Simpson Associates Information Services Limited

DevOps Framework

Simpson Associates' DevOps Framework provides a secure and standardised approach to setting up your DevOps platform with Azure. DevOps processes are a vital part of any solution and our framework has been designed to accelerate this development using automation, meaning your business can see real value delivered quicker.

Features

• No need for your users to have any prior knowledge
• Configuration-based
• Modular style of the solution allows for additional functionality
• Best practice processes and policies
• Security and governance controls
• Integrations with Azure
• Automated setup of DevOps components
• CI/CD processes
• Source and version control

Benefits

• Reduce the time and effort to configure DevOps
• Automate CI/CD processes for more consisent and repeatable deployments
• Increase efficiency across the business
• Increase collaboration between development and operations teams
• Utilise source and version control auditing, collaboration, and code history
• Leverage Simpson Associates' expert knowledge

£6,000 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@simpson-associates.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

361599724312844

Contact

Alex Gill
01904 234 510
gcloud@simpson-associates.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Azure DevOps
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No.
• System requirements: Azure DevOps Tenant

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 2 Hours during weekdays
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our help desk is available from 9:00am to 5:30pm, weekends and bank holidays excluded. • Calls may be logged 24 hours a day and 7 days a week on our help desk portal. The response time will start from the start of the next working day. • Calls must be logged by the customer in one of the following ways: - Email, Telephone or Web Portal • The call first response time will be no longer than two hours and often much quicker. • Support calls will be prioritised as follows: o Priority 1 – the system is unusable with no work around. o Priority 2 – the system is unusable with an agreed work around or a critical error2 without a work around. o Priority 3 – all other issues • Incidents will be resolved in the following time-scales: o Priority 1 incidents we will endeavour to provide a fix or work around within 2 working days. o Priority 2 incidents we will endeavour to provide a fix or work around within 2 working days. o Priority 3 incidents we will endeavour to fix or find a work around within 5 working days.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Full product documentation with in application guides
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data will be supplied in a csv file format as a simple data extract
• End-of-contract process: All end of contract services will be described in an exit plan and form part of the costs of service.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Bespoke configuration of DevOps elements that are required as part of the delivery.

Scaling

• Independence of resources: Separately allocated resources

Analytics

• Service usage metrics: Yes
• Metrics types: Usage of the platform
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Download in CSV or PDF formats
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: See Microsoft's Online Service Terms at http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=13655
• Approach to resilience: Please see https://www.microsoft.com/en-us/cloud-platform/global-datacenters and https://www.microsoft.com/en-us/TrustCenter/
• Outage reporting: Please see https://azure.microsoft.com/en-us/status/ and https://portal.azure.com/#blade/HubsExtension/ServicesHealthBlade

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: "Azure-AD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licenses, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organization has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell.; ; https://docs.microsoft.com/en-us/azure/active-directory/active-directory-assign-admin-roles"
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Centre for Assessment
• ISO/IEC 27001 accreditation date: 20/04/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our information policy information ensures that data exchanged with other organisations is protected against unauthorised access and disclosure and complies with all regulations.; ; This applies to all forms of communications and information exchange including voice conversations in person or by telephone, video and email communications, Instant messaging etc.; ; Suitable security measures such as (egress filtering on firewalls) is implemented to minimise the risk of transmission of malicious code.; ; Employees should not compromise or disadvantage Simpson Associates or bypass other controls through types of communication, for example by email defamation, harassment, impersonation, forwarding of chain letters, making unauthorised purchases or contractual agreements etc.; Suitable cryptographic techniques are used to protect the confidentiality, integrity and authenticity of information this is outlined in the Cryptographic Controls Policy.; ; Employees must comply with retention and disposal requirements for all business correspondences in accordance with relevant policies and procedures. ; ; Enforcement will be managed through audit and spot checking by the support team.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to the service must be raised in writing via a standard Change Request Form.; Each Project Change Request is added to the Change Request Log; Each Change will be review and agreed with the client.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Vulnerability management is managed though our support desk who collaborate with their customer peers. Changes will be managed through the change management processes which dictate the speed by which patches are applied.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Upon receipt of a security-relevant event, an alert is triggered. A support analyst then determines whether the event represents suspicious activity and is therefore deemed a legitimate threat or not, and, if so notifies the relevant personnel, irrespective of the time of day.; ; Any compromise or suspected compromise will be reported to the security team to asses the appropriate response and subject to change management processes. Threat nature will determine response time.
• Incident management type: Supplier-defined controls
• Incident management approach: Application Support is provided on a 9x5.30 weekday basis as part of the solution. ; ; An ITIL-based Incident Management process is followed by the Support Desk in order to manage individual incidents. Update and Escalation timings are in line with the Incident Priority.; ; Reports can be made via email, service desk portal or phone. All incidents are tracked via an online ticketing systems available on a 24x7x7 basis for customers to track and report on incidents logged.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We prioritise sustainability as a guiding principle, shaping all endeavours to fight against climate change. We're committed to fostering a better future through sustainable business practices, encompassing environmental, social, and economic considerations into our service delivery. This includes promoting diversity, equity, safety, community support, ethical standards, and innovation for long-term success. We understand our responsibility to minimise our corporate carbon footprint, protect natural resources and contribute to the wellbeing of our planet for current and future generations. ; ; We strive to deliver successful projects whilst considering sustainability. Our Environmental policy will apply to all projects delivered by our organisation. In our pursuit of environmental sustainability and a healthier planet, we have put into effect multiple concepts that are embedded in our service delivery model including cloud computing, remote working and office sustainability. ; ; Our efforts to minimise environmental impacts in the areas of waste, water, energy and air quality include considering our equipment purchases, refurbishment, recycling and supply chain practices. ; ; We have committed to achieving Net Zero emissions by 2050 at the latest as pledged by our Managing Director. We are actively taking steps to achieve this aim and reduce our carbon emissions on this journey.

  Covid-19 recovery

  As local communities manage and recover from the impact of COVID-19 we have revised our approach to contract delivery and implemented activities that adapt to new ways of working. Since the pandemic we have adopted a remote work culture and our flexible working arrangements provide staff the opportunity to work flexibly and from any location (supported by modernised videoconferencing technology). Where travel is required, we advocate the use of public transport and/or car sharing. We regularly donate to foodbanks locally and nationally, particularly during school holidays in summer and winter to support those most affected. We also understand the importance of providing mental health support and sharing mental health resources to the many who were affected due to the pandemic. ; ; As a growing business we have an ambitious but realistic recruitment plan. We offer opportunities for apprenticeships, work placements and local employees in response to the business’ demand and our organic growth. For example, we have a graduate recruitment scheme and recruit 3-6 people annually to join the company and train as IT consultants. We also regularly recruit consultants at all levels.

  Tackling economic inequality

  At the heart of our organization lies a steadfast commitment to equality, driving us to implement a comprehensive strategy that addresses employment, skills, and pay disparities. We extend this pledge beyond our internal structure to encompass key subcontractors, recognizing the imperative of inclusivity throughout our operations. ; ; Our inclusive recruitment practices ensure a diverse array of candidates is considered for employment opportunities. Our skill-based assessments offer a fair and unbiased framework, evaluating individuals on merit and ability. ; ; Our strategy prioritises retention, fostering a workplace that attracts, develops, and retains talent. Structured interviews and transparent promotion processes contribute to an equitable culture, where every employee has access to growth opportunities. ; ; We champion industry placements and apprenticeships, actively supporting pathways for students. Our positive action schemes address pay grade disparities, reflecting our dedication to diversity at all levels. ; ; We’ve crafted a work environment that supports inclusivity, retention, and progression. From day one, all employees benefit from flexible working options, facilitating a balance between professional and personal life. ; ; A time-bound action plan, underpinned by continuous monitoring, ensures our workforce mirrors community diversity. We’re proactive in including women and those with protected characteristics in recruitment and promotion shortlists. ; ; Our recruitment integrates skill-based tasks and structured interviews, aligning with our ethos of fairness. Transparency is foundational, permeating our promotion, pay, and reward processes, and fostering openness and equal opportunity. ; ; Understanding the importance of flexibility, we ensure all roles are accessible from the outset, accommodating diverse needs. ; ; We maintain transparency in retention rates and conduct regular equal pay audits, underscoring our unwavering commitment to equality and fairness across the organisation.

  Equal opportunity

  We are committed to creating a workplace that maximises the potential of all our people - where everyone is valued and feels empowered to contribute to our success. Every employee has the right to be treated with respect and dignity. We have a zero-tolerance attitude to bullying, harassment or victimisation of any kind. We all have a personal responsibility to ensure that we treat others as we would like to be treated, and that our actions and interactions reflect our commitment to diversity and inclusion. Any breach will lead to disciplinary proceedings and, if appropriate, disciplinary action. We are an ‘equal opportunities’ employer and strive to ensure that no job applicant or employee receives less favourable treatment on the grounds of race, sex, marital status, sexual orientation, gender identity or expression, disability, age, political or religious belief, equal pay, or pregnancy and maternity. This list is not exhaustive. We may, as part of any equal opportunities monitoring activity, request that employees or candidates complete an Equal Opportunities Monitoring Form. This will be used solely for the purpose of monitoring equal opportunities. Our recruitment selection criteria and associated procedures are frequently reviewed and updated where necessary to ensure that individuals are selected, promoted and treated on the basis of their relevant merits and abilities.

  Wellbeing

  We have officially been named one of the UK’s Best Workplaces™ for Wellbeing (2023) by Great Place to Work®, the global authority on workplace culture. This prestigious accreditation follows a comprehensive audit of the organisation’s workplace culture, management and policies, where it excelled in creating an environment of wellbeing for its employees. ; ; The commitment of the leadership team has helped to make it a great place to work. Their compassion and commitment to the health and wellbeing of every employee is something to be celebrated and admired. ; ; We offer comprehensive benefits to all employees such as Private Medical cover (including access to Mental Health professionals), Ride to work scheme, Free Fruit in office, EAP (Employee Assistance Program), Tech Scheme (access to discounted technology), Flexible working, birthday and Christmas gifts. In addition we hold quarterly company social days to allow all employees to catch up and collaborate.

Pricing

• Price: £6,000 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@simpson-associates.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.