Transputec Limited

Application Lifecycle Managment

Transputec provides end-to-end cloud Application Lifecycle Management (ALM) services, including development, deployment, and support on AWS and Azure. Our comprehensive solutions streamline processes, enhance collaboration, ensure quality, and boost productivity, ensuring your applications run smoothly from conception to retirement

Features

• Azure DevOps
• AWS CodePipeline

Benefits

• Azure Board, Repos, Pipelines, Test Plans, Artefacts & DevOps
• Agile Project managment, Kanban board, Backlog and Sprint Planning
• AWS Fully managed CI/CD service, automated test and Dev plan
• AWS Pipeline Orchestration

£5 a unit a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at G-cloud@transputec.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

400274412617771

Contact

G-Cloud Team
0203 5886570
G-cloud@transputec.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Subject to agreement, 24x7x365
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Subject to the agreement 24x7x365; Fully Managed Service; Co-Managed Service (in collaboration with client existing IT team); Technical Account Manager ; Strategic Advisor
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training, online training and documentation and user guides
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Online Video
• End-of-contract data extraction: When transitioning away from Azure, users can export work items to Excel for comprehensive records of project tasks, clone Git repositories locally to retain version-controlled source code. Additionally, downloading build artifacts from Azure Pipelines safeguards compiled binaries and deployment packages. For projects utilizing Azure Test Plans, exporting test plans and results preserves testing data. ; ; In the case of AWS, For AWS CodeCommit, cloning Git repositories locally ensures the retention of version-controlled source code. Downloading build artifacts from AWS CodeBuild captures compiled binaries and deployment packages, while retrieving deployment packages from AWS CodeDeploy stores executable code and resources. Additionally, backing up repositories, build artifacts, and deployment packages to alternative storage mitigates potential data loss.
• End-of-contract process: When an Azure or AWS ALM service contract approaches its end, Firstly, data extraction is prioritized, involving the retrieval of work items, repositories, build artifacts, and test plans from Azure DevOps or AWS ALM services. Documentation of customizations, configurations, and integrations within the respective platforms is crucial for future reference and continuity.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: Yes
• Compatible operating systems: Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Web Interface & Integrated to Development environment like Visual studio.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: AWS offers service-specific APIs for its various DevOps-related services, such as AWS CodePipeline, AWS CodeBuild, AWS CodeDeploy, AWS CodeCommit, AWS CodeStar, and more. These APIs allow users to perform operations like creating pipelines, triggering builds, deploying applications, managing repositories, and monitoring deployments.; Azure DevOps provides comprehensive APIs that allow users to interact programmatically with various aspects of the Azure DevOps platform. These APIs enable automation, integration with third-party tools, and customization of workflows.
• API documentation: Yes
• API documentation formats:
  • HTML
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Both Azure and AWS offer comprehensive Application Lifecycle Management (ALM) tools with extensive customization features to cater to the diverse needs of developers and organizations. Azure DevOps allows users to customize workflows, define custom work item types, create custom pipelines with YAML or visual editors, integrate with third-party tools and services through REST APIs, and extend functionality through Azure DevOps extensions and integrations. Similarly, AWS ALM tools support customization through custom actions in CodePipeline, integration with AWS Lambda for running custom code, use of CloudFormation custom resources, integration with third-party tools and services, and leveraging AWS Partner Network solutions for specialized requirements.

Scaling

• Independence of resources: Service designed to scale with increased user demand

Analytics

• Service usage metrics: Yes
• Metrics types: Provided by vendor
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft & AWS

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Migrate application data to a new service. Methods and frameworks prescribed by the vendor.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Dependent on type Excel, Git, Backup in original file format.
• Data import formats: Other
• Other data import formats: Dependent on type Excel, Git, Backup in original file format.

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Azure DevOps offers a Service Level Agreement (SLA) with a 99.9% uptime guarantee for its services, including Azure Boards, Repos, Pipelines, Test Plans, and Artifact whereas AWS offers SLAs of 99.9% uptime per month.
• Approach to resilience: Multi zone and multi data centre replication configuration
• Outage reporting: Public dashboard

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Role based access provisions
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRGA Limited
• ISO/IEC 27001 accreditation date: 31st May 2023
• What the ISO/IEC 27001 doesn’t cover: Nothing relevant to this framework response
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: OSCP (Offensive Security Certified Professional)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO/IEC 27001:2013; CyberEssentials

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Configuration management - subject to agreement full lifecycle management; ; Change management - RFCs raised for Change Board Authority decision include security impacts including change to availabity, integrity and confidentiality, along with rollback plan - subject to sign-off from a technical, service delivery, security and commercial decision maker
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: "AWS Security performs vulnerability scans on the host operating system, web applications, and databases in the AWS environment. Approved 3rd party vendors conduct external assessments (minimum frequency: quarterly). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.; ; AWS Security monitors newsfeeds/vendor sites for patches and receives customer intelligence via http://aws.amazon.com/security/vulnerability-reporting/.; ; Security and Compliance is a shared responsibility between AWS and the customer, and the customer must perform some of the vulnerability management process. See https://aws.amazon.com/compliance/shared-responsibility-model/ for more details." Subject to agreement vulnerability management is delivered as part of the agreed scope of service.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Supplier provides full range of security services, tools and standards which can be enabled and configured.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Multiple approach:; User reports to service desk; Business continuity testing; Major incident post event assessment/lessons learned and remedial action; Retraining/traning

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Other
• Other public sector networks: ExpressRoute

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  ISO 14001:2013 certified; Science Based Targets Initiative registered; Transputec is committed to managing its CO2 emissions and is focused on working with its clients and suppliers to address Scope 3 emissions For more information please visit https://www.transputec.com/about-us/sustainability/

  Equal opportunity

  Transputec is and always has been a non-discriminatory organisation, employing a global workforce without bias or prejudice and are supportive of gender diversity Transputec is part of the Minority Supplier Development UK (MSDUK) Ethnic Minority Business (EMB) network. As MSDUK EMB suppliers we are part of a broad network of innovative, high growth minority owned businesses, providing an important role in the UK and international IT services supply chain..

  Wellbeing

  Transputec has an open approach to health and wellbeing, encouraging communication and understanding through wellbeing events delivered generally on an annual basis as well as community out reach and our international outreach programme; https://www.transputec.com/about-us/our-charity-partners/

Pricing

• Price: £5 a unit a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Details available upon request

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at G-cloud@transputec.com. Tell them what format you need. It will help if you say what assistive technology you use.