The Childhood Trust is London's child poverty charity. It supports grassroots charities and projects across the city through match-funding, with the goal of providing aid to the 700,000 children in the capital living below the poverty line. As part of this partnership, JBi was appointed to design and build a new website for The Childhood Trust on a pro bono basis, reinvigorating the charity’s brand and digital presence. The website was launched in 2021, and has more-than-doubled the Trust’s online donations since launch. It was named "Best Non-Profit Website" at the WebAwards 2021. JBi continues to support The Childhood Trust in any way it can as it strives to tackle economic inequality. In previous years, members of the JBi London team have volunteered for the charity's "Decorate a Child's Life" campaign and raised over £1,000 for the charity by running a 5k Tough Mudder.

Equal opportunity

Inclusion and equality of opportunity are both a key part of our internal and recruitment culture. We always hire for talent and are constantly looking for ways to increase the diversity of our recruitment pool. We use data to ensure that our team is both skilled and diverse. By working with mentoring and apprenticeship programmes that focus on candidates from poorer socio-economic environments, we provide opportunities to such recruits to get a foothold in the industry. Our interview panels are always made up of a mix of races and genders. We will continue to review our recruitment process to ensure fairness throughout. We make regular donations to charities which raise awareness of racism in the workplace and fight for economic diversity as part of our ongoing social responsibility.

Wellbeing

Employee wellbeing is a priority for JBi's leadership team, and integral to the agency's ways of working. Internally, we hold ourselves to five key values, the most important of which is respect. This applies to both our clients and our employees, and has allowed us to establish an open, closely-knit team that is non-hierarchical, autonomous, fast-paced and vibrant. We offer employees a range of benefits, including free therapy sessions and other health benefits. We also offer a cycle to work scheme, training budgets and additional perks for longer serving employees. Finally, we track all billable time and monitor employee workloads carefully. Our anti-slavery and human trafficking commitment is just as strong, and our statement on this subject can be found in the footer of our website and at the link below: https://www.jbidigital.co.uk/terms/anti-slavery-human-trafficking-statement/ The board of directors has overall responsibility for ensuring that this policy complies with the agency's legal and ethical obligations. The directors also have day-to-day responsibility for implementing this policy, monitoring its use and effectiveness and auditing internal control systems and policies and procedures to ensure they are effective in preventing or remediating the risk of modern slavery.

Pricing

Price
£640 to £1,320 a user a day
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@jbidigital.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.