Differentia Consulting

Configurable Platform as a Service

Build or extend Business Applications with ease. Our configurable platform is a composable cloud application development and hosting environment using no-code interfaces to enable users to build data-centric, interconnected applications. These applications either augment or replace the dependency on other SaaS-based point solutions.

Features

• Application development and cloud hosting
• No-code builder
• Interconnected dynamic data layer
• Interoperability and integration
• Live messaging
• Custom workflows
• Push notifications
• Native mobile app
• Real-time reporting
• Access anywhere

Benefits

• Consolidate digital estate into a single platform
• Develop new applications in minutes/hours rather than months/years
• Create native mobile apps without any additional effort
• Drag-and-drop development - no need for large development teams
• Pull/push data in/out of the platform with ease
• Build Meta Business Suite marketing solutions
• Custom interfaces to augment legacy functionality
• Replace case-management solutions
• Vendor management solution

£15 to £50 a unit a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@differentia.consulting. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

318613164286542

Contact

Mari Vartiainen
+44 1494 622600
tenders@differentia.consulting

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements:
  • Modern browser with internet connectivity
  • IOS/Android (mobile app only)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Triage of questions High/Med/Low = 1hr/8hrs/24hrs
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Testing carried out by web chat vendor
• Onsite support: Yes, at extra cost
• Support levels: Case priorities are assigned based on the criticality of the issue: * P1 = Cyferd; Platform is completely inaccessible * P2 = One or more key features of the; Cyferd Platform are unusable * P3 = Any other case where the Cyferd Platform; is not operating as documented, or performance has degraded materially * P4 =; All enhancement requests Initial Response & Acknowledgment: * 15-minute; triage to identify P1 * 4 hours for other priority levels * Target resolution by case; priority * P1: 4 hours * P2: Two business day * P3: 6 weeks * P4: Reasonable; endeavours, Escalation, by case priority * P1: Support Manager: Immediate,; SVP: 1 business day * P2: Support Manager after 1 business day, SVP after 1; week * P3: SVP Product Management reviews all open bugs monthly * P4: SVP; Product Management reviews all enhancement requests quarterly Email Status; Updates for Open Cases, by case priority * P1: Daily * P2: Weekly * P3: None *; P4: None
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Customers will be provided with access to their environment and will be; given an orientation of the platform by their primary technical contact,; including details of how to request help and raise support tickets. Cyferd; Customer Success managers will work closely with customers to help to; ensure that they have a smooth on-boarding by assisting with planning,; workshops, enablement, and other critical tasks required to getting the; first projects off the ground successfully. Professional services and; formal training can be purchased to accelerate projects.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The standard offboarding procedure ensures that customers’ data will be; available for migration out of the platform through industry standard; mechanisms during a 1-month grace period following the termination of; the agreement.
• End-of-contract process: The customers’ tenant will be permanently deleted at the end of the; grace period. Any apps built can be exported (via the metadata definition; of each app) and saved outside of the platform during the grace period.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile app is geared around end-users accessing the; platform and consuming apps. The admin tools (no-code; builders) are only accessible on web.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: API can be used to push/pull data into the platform and to; trigger flows (dependent on user permissions)
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The platform allows users to quickly create, edit and delete; apps using a simple no-code builder. All apps, data definitions,; views, and flows can be edited. The platform is fully; customisable.

Scaling

• Independence of resources: The Compute Tier of the Cyferd product is deployed on Kubernetes. Excessive node utilisation can trigger deployment of additional nodes and horizontal scaling of the deployment to provide more capacity.

Analytics

• Service usage metrics: Yes
• Metrics types: Billing is based on a Platform Fee plus Service Utilisation, and retained for 18 months.; Feature utilisation for non-standard capabilities, Bytes moved and time taken to perform operations in the Compute tier, daily snapshots of Storage utilisation.
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Cyferd

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: AES 256 - GCM on host, Least priv roles for entitled users only. These groups of users are set by system owners and audited on a scheduled basis.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported from the platform at any point through the use of flows. These can be triggered on-demand, upon records being created/updated, or on a schedule. This can be done through cloud/on-prem database connectors or via custom API endpoints. On-prem integrations requires the use of the on-prem data connector.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: These data segments are protected by Security Groups rules that prevent overlap and are audited by our SecOps team.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: The network is also monitored via our SIEM solution and end point solution.

Availability and resilience

• Guaranteed availability: SLAs are described in the commercial agreement, but the platform is required to be available at least 08:00-19:00 UKT Mon-Fri
• Approach to resilience: Compute Tier components are deployed on a multi-zone Kubernetes cluster; Storage Tier components are implemented in ReplicaSets that guard against the loss of a zone.
• Outage reporting: Planned outages are communicated via email and on the website. Unplanned outages are notified via online popup on the platform and via online status page.

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Management interfaces are available to authenticated users who are a member of one/several product-internal Roles. The product is further evolving to provide restricted delegated administrative functionality eg. narrowing the scope of a Developer or Application Administrator.
• Access restriction testing frequency: At least once a year
• Management access authentication: Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • In Progress ISO9001:2015
  • In Progress 27001:2013
  • In Progress ISO28000:2022 (new)
  • NIST CSF

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus and alignment to ISO27001 Including; ISO27017, ISO27018 & ISO27701
• Information security policies and processes: ISO27001 ISMS and ISO27017 PIMS, we align to NIST 800-53 also. Cyferd approaches the governance through risk based methodology set out in the NIST RMF, NIST CSF and alignment through the ISO standards. These are also accompanied by the NCSC guidelines.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change control is managed and owned by the Change Advisory Board (CAB), this senior mgmt committee validate, verify and approve all managed change requests that meet the requirements through ITIL v4 and ISO9001.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability Management is via our online provider and scheduled on an occurring basis, the outputs of this report are fed into our SIEM solution that categorises the criticality and alerts on HIGH criteria. These alerts are visible within the portal for analysts and departmental heads.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Cyferd implements a SIEM solution that is monitored by our SecOps. The alerts from this monitoring solution have been fine-tuned to reduce false positives and enhanced with Threat Intel feeds.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Cyferd Incident Management is based on NCSC & SANS. Our SecOps are SANS GIAC certified and seasonal analysts.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  The Cyferd Platform delivers compute on-demand and as such reduces energy consumption compared to an always-on on-premise server.; Increased adoption of the platform will, by design, avoid the need for redundant application servers, thus, further reducing energy consumption.

Pricing

• Price: £15 to £50 a unit a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 1-month, no restrictions to the platform however not an open-trial

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@differentia.consulting. Tell them what format you need. It will help if you say what assistive technology you use.