Skip to main content

Help us improve the Digital Marketplace - send your feedback

Sopra Steria Ltd

DevSecOps Strategy and Architecture

DevSecOps Strategy and Architecture service delivers end-to-end services to optimise digital development through secure development practices. Innovative maturity assessments lead adoption roadmaps which enhance the quality of applications and gain operational efficiencies. Sopra Steria assist tooling implementation, processes and embedding lasting culture required to successfully automate and manage DevSecOps delivery.


  • Maturity assessment and value stream map defining DevSecOps strategy
  • Application delivery automation incorporating CI/CD build and deploy pipelines
  • Digital delivery for cloud native Microservice and container architectures
  • Container orchestration management with Kubernetes and Operators
  • Infrastructure as code, application configuration and secure key management
  • Flexible deployments including auto-scaling, A/B testing and zero downtime
  • Dedicated or multi-tenant on public, private or hybrid cloud
  • Culture shift: continuous improvement, fail fast, innovation and agility
  • Automated integration, system, regression, static and dynamic security testing
  • Enhanced agile delivery culture through skills transfer


  • Best value DevSecOps that aligns IT and Business strategy
  • Optimised public money through reduced OPEX and CAPEX
  • Improved surety of outcome due to improved application quality
  • Use time to innovate rather than fix and maintain
  • Outcome assurance through enhanced delivery activity and issues reporting
  • Optimal and integrated frameworks and toolchains reducing technical debt
  • Reduced cyber-security business risk through automated security assurance
  • Talent retention and attraction through digital culture and methods
  • User centric outcome assurance through automated and continual testing
  • Supporting GDS and customers' Digital Scotland Service Standard DSSS assessment


£465 to £1,980 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

4 0 5 2 9 9 6 7 1 5 3 0 9 7 0


Sopra Steria Ltd Sopra Steria G-Cloud Team
Telephone: 0370 600 4466


Planning service
How the planning service works
Sopra Steria offers cloud design, planning and consultancy services across the transformation lifecycle to leverage full benefits of cloud adoption, including reduced costs, increased flexibility & scalability (meeting demand fluctuations) and improved availability (removing single points of failure). Our experienced consultants help clients identify requirements to reap maximum benefits, in the most cost-efficient way. We’re supplier and vendor agnostic, able to find the most appropriate solution for your requirements, whether private, public or hybrid cloud supporting Platform Infrastructure, Software as a service. We implement projects in a collaborative manner based around our proven iQ Business/Quality management system, acknowledging your governance, utilizing Agile, Waterfall or hybrid practices as appropriate. Our consultants can offer the following consultancy / planning services: Setting vision and strategy; Design and architecture services – end-to-end solution design; Identifying design inputs including policy, user needs, constraints, opportunities and organisational readiness; Developing a roadmap; Vendor analysis – assessing vendors to meet your requirements; Security assurance; Service management; Scaling, licensing and advisory services; Build and test. Please contact us, without obligation, for further information or to discuss your requirements.
Planning service works with specific services


Training service provided
How the training service works
We develop a skills and knowledge transfer plan at the start of each assignment which sets out our approach to upskilling both the immediate team we are embedded with and the wider organisation. If training needs are identified via training needs analysis, Sopra Steria has in an house team of training experts who are experienced in building and delivering courses in a wide variety of formats, all designed to meet customer needs and budgets. Training can be delivered on Sopra Steria premises, customer premises or online, supported by standard & bespoke documentation as required. Training can be delivered to management, stakeholders, end-users, project/delivery teams and trainers (‘train the trainer’ for self-sufficiency). We can work with any cloud provider and have considerable knowledge and expertise around Microsoft Azure and Amazon Web Services (AWS), including on some certified reseller and partner status. Please contact us directly, without obligation, for further information or simply to discuss your requirements.
Training is tied to specific services

Setup and migration

Setup or migration service available
How the setup or migration service works
Experienced consultants help clients plan the migration to ensure minimal risk and impact to service. Sopra Steria can guide the migration journey, from planning through to implementation and handover, both to the cloud for the 1st time or between existing cloud hosting providers, infrastructures and services. We have extensive capability and experience in cloud migration, our expertise in migration tools and processes eases transition from legacy to cloud-based applications, ensuring minimal downtime and improved efficiency. Sequencing complex transitions including moving applications whilst still maintaining integrity and integration with legacy systems (dual running). We will help buyers migrate by: Critically assess the migration pathway and develop detailed plans; Plan and deploy, connecting to legacy systems using APIs; Re-design legacy systems using cloud-based Microservice applications and APIs; API management, from design to implementation; API registry and API gateways development and build; Manage applications in containers; Providing necessary infrastructure and platforms for successful migration. Please contact us directly, without obligation, for further information or simply to discuss your requirements.
Setup or migration service is for specific cloud services

Quality assurance and performance testing

Quality assurance and performance testing service
How the quality assurance and performance testing works
Utilising our experienced in-house capability Sopra Steria is able to provide: Accessibility testing – for users who require assistive technologies; Application testing – Product integrity via bespoke automated or manual testing. Reporting on investigation results, bugs and issues; Data auditing – Data profiling against intended purpose; Load and performance testing – Infrastructure and applications under realistic loads; Process auditing – Review process integrity, take-up and applicability; Software auditing – Specifications and standards requirements and compliance; System auditing – Validity and suitability testing for IT architecture, configurations, practices and operations.
Our proven quality and business management system “iQ” governs everything we do and everything we deliver. iQ is certified to the following standards: ISO 9001:2015 (Quality Management), ISO 20000 (Service Management), ISO 27001 (Information Security Management), ISO 22301 (Business Continuity), ISO 44001 (Collaborative Business Relationship Management), and ISO 14001 (Environment). In addition, we also are certified to Cyber Essentials and Cyber Essentials plus and fully aligned to these industry best practice frameworks: ITIL 2011, CMMI for Service, CMMI for Development, Prince2 and APM accredited. Please contact us directly, without obligation, for further information or simply to discuss your requirements.

Security testing

Security services
Security services type
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
Other security services
  • Security accreditation and compliance support
  • GDPR assessment and compliance support
  • Security architecture support
  • Penetration testing, vulnerability management and scanning
  • Protective monitoring and threat intelligence
  • Access to additional specialist skills if required
  • A dedicated security practice available to work with you
  • We will tailor your requirements to individual needs
  • Please contact us without obligation to discuss your requirements
Certified security testers
Security testing certifications

Ongoing support

Ongoing support service

Service scope

Service constraints
There are no service constraints to detail here. Any constraints would be discussed once requirements were fully understood.

User support

Email or online ticketing support
Yes, at extra cost
Support response times
The speed and type of responses can depend on agreement with specific customers to meet their requirements and SLAs, also with the severity of any incident.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Support levels
Sopra Steria offers a full range of support and service management options, which can be tailored to meet specific client needs and scaled to match the required level of support depending on the service requirement. Any service requirements and associated solutions would be explored prior to any order.


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
DNV Business Assurance London, SE1 9LQ, United Kingdom
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Not Applicable
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Social Value

Fighting climate change

Fighting climate change

Sopra Steria (SSL) has committed to becoming Net Zero by 2028 and has been ranked in top 1% of companies globally by CDP placing on the A-list for our work tackling climate change 5 years running. Our work has a direct positive impact on client services, for example through lower emissions, reduced waste, more sustainable supply chains. Additional environmental benefits: We also provide contract-specific sustainability programmes for clients, designed, led by our Sustainability Consultants. During procurement, these experts will develop a sustainability programme based on client objectives, the material impacts, and opportunities within the service. We have experience: undertaking service environmental impact assessments; measuring energy consumption, emissions with all elements of a service, (e.g., office use, business travel, use of technology and supply chain; evaluating the sustainability of technology products (e.g., GGICT, Energy Star, as well as product and service foot printing); making business case-backed recommendations, implementation roadmaps for improvements, delivering improvement programmes; reporting performance, using recognised reporting standards, accounting methods. Influencing staff: we feature sustainability in our employee communications, invite people to contribute to our programme’s continual improvement, and offer all employees paid volunteering time which can be used to support sustainability activities such as beach cleans and climate hackathons. Influencing suppliers: our Supplier Code of Conduct mandates high standards of environmental sustainability; SSL made CDP’s 2021 Supplier Engagement Leaderboard for taking action to measure and reduce environmental risks with our supply chains. Influencing customers: as described above SSL makes sustainability and social value a part of its contracts with clients, designing and managing environmental improvements throughout the contract lifetime. Influencing communities: in addition to employee volunteering, we participate in community sustainability initiatives, e.g., through membership in industry sustainability groups such as techUK and IEMA, and support for COP26 in Glasgow.
Covid-19 recovery

Covid-19 recovery

In the high-growth Digital sector, Sopra Steria is continually developing the skills of our workforce, including via upskilling and reskilling initiatives, e.g. via a new Career Coach, and by extending our apprenticeship programme. Through our Tech for Good programme, and the Social Value programmes we design and deliver for customers, we focus on jobs and skills for disadvantaged and under-represented groups, including those disproportionately affected by Covid. Our Tech for Good programme is designed to provide people, small businesses and VCSEs with skills they need to thrive and is focused on those from disadvantaged or under-represented communities. Since the beginning of the pandemic, we have transitioned to a hybrid-virtual programme to ensure continued accessibility. For example, we worked with ELATT, a digital skills charity, to create hybrid learning, ensuring those who were shielding or otherwise unable to access classroom learning, as well as those who most needed to be in a classroom to support their learning, could still participate. In the first year of the pandemic, we ran free training courses for charities and SME’s – offering Microsoft Teams training and modules on cyber security and resilience. We continue to offer pro-bono consulting for charities to help them use technology to better serve their communities. Since the start of the pandemic, we have put in place measures to prevent and manage risks to employee wellbeing – including the wellbeing of contracted staff – together with appropriate training and individual support, and initiatives to raise awareness of mental health issues at work. We have also trained ca. 60 Mental Health First Aiders. All our office locations have strict Covid safety protocols, with considerations for cleaning, ventilation, and occupancy.
Tackling economic inequality

Tackling economic inequality

New businesses, jobs, and skills: Sopra Steria (SSL) adheres to the Prompt Payment Code, SMEs provide us with innovative and agile solutions and deliver 50% of our work; SSL provides education, skills training and employment opportunities, such as mentoring, for those facing barriers to employment; We address the digital skills gap in our business and outside it through in-work and community learning opportunities; We offer a number of skills development programmes, including apprenticeships. Influence: staff are encouraged to use paid volunteer time to support our community innovation, entrepreneurship and employability initiatives; Suppliers must comply with our Supplier Code of Conduct, which requires workforce skills development; Our customer social value programmes include business competitions and work experience placements; We work with community organisations such as Villiers Park and Career Ready to deliver business, jobs, and skills programmes. Supply chain resilience and capacity: We work to improve supplier diversity by: making it easier to do business with us, measuring current supply chain diversity, and creating new VCSE partnerships; Through horizon-scanning, and supplier and industry collaboration, we support development of new technologies that improve public services, like our ethical data-driven approaches to serving vulnerable citizens; SSL has obtained the ISO44001 Collaborative Business certification; SSL is certified to Cyber Essentials Plus and ISO27001 standards. We require suppliers to have resilient information security processes, and flow down necessary cyber standards. Influence: Staff undertake cyber security training, participate in our innovation processes, e.g., competitions; Suppliers are engaged through our Collaborative Business approach and must adhere to strict security requirements; We share knowledge with customers via our social value programmes, continual service improvement, industry engagements; We participate in community resilience, innovation forums such as techUK.
Equal opportunity

Equal opportunity

Sopra Steria’s vision is to create an inclusive culture that embraces difference as a source of creativity, innovation, and competitive advantage. Our Equality, Diversity & Inclusion (EDI) strategy, overseen by a dedicated EDI Manager, applies to contract workforces. Disability employment gap: we are a Disability Confident Committed Employer and our partnership with Vercida helps us improve diversity through recruitment; all employees are given access to on-and-off-the-job development, and initiatives such as our Disability Network and our partnership with Business Disability Forum support disabled employee skills development. Staff, suppliers, customers and communities: all employees can join our Disability Network, our Disability Steering Group has employee representation and executive-level sponsorship; our Supplier Code of Conduct requires all suppliers to maintain high standards of EDI in their workforces; we regularly work with clients to improve accessibility in digital services, for example, we are providing insight to a client on the effects of digital transformation on accessibility; we work with community representatives in the design and delivery of our disability work (e.g. membership in Business Disability Forum). We have a range of initiatives to identify, tackle inequality in our workforce, e.g.: diversity data dashboards help us understand EDI indicators and inform our programmes; employee inclusion networks give employees in under-represented groups a voice in our EDI strategy; we are working to recruit more people from under-represented groups. We offer opportunities for people from under-represented groups, such as our Female and Black and Ethnic Minority Employee mentoring programmes. Modern Slavery: signatories to the UN Global Compact, we actively work to prevent human trafficking through pre-employment checks and transparent recruitment practices; we are a Real Living Wage Employer. Our Supplier Code of Conduct includes requirements for demonstrably preventing modern slavery.


Sopra Steria is fostering a workplace where our people are actively supported to be healthy and well and can talk openly about their mental health. Our company-wide health and wellbeing programme for all employees including contracted staff includes: Work-life balance policy providing flexible and remote working options; Extensive employee assistance programme; Range of healthcare benefits; Employee Trust, providing financial support in times of hardship; Mental Health First Aiders, now with 60 trained staff; Calendar of virtual classes, including fitness, meditation, stress management, nutrition, and resilience. Our outcomes-focused and user-centred approach to Social Value means that in creating programmes for clients, we engage community representatives, conducing user research and needs analyses. For example, we worked with a local authority to understand community employment concerns and create a work experience programme targeted at the individuals with the most need. We engage all stakeholders in our Social Value work on Wellbeing, for example: in addition to the staff support described, we also equip our people to support others’ wellbeing, for example by ensuring people managers have additional wellbeing training and objectives; our Supplier Code of Conduct requires all suppliers to support the health and wellbeing of their workforce; our Social Value consulting team designs Social Value programmes tailored to clients’ Social Value priorities, including Health & Wellbeing. For example, we are providing pro-bono consulting to a national mental health charity to help them identify how to use technology to improve outcomes for service users; To play a positive role in all our communities, all employees are given 3 days paid volunteering annually, and we offer matched funding to support charitable fundraising.


£465 to £1,980 a unit a day
Discount for educational organisations

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.