The Virtual Forge

Data Solutions

The Virtual Forge provides a range of services from consultation, discovery, proof of concept build, solution design, and solution implementation. Each engagement is tailored to the specific needs of the client.

Features

• Business Use Case Consulting
• Technical Discovery
• Solution Architecture
• Data Model Design
• Data Processing and Engineering
• Application Integration
• Data Governance
• Data Visualisations

Benefits

• Combine data science with business analytics to extract data value
• Full service experience from consultation through to execution and support.
• Leverage repeatable automation of your infrastructure
• Create scalable, resilient, well architected systems to specifications
• Extensive experience with cloud systems
• Data quality review and recommendations

£0 to £150 an instance an hour

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at connect@thevirtualforge.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

399862614111249

Contact

The Virtual Forge
+44 (0) 207 078 8855
connect@thevirtualforge.com

Service scope

• Service constraints: Service constraints will vary depending on the scope of work.
• System requirements: System requirements will vary depending on the scope of work.

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Response times are based on the priority of the ticket:; - Priority1 = Immediate; - Priority2 = 2 working hours; - Priority3 = 8 working hours; - Priority4 = 24 working hours; ; Customers may purchase out of hours and weekend support at an additional cost, and response times will be agreed as part of that service.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our standard support offering includes:; - Access to Freshdesk ticketing system; - Access to onsite support; - Dedicated Account Manager; - Response times SLA; ; Our Premium offering additionally includes:; - Dedicated support staff; - 24x7 hotline for Priority1 incidents; ; Both offerings are priced separately per project, depending on the amount of support required each month.; ; Out of hours support; Unsociable hours, namely weekends and statutory holidays, and after 5.00pm on weekdays, will be charged at £300/month to have the service available.; ; If the customer uses the emergency call line, £200 will be charged for the call-out. This covers up to one hour of the support team member’s time. £150 will be charged for every whole or partial 30 minute period thereafter.; These rates are for the work the development team will have to perform in order to identify and resolve the problem.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A Data Sprint, is often used to scope a Data Solution. A Data Sprint is a limited engagement designed to provide clients the expertise needed to assess the business and technical aspects of a use case. In consultation with a client we will create a mutual understanding of what is needed to achieve the business goals
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: End of contract data extraction if required will be agreed at the time of scoping the Data Solution.
• End-of-contract process: End of contract process will be agreed at the time of scoping the Data Solution.

Using the service

• Web browser interface: Yes
• Using the web interface: Almost all data services have web portal interface, these will be specific to the project.; ; Configuration parameters of some services are only available from the CLI, SDK or API interface.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Will be dependent on the service being used.
• Web interface accessibility testing: All interfaces have been tested.
• API: Yes
• What users can and can't do using the API: API functionality will vary depending on the service being used.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Will be dependent on the service being used.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Provision of multiple instances. Auto-scaling in place for further instances if pre-agreed compute or latency thresholds are exceeded.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Encryption is managed by 3rd party, ie AWS or Azure, who are CSA CCM v3.0 compliant. AWS use AES-256 for the encryption protocol on data at rest.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Back up & Recovery is user specific
• Backup controls: We will work with the customer to define a suitable backup & recovery solution as part of the Bespoke Data Service.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Use infrastructure assuring 99.9% uptime
• Approach to resilience: We make extensive use of AWS's or Azure native resiliency and redundancy capabilities through leveraging multiple Availability Zones through load balancers for servers and (where possible) distributed databases or read replicas. This is further supported by 'warm' backup regions in case of a disaster recovery scenario.; ; Details of Amazon SLA's can be found here; https://aws.amazon.com/compute/sla/
• Outage reporting: Outage reporting is configurable to requirements the following reporting services are available.; Public dashboard; Email alerts; Text messages

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
  • Other
• Other user authentication: Typically username and password, but MFA also available.
• Access restrictions in management interfaces and support channels: Username and password. Resets only available directly to user via their email.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Devices users manage the service through:
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 21/12/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Company Information Security Policy must be signed by all employees, and is updated regularly.; CTO – The company’s Chief Technology Officer is responsible for corporate-wide IS system planning, implementation, and execution.; Information Security Manager – The IS Manager is responsible for the company-wide datacenter and network infrastructures.; DevOps Engineers – The DevOps Engineers are responsible for all enterprise business systems.; Internal Users -- All members of the the company User Community are required to familiarise themselves with the policies outlined in the The Company Employee and Contractor IS Policies document.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes are managed via the change control process to ensure projects remain within approved constraints. Change proposals are agreed with the client, completed by the individual who identifies the need for a change, then submitted to us. The project team then assesses the impact of the change. The request is submitted to the change control board with the project team's findings to be reviewed. If the change is approved, all project documentation must be updated and the change must be communicated to all stakeholders. Some changes may also require re-alignment of the project costs, schedule, or scope.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats are monitored using an IDS provided by AWS/Azure along with the standard protection offered by AWS/Azure. Patches are routinely applied with urgent hotfixes applied the same day as a threat is identified. Threat information is monitored from AWS and industry leading security boards and alert feeds.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: This is managed by AWS/Azure on our behalf.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are managed via a ticketing system.; Information and FAQs are available via the ticketing system to help with common issues. Canned responses are prepared for common issues. Users report incidents via email or through ticket portal. Responses are given according to pre-defined SLAs. RCAs are available for critical issues. Ticket reports are available at client request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Amazon Web Services and Microsoft Azure
• How shared infrastructure is kept separate: Different accounts for different clients on AWS or Azure specific to client requirements; Clients have separated AWS or Azure instances.; AWS and Azure assure security of the cloud.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Amazon is committed to achieving 100% renewable energy across our global infrastructure.; https://aws.amazon.com/about-aws/sustainability/; ; Microsoft Azure is committed to carbon negative by 2030, 100% renewable energy by 2025 ; https://www.microsoft.com/en-us/sustainability

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Fighting climate change The Virtual Forge are committed to ● Complying and keeping up to date with environmental legislation ● Preventing pollution ● Continually working to reduce our environmental impacts – minimising waste produced, minimising our energy use, training staff and encouraging greener transport options Specific areas where we are working to reduce our environmental footprint: ● Working with our staff and building users to make all of the building’s operations as environmentally friendly as we can, heating and lighting our premises efficiently ● Investigating how much waste we generate, using segregation to enable higher rates of recycling ● Looking at how people travel to and from our site: encouraging public transport and cycling ● Looking at what we buy – sourcing goods with low environmental impact and working with local suppliers wherever possible

  Equal opportunity

  Equal opportunity The Virtual Forge Limited is committed to achieving a working environment which provides equality of opportunity and freedom from unlawful discrimination on the grounds of race, sex, pregnancy and maternity, marital or civil partnership status, gender reassignment, disability, religion or beliefs, age or sexual orientation.

  Wellbeing

  Health and wellbeing initiatives run throughout the year encouraging the wider VF family & friends to get involved.

Pricing

• Price: £0 to £150 an instance an hour
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at connect@thevirtualforge.com. Tell them what format you need. It will help if you say what assistive technology you use.