IT LABS D.O.O.E.L.

Software Development

Our cloud software development service encompasses the entire software development lifecycle, from initial concept and design to deployment and maintenance. These services are tailored to the unique requirements of clients. We are specialized in delivering software solutions in: EdTech, FinTech, Automotive, E-commerce, Gaming & Entertainment, Business Consulting, Legacy &Government projects.

Features

• Tailored software solution
• Automation and Digital Transformation
• Integration with other existing systems seamlessly
• API Development - Design, Implementation, Testing, Security, Versioning, Monitoring, Maintenance
• Performance Optimization
• UX/UI interface with focus on the targeted users experience

Benefits

• Flexibility in talent management - Pool of highly skilled resources
• Ability to ensure effective bench management that lowers labor costs
• Transferring risk with outsourcing product development
• Flexibility in access to new technologies
• IP preservation - NDAs in place
• Security compliance and personal data protection
• Transition of knowledge and well-maintained know-how
• Availability - Flexible working hours to overlap with the client
• Scalability - Software and talent that scale with the growth
• Cost-effectiveness on the long run with tailored digital solutions

£240.00 to £950.00 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at vendor@it-labs.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

385444676654075

Contact

John Abadom
+38923111033
vendor@it-labs.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: IT Labs provides plugin development for existing applications ensuring modularity and seamless integration and also provides full-stack applications either cloud or mobile-optimized.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: There are no predefined constraints on the service. Any constraints that may arise will be determined through consultation with the buyer during the requirements-gathering phase.
• System requirements: Currently no known limitations or depends on the buyer's requirements.

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Our email response times vary depending on the severity of the issue as outlined below:; - Normal: We aim to respond within 3 hours.; - High: We strive to respond within 1 hour, with a resolution target of 24 to 48 hours.; - Emergency: We prioritize immediate response within 15 to 30 min, with a resolution time (at least a quick fix) of less than 12 hours. ; - For complex issues, we provide estimated resolution times corresponding to each severity level.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All service level agreements (SLAs) and response times are tailored to meet the specific needs of customers. We offer flexible response times to ensure that support is available when required, including for operational purposes.; ; When tailoring SLAs, we consider the following: the business need for availability of the product, critical areas of the product, target audience, and the heaviest load of the system. We recognize issues with different severity and priority, and SLAs are built based on the business aspects and types of potential issues that could be encountered.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We aim to ensure a positive user experience by providing documented user manuals as walkthrough guides for how to navigate the interface, perform common tasks, and make the most of the software's capabilities, as well as video tutorials and training.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The client has full ownership of the data, and in the case they choose Software Development as a Service, they own the IP entirely. This means all data are stored on the client's servers.
• End-of-contract process: There is a procedure for offboarding a client, involving the return of all confidential data and the transfer of all required data to the client. No additional cost is associated with this process.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None and can be adapted according to client’s needs and requirements.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: We use different types of service interfaces either web services or API and define the service interface according to client's needs and requirements.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Qualified quality assurance (QA) engineers perform accessibility testing to ensure that software products and applications are usable by people with disabilities. This includes manual accessibility testing and testing with assistive technologies during the software development. In that way, the software product is ready to be used by users with disabilities once it's launched.
• API: Yes
• What users can and can't do using the API: Our API is fully Swagger compliant and secure behind a public private key. Only authenticated & authorized users can make changes through the API. The concrete features of the APIs are defined based on the customer's requirements.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Software development can be designed and customized according to the client's specific needs in terms of development processes, and software functionalities.

Scaling

• Independence of resources: Ensuring that the demand placed by some users doesn’t negatively impact others is a key aspect of building scalable and reliable web services. Here are some strategies we are using to guarantee consistent performance across all users:; ; Microservice Architecture: Breaking down applications into smaller, independent components that can run on multiple servers or containers to improve resilience.; ; Performance Monitoring and Auto-Scaling: Continuously monitoring the performance and automatically scaling resources up or down as needed based on current demand ensures that the system remains responsive regardless of user load.

Analytics

• Service usage metrics: Yes
• Metrics types: The actual service usage metrics are defined based on the customer’s requirements. The most used metrics are:; - Page Views; - Load Time; - Response Time; - Error Rate

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There is no need for the export of data, as the data are owned and accessed by the client at all times, residing on the client's servers. IT Labs only develops functionalities for exporting or uploading data by users tailored to client's requirements.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: PDF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: N/A
• Approach to resilience: The availability and resilience of the service can be effectively guaranteed through two key strategies: ; 1. Utilizing Cloud Services with 99.9% SLA: Leveraging cloud services that offer a Service Level Agreement (SLA) of 99.9% ensures that the underlying infrastructure and network are highly reliable. This SLA typically means that the cloud provider commits to having the infrastructure operational of 99.9% of the time across a given period, reducing the likelihood of downtime due to infrastructure failures.; 2. Applying Failover Strategies with Backup and Standby Replicas; Implementing failover mechanisms such as maintaining backup systems and standby replicas of the service enhances resilience. In case of a primary system failure, the application will automatically switch to a standby or replica system with minimal disruption. ; This is achieved with: ; Monitoring and availability metrics – monitoring the health and performance of the application, proactive management, and issues resolution.; Application to be hosted across multiple geo-diverse locations.; Load Balancing: distributing incoming traffic evenly across all healthy instances (servers, containers); Database Backups; Database Standby Instance in different geo-location
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Identity and Access Management system control access to cloud services/resources. MFA.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: TÜV NORD CERT GmbH
• ISO/IEC 27001 accreditation date: 06/06/2023
• What the ISO/IEC 27001 doesn’t cover: We are certified against ISO27001:2022 according to all SoA controls.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: IT Labs is certified according to ISO 27001 ISMS integrated with other ISO standards (20000-1, 9001, 14001). The information security procedures are based on all SOA controls. We have regular monitoring and ensure continuous improvement of the management systems including ISMS, conduct annual internal and external audits.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our configuration management process involves regular review and update of configuration settings for virtual machines, storage resources, networks and applications which ensures optimal performance, security and compliance. We have implemented robust monitoring and auditing mechanisms to track changes, detect anomalies and maintain an audit trail of configuration modifications.; We have established formal process for requesting, logging, approving, testing and accepting changes which ensure that change requests are well documented and aligned with business priorities and risk assessment.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We have effective vulnerability management process in place which includes several phases: Identification of vulnerabilities via vulnerability scanning tools, Risk assessment and prioritization based on severity and potential impact, Remediation which involves action to fix or mitigate the identified vulnerabilities, Vulnerability assessment report and rescanning and continuous monitoring.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Identification of potential compromises relies on effective logging and monitoring process. We are collecting data from event-driven logs, such as system logins, file access, network traffic, from host-based logs, such as file system events, running processes, program loads.; A potential compromise can be detected via the real-time alerts based on predefined rules which notifies the security team when suspicious activity occurs. The alert is investigated to determine its severity and in case off a genuine security incident isolation of the affected system or network segment is performed to prevent further spread. Response time is according to the incident severity.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have developed incident response playbooks with predefined steps based on different events such as ransomware attacks, phishing, malware and others. Users can report incidents through our ticketing system, or directly to the Security Officer via any communication channel in place. We put focus on the incident reports with predefined structure of timeline for the incident, impacted resources, users, systems, or services along with the actions taken, risk assessment, recommendations for improvement, root cause analysis and the lessons learned for preventing su

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  IT Labs is committed to fighting climate change by implementing sustainable practices across our operations. We are ISO 14001:2015 certified and compliant to all environmental requirements. Our data centers are powered by renewable energy sources, reducing carbon emissions and environmental impact. Additionally, we prioritise energy-efficient infrastructure and optimise resource utilisation to minimise energy consumption. By adopting eco-friendly technologies and practices, we contribute to mitigating climate change and preserving the planet for future generations.

  Covid-19 recovery

  In response to the Covid-19 pandemic, IT Labs leveraged G-Cloud services to support recovery efforts and facilitate resilience in affected communities. Our cloud-based solutions enable remote work, distance learning, and virtual collaboration, empowering organisations to adapt to new challenges and maintain continuity amidst disruptions. We provide scalable and flexible services to accommodate evolving needs, ensuring that businesses, healthcare systems, and public sector agencies can effectively navigate the recovery process and build resilience for the future.

  Tackling economic inequality

  IT Labs is dedicated to tackling economic inequality by promoting inclusive growth and economic empowerment. We offer cost-effective and scalable solutions that enable small and medium-sized enterprises (SMEs), larger enterprises and underserved communities to access technology resources and compete on a level playing field. Additionally, we prioritise diversity and inclusion in our supplier network and workforce, fostering opportunities for underrepresented groups and promoting economic diversity within the digital economy.

  Equal opportunity

  At IT Labs, we are committed to promoting equal opportunity by ensuring accessibility, diversity, and inclusivity in all aspects of our operations. Our solutions are designed to be accessible to users of all backgrounds and abilities, with features and functionalities that accommodate diverse needs. We actively recruit and support a diverse workforce, and we promote supplier diversity to create opportunities for minority-owned businesses and disadvantaged entrepreneurs. By fostering an environment of equality and inclusivity, we empower individuals to thrive and contribute to the digital ecosystem without barriers or discrimination.

  Wellbeing

  IT Labs prioritises user wellbeing through by promoting work-life balance, mental health, and personal development. Our solutions incorporate features that support employee wellness, such as flexible scheduling, remote work options, and wellness resources. We also offer training and development programs to support career growth and skill enhancement, promoting overall wellbeing and job satisfaction. Additionally, we invest in employee health and safety initiatives to create a supportive and inclusive workplace culture that prioritises the holistic wellbeing of our team members.

Pricing

• Price: £240.00 to £950.00 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at vendor@it-labs.com. Tell them what format you need. It will help if you say what assistive technology you use.