EFICODE UK LIMITED

Eficode ROOT DevOps Platform

Eficode ROOT is a managed DevOps toolchain, providing specialised support and managed tools for GitLab, GitHub, Atlassian, and more, tailored to your unique toolchain requirements. Offering 24/7 expert support, it automates workflows, ensures top-tier security, and guarantees operational excellence, paving the way for DevOps success.

Features

• Integrated Version Control, CI/CD, Testing, Deployment, Monitoring Tools.
• Secure, Customizable, Scalable Full Administrative Access Infrastructure.
• Cloud-Hosted, On-Premise, Hybrid Environment Options Available.
• Data Encryption, GDPR, ISO27001, ISAE 3402, SSO Security Measures.
• 24/7 Expert DevOps Support, Dedicated Manager, Custom SLAs.
• Proactive Incident Management with In-Depth Analytics, Monitoring.
• Tailored Workflows with Customizable CI/CD Pipelines.
• Ongoing DevOps Enhancement via Continuous Improvement Resources.
• Streamlined Integration with Major DevOps Tools.

Benefits

• Automated DevOps Pipeline Accelerates Software Development Cycles.
• Focus on Core Development Without Infrastructure Worries.
• Robust Disaster Recovery Ensures Business Continuity, Data Protection.
• Supports Growth with Flexible, Scalable Platform.
• Enhanced Security Posture with Comprehensive Compliance, Security Features.
• Economically Adapt Infrastructure for Cost-Effective Scaling.
• Access DevOps Expertise for Workflow Optimization, Issue Resolution.
• Facilitates Team Collaboration on a Unified Platform.

£3,840 a unit a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at licensing_uk@eficode.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

298543940085861

Contact

Jon Olsen
+44 (0) 845 459 9530
licensing_uk@eficode.com

Service scope

• Service constraints: Eficode ROOT is available for deployment in both private and public cloud environments, as well as on-premise installations. For on-premise setups, our service team manages platform tools remotely, focusing our responsibilities and SLA on application layer tooling. Hardware and OS layers in these instances are managed by the customer or a third-party.
• System requirements:
  • Public cloud access setup if own tenancy
  • Access to existing applications in scope for migration

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Eficode responds to critical incidents (Priority 1) within 2 hours, 24/7. For severe (Priority 2), important (Priority 3), and medium (Priority 4) queries, responses are during support hours, with response times ranging from 2 to 8 hours. Support is not available during local national holidays. Weekend support covers only critical incidents, ensuring round-the-clock assistance for urgent issues. Response and resolution times vary by priority level, with detailed service levels tailored and documented per customer agreement.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Eficode ROOT offers a tiered support system, categorized by incident severity from Priority 1 (Critical) to Priority 5 (Low). Critical support (Priority 1) is available 24/7, including weekends, with a 2-hour response time for incidents that prevent service usage. Severe (Priority 2) to Medium (Priority 4) support responses range from 2 to 8 hours during support service hours, excluding local national holidays. Development support (Priority 5) has a 16-hour response time within support hours.; ; Support costs and the inclusion of a technical account manager or cloud support engineer are customized based on client needs. The service accommodates up to five named key persons for basic access when user counts are below 500, with additional access granted for every 250 additional users. Specific costs for different levels of support, including the provision of a technical account manager or cloud support engineer, are determined on a case-by-case basis and detailed in the annex of the Eficode ROOT end-user agreement. This tailored approach ensures that support levels and costs directly align with the unique requirements and scale of each customer's operations.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Eficode ROOT supports users beginning their service with comprehensive onboarding, tailored to integrate seamlessly with existing DevOps toolchains and project data. Our approach includes:; ; Tool-by-Tool Onboarding: We meticulously migrate data from each selected tool, ensuring they remain operational within your legacy toolchain until complete migration.; ; Team-by-Team Onboarding: In collaboration with the customer, Eficode transitions projects to the ROOT environment on a project-by-project basis, allowing for a smooth transition and minimal disruption.; ; This dual methodology accommodates various tool types, recognising that some require immediate, one-shot migrations, while others benefit from a phased, team-by-team approach. Whether onsite or online, Eficode provides training and user documentation to ensure a smooth adoption process, catering to the specific needs and timeline of each customer.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: When the contract ends, users can extract their data through the off-boarding process, tailored to their specific needs:; ; Access Granting: Eficode provides access to the environment and documentation to the customer or a designated third party.; ; Environment Handover: The existing environment is structured for easy takeover by the customer without migration.; ; Migration Assistance: If migration is necessary due to customer demands, Eficode offers assistance, including data dumps.; ; Handover and Training: Eficode conducts a comprehensive handover, including final access, data dumps, and up to 10 days of support.; ; Additional Assistance: Further help or training can be provided based on customer orders, billable by Eficode.; ; Data Destruction: Upon completion, Eficode permanently destroys all copies of customer data using secure methods, ensuring irretrievability.; If the service is permanently shut down, users communicate their preference for data preservation. Eficode packages and transfers the data securely or destroys it irreversibly, as per the customer's instructions.
• End-of-contract process: At the end of the contract, the off-boarding process begins, ensuring a smooth transition:; ; Access Granting: Users receive access to their environment and documentation.; ; Environment Handover: The existing setup is designed for easy customer takeover.; ; Migration Assistance: Eficode provides migration aid if needed, including data dumps.; ; Comprehensive Handover: Final access, data dumps, and up to 10 days of support are provided.; ; Additional Support: Further assistance or training is available upon request, with associated costs.; ; Data Destruction: Eficode permanently erases all customer data using secure methods.; ; Included in the contract price are basic services like initial setup, access, and standard support. Additional costs may apply for specialized assistance, training, or extended support beyond the standard offering.; ; More information can be found in: https://eficodemsdocs.refined.site/space/ER/1608415/Off-boarding

Using the service

• Web browser interface: Yes
• Using the web interface: Eficode ROOT offers a web interface, enabling users to efficiently manage their DevOps environments. Users can set up their service by configuring CI/CD pipelines, integrating with tools like Atlassian, GitLab, and Jenkins, and establishing project settings. The interface allows for real-time modifications, including updating workflows, project configurations, and tool integrations directly.; ; However, certain limitations exist:; ; Highly complex customisations or advanced integrations might require assistance from Eficode’s technical support or use of API/command-line tools.; ; Access to setup or modification features is governed by user roles and permissions, with some actions restricted to administrators to ensure system integrity and security.; ; The web interface is crafted to be intuitive, supporting a comprehensive range of functionalities while safeguarding against unauthorised changes and maintaining operational security.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Accessibility Features are within hosted applications and NOT the Eficode ROOT service.; ; Keyboard Navigation: Users can navigate through the interface using keyboard shortcuts, enabling those unable to use a mouse to access all functionalities.; ; Screen Reader Compatibility: The interface supports screen readers, allowing visually impaired users to receive audible feedback on the content and actions available.; ; Contrast and Font Adjustments: Offers high contrast modes and the ability to adjust font sizes for users with visual impairments.; User Capabilities:; ; Setup and Configuration: Users can set up projects, configure CI/CD pipelines, and integrate third-party tools via accessible forms and menus.; ; Making Changes: Allows for editing project settings, user roles, and workflow configurations using straightforward, accessible input methods.; ; Constraints:; ; Advanced Customizations: Some deeper system customizations may not be fully accessible from the web interface and might require direct support assistance.; ; Role-Based Access: Certain actions within the interface are restricted by user roles, limiting access to specific functionalities based on permissions.; ; The web interface strives to be inclusive, providing an accessible experience for all users while ensuring comprehensive functionality for managing DevOps tasks.
• Web interface accessibility testing: This is the responsibility of the application suppliers.
• API: Yes
• What users can and can't do using the API: API access is dependant on the specific applications hosted, for which there may be limitations and exclusions.
• API automation tools:
  • Ansible
  • Chef
  • Terraform
  • Puppet
• API documentation: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Hosted applications are segregated from other users. Dedicated hosting is in place.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Atlassian, GitLab, GitHub, Jenkins, SonarQube, JFrog, Ansible, Sonatype.

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Never
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Virtual Machines
  • Databases
  • Repositories
  • Applications
• Backup controls: Data is stored in Eficode-controlled locations, not on laptops unless necessary. Commonly stored data includes access keys and configurations. Customer-centric data is stored only within platform systems, not externally. Eficode ROOT's Access policy determines data retention, typically matching the duration of need. Diagnostics data like logs may be retained longer for legal compliance. Storage policies depend on hosting partners or cloud providers, with functional data deleted upon request. Diagnostics data may be kept longer. Specific storage durations are available upon request.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Eficode ROOT offers tailored SLA options to meet specific customer needs, ensuring a high level of service availability. The exact level of guaranteed availability varies, designed to align with diverse requirements and ensure optimal system performance. For detailed information on the specific availability guarantees, it's recommended to consult directly with Eficode. Further details can be found in our Support and SLA options documentation: https://eficodemsdocs.refined.site/space/ER/1605751/Support+and+SLA+options
• Approach to resilience: Eficode ROOT emphasises security and resilience in its design, incorporating regular updates and patches to maintain system integrity and security. While specific details about data center resilience and setup aren't disclosed publicly for security reasons, Eficode indicates a readiness to provide such information upon request. This approach aligns with the principle of asset protection and resilience, ensuring that infrastructure and services are robust against disruptions. For more comprehensive details on Eficode ROOT's approach to resilience and security, please refer to our security documentation: https://eficodemsdocs.refined.site/space/ER/1605881/Eficode+ROOT+Platform+security
• Outage reporting: Incidents are logged with customers informing them of an outage via the service manager, as well as the status page in the Eficode Journey portal.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: At Eficode ROOT, access to management interfaces and support channels is strictly controlled through role-based access controls, ensuring only authorised personnel have access. This approach is integral to our security framework, safeguarding sensitive information and systems.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: KPMG
• ISO/IEC 27001 accreditation date: 29/09/2023
• What the ISO/IEC 27001 doesn’t cover: .
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISAE 3402 type 2 (SOC 1 type 2)

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Eficode ROOT adheres to industry-leading information security standards, incorporating a robust framework of policies and processes. Our commitment is evidenced by relevant certifications (ISO27001, ISAE 3402 type 2), ensuring a secure and reliable service for clients. These certifications validate Eficode's dedication to maintaining high security and compliance standards.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Eficode ROOT's configuration and change management approach is designed to ensure the security and reliability of its services. Components are meticulously tracked throughout their lifecycle, and changes are carefully assessed for potential security impacts. This process is part of their broader commitment to maintaining a secure and effective service environment. For more detailed information, please refer to the Eficode ROOT Security Controls documentation: https://eficodemsdocs.refined.site/space/SEC/1867789/Security+Controls
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Eficode ROOT's vulnerability management process involves assessing potential threats, deploying patches promptly, and sourcing information about threats from reputable security channels. This comprehensive approach ensures that services are protected against the latest vulnerabilities. For detailed insights into their process, please refer to Eficode's Security Controls documentation: https://eficodemsdocs.refined.site/space/SEC/1867789/Security+Controls
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Eficode ROOT employs advanced monitoring and incident management processes to ensure the security and integrity of its services. They focus on promptly identifying potential compromises and have a structured approach to respond swiftly to incidents, minimizing impact. For specific details on how they identify, respond to potential compromises, and the response times, please consult Eficode's detailed Monitoring and Incident Management documentation: https://eficodemsdocs.refined.site/space/ER/1605746/Monitoring+and+incident+management
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Eficode ROOT has predefined processes for common incident events, allowing users to report incidents through designated channels. Incident reports are provided to users, ensuring transparency and communication throughout the incident management process as per: https://eficodemsdocs.refined.site/space/ER/1605746/Monitoring+and+incident+management

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Amazon Web Services, GCP, Hetzner, Azure.
• How shared infrastructure is kept separate: Eficode ROOT utilises advanced virtualisation and containerisation technologies to ensure that different organisations sharing the same infrastructure are kept apart. This architecture guarantees a high level of isolation and security, in line with industry best practices and compliance standards, ensuring that data and processes remain secure and isolated for each organisation.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Eficode services support businesses to leverage technology to tackle some of the world's biggest problems, including climate change. Please see a case study of how we helped one customer do just that: https://www.eficode.com/cases/puro.earth; ; Through our work we help our clients reach ; their carbon-neutral goals, we advise and assist them in transitioning to more environmentally friendly and resource-efficient infrastructure. In our latest sustainability report, Kristina from our managed services team explains how we aim at transitioning customers from their own data centers to utilising colocation and cloud service data centers. Recently, we’ve undertaken a significant initiative to encourage our clients to join shared ecosystems such as Atlassian Cloud, aiming to ; minimize their environmental footprint. Over the past year, we’ve actively assisted our largest clients in planning their migration to the cloud by optimizing their resources. This involves actions like scaling ; down staging environments during off-hours, transitioning CI/CD workloads to more on-demand ; usage through cloud services, and removing unnecessary services. Importantly, we procure services from partners committed to carbon-neutral objectives, aligning with our sustainability goals. This strategic approach not only enhances operational efficiency but also contributes to a more ; environmentally responsible and resource-efficient infrastructure for our customers.; ; Eficode has both an internal Code of Conduct and a Supplier Code of Conduct that sets out the behaviors and actions we expect and encourage within our employees and our supply chain. This includes commitments to security, business ethics and integrity, fairness and transparency and positive contributions to people and the planet.

  Covid-19 recovery

  Eficode is a high growth business operating within the services industry. The services industry currently holds over an 80% share of the UK economy. Eficode currently employs c. 600 people across the group and is projected to increase this to 1000 by 2027. Approximately 10% of these news jobs will be created within the UK operations. Additionally, Eficode engages a number of small to medium sized local businesses within its supply chain and its demand for services from these local businesses increases with Eficodes growth.; ; Eficode runs and supports a number of programs that assist people in re-training and/or returning to work following unemployment. Of note, we donate all of our e-waste to a local charity that uses it to re-train young people suffering from unemployment in the skills required to securely manage e-waste and refurbish or recycle hardware. In-house we provide apprenticeship programs and internships as well as working with local schools to provide work experience. We partner with Community Interest Company Not for Profit STEMazing to provide workshops in schools to encourage people into STEM careers. In conjunction with our EU entities we also provide a DevOps academy that provides hands-on technical work experience and skills, many cadets have progressed to start careers within Eficode following the program or have successfully used the program to springboard their careers in DevOps.

  Tackling economic inequality

  Eficode engages a number of small businesses within its supply chain to provide supporting services such as technical consultancy, marketing, and technical tool solutions. In the delivery of our own services, as well as supporting large clients, we support small businesses to grow. Here is a relevant case study: https://www.eficode.com/cases/specshell-case; ; Eficode has an equality diversity and inclusion policy and program that has a heavy focus on ensuring equity within the recruitment process. This includes ensuring all job adverts use inclusive language, that remote or hybrid working options are provided as standard widening the locations we can hire from, and that only the minimum qualifications required for the role are requested focusing on hiring for attitude and not aptitude. Eficode provides comprehensive training to all managers in unconscious bias and equality diversity and inclusion. ; ; Eficode provides apprenticeship programs and internships as well as working with local schools to provide work experience. We partner with Community Interest Company Not for Profit STEMazing to provide workshops in schools to encourage people into STEM careers. In conjunction with our EU entities we also provide a DevOps academy that provides hands-on technical work experience and skills, many cadets have progressed to start careers within Eficode following the program or have successfully used the program to springboard their careers in DevOps. Eficode also provides all employees with an annual training budget of £2500 to increase their skills and knowledge relevant to the sector and their role, in addition to paying for professional/technical training and qualifications, memberships and subscriptions necessary for their role. Eficode also offers free books and udemy courses to all employees. ; ; Through delivery of our services we support the internal teams of our customers to develop their own skills through training and mentoring, empowering them to add value within their organisations.

  Equal opportunity

  Eficode has an equality diversity and inclusion policy and program that has a heavy focus on ensuring equity within the recruitment process. This includes ensuring all job adverts use inclusive language, that remote or hybrid working options are provided as standard limiting barriers, and we invite all applicants and existing employees to inform us of any adjustments we can make to improve working conditions. Eficode provides comprehensive training to all managers and employees in unconscious bias and equality diversity and inclusion.; ; Eficode provides apprenticeship programs and internships as well as working with local schools to provide work experience. In conjunction with our EU entities we also provide a DevOps academy that provides hands-on technical work experience and skills, many cadets have progressed to start careers within Eficode following the program or have successfully used the program to springboard their careers in DevOps. Eficode also provides all employees with an annual training budget of £2500 to increase their skills and knowledge relevant to the sector and their role, in addition to paying for professional/technical training and qualifications, memberships and subscriptions necessary for their role. Eficode also offers free books and udemy courses to all employees. ; ; Eficode has both an internal Code of Conduct and a Supplier Code of Conduct that sets out the behaviors and actions we expect and encourage within our employees and our supply chain. This includes commitments to security, business ethics and integrity, fairness and transparency and positive contributions to people and the planet.; ; Eficode has worked with many clients to leverage technology in reducing inequality. Here is a relevant case study: https://www.eficode.com/cases/turku

  Wellbeing

  Eficode UK was voted Best Small Company to work for in 2023, something we are very proud of. A huge part of this achievement is due to the investment we make in looking after our people. Eficode provides a range of benefits to support employees wellbeing, physical and mental health, including access to mental health first aiders, private health care, cycle to work scheme, free meals, healthy snacks onsite, comped holistic therapies, free flu jabs, free books, a program of complimentary sessions such as virtual yoga, financial advice and access to apps such as headspace. We provide a generous work from home budget in addition to a range of standard equipment provided as standard so that employees can maximize the benefits from working from home, as well providing an engaging office space for those who wish to enjoy the social elements and onsite benefits of hybrid working. All employees are given three paid volunteering days per year to support them in giving back to the community in any way they like, in addition to being able to take part in organisation led initiatives such as an annual shoe box appeal, Christmas card scheme, beach cleans and other community based events and volunteering. ; ; Eficode has both an internal Code of Conduct and a Supplier Code of Conduct that sets out the behaviors and actions we expect and encourage within our employees and our supply chain. This includes commitments to security, business ethics and integrity, fairness and transparency and positive contributions to people and the planet.

Pricing

• Price: £3,840 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at licensing_uk@eficode.com. Tell them what format you need. It will help if you say what assistive technology you use.