UST Global Pvt Ltd

UST PACE (DevOps Platform)

PACE is a platform engineering suite focused on transforming application delivery governance, speed, and security to optimize ROI. It empowers developers by decentralizing cognitive load, enabling focus on value creation. PACE revolutionizes cloud delivery, increasing deployment frequency, ensuring availability, and driving better business outcomes through standardized assets and continuous improvements.

Features

• Optimizes workflows seamlessly with current DevOps stacks.
• Early security measures to detect and mitigate risks.
• Boosts code quality, reduces bugs from the start.
• Automates tasks, facilitates CI/CD, streamlines production.
• Tailored by experts to meet specific enterprise needs.
• - Delivers quick operational improvements from day one.
• Supports flexible, scalable infrastructure on any cloud
• Accelerates development with agile and lean methodologies.
• Improves team communication and collaboration across departments
• - Continuously enhances security, ensures compliance

Benefits

• Integrates tools to streamline development processes efficiently.
• Enhances visibility and control across development lifecycle
• Speeds product launches with effective CI/CD automation
• Identifies, mitigates early risks, enhancing product security.
• Automates tasks, focuses teams on innovation and problem-solving
• Maintains compliance with security regulations automatically.
• Efficiently uses resources, automating various operational tasks.
• Adapts quickly to changes with agile project management
• Implements quality measures early to minimize errors.
• Tailors configurations to specific enterprise requirements optimally.

£48,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukpublicsectorsales@ust.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

414634399443665

Contact

Patrick Marren
07544102103
ukpublicsectorsales@ust.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Yes. PACE is deployed on Kubernetes.
• System requirements: 4 VMs of minimum 4 vCPU, 8 GB RAM each

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 16 hours, 5 days a week
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We have L1, L2 and L3 support levels and are finalized per the client requirements. Cost and resources are subject to discussions and are determined as per the client needs.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To help users start using our service, we offer comprehensive support:; ; Online Training: We provide accessible online training modules to help users quickly become proficient with our service.; ; User Documentation: Comprehensive documentation is available to guide users through all features and functionalities.; ; Onsite Training: Depending on the engagement model, we can also provide onsite training tailored to specific needs.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At the end of a contract, our data extraction process ensures clients retain control over their software development assets, including source code, scripts, build pipelines, and infrastructure details. Here’s a brief overview of our process:; ; Data and Asset Identification: We identify all relevant software development assets, including project files, source codes, databases, and deployment pipelines.; Agreement on Formats: We collaborate with clients to determine suitable formats for exporting assets, ensuring seamless integration into their systems.; Secure Extraction Process: The extraction is secured with encryption and strict access controls to protect data integrity and confidentiality.; Data Packaging and Export: Assets are packaged according to agreed formats, with comprehensive documentation of settings and configurations for re-deployment.; Verification and Delivery: Assets undergo verification for accuracy before delivery, ensuring functionality in their new environment.; Post-Extraction Support: We provide support to assist with data integration and troubleshooting post-delivery.; This approach ensures critical software development data and infrastructure are correctly handed over, maintaining operational continuity for clients.
• End-of-contract process: At the end of a UST PACE contract, the process is designed to ensure a seamless and thorough transition:; ; Final Review Meeting: We conduct a meeting to review deliverables and address any pending items.; Data Export and Handover: PACE assists with exporting all relevant project data such as source code, build pipelines, and documentation, ensuring clients retain full control over their intellectual property.; Documentation Delivery: Comprehensive documentation including user manuals and system guides is provided to facilitate client understanding and utilization of the exported assets.; Debriefing Session: A feedback session is held to discuss successes and areas for improvement, fostering continuous enhancement of services.; Settlement of Accounts: All financial matters are finalized, including the issuance and settlement of the final invoice.; Support Transition: Details for ongoing support or maintenance are finalized if included in the contract; otherwise, options for extended support are discussed.; Closure Formalities: Formal contract closure is executed with all necessary legal and administrative tasks completed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Users can customise the automation workflows. Create, update and manage templates and also create their dashboards by using existing widgets or creating their widgets

Scaling

• Independence of resources: To ensure consistent service quality despite varied user demand, key strategies include:; Resource Isolation: Using containers and virtual machines to prevent one user’s activity from impacting another.; Load Balancing: Distributing traffic across multiple servers to prevent bottlenecks.; Scalability: Implementing auto-scaling to adjust resources based on demand.; Caching: Storing frequently accessed data to reduce load.; Performance Monitoring: Using analytics to preemptively address issues.

Analytics

• Service usage metrics: Yes
• Metrics types: PACE Illuminate enhances software delivery efficiency by providing key metrics across the development lifecycle. It tracks developer productivity through metrics like commits and tasks, evaluates build success rate to gauge integration health, and assesses code robustness with quality metrics such as bug density and code coverage. Additionally, it monitors deployment frequency and changes lead time to review CI/CD agility, along with mean time to recovery (MTTR) for system downtimes. This comprehensive suite offers these and more metrics, critical for optimizing digital environments.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data export requests can be sent to the PACE support team for further action on the same.
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats: Other
• Other data import formats: JSON, YAML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: VNET, Subnet level protection

Availability and resilience

• Guaranteed availability: The level of availability depends on the availability mechanisms chosen by the customer for the infrastructure services (public and private)
• Approach to resilience: Available on Request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Authentication against customer Active Directory.
• Access restrictions in management interfaces and support channels: Role based access for users based on the Organisational structure defined, which can be integrated with external identity systems such as Microsoft Active Directory and Okta.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Intertek
• ISO/IEC 27001 accreditation date: 25/09/2023
• What the ISO/IEC 27001 doesn’t cover: The certification includes application development, application management, infrastructure management services, engineering services, business process, outsourcing services, support functions such as human resources, finance, workplace management, sales & marketing, information services, information security management system, covering on-premises and cloud environments within UST.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 22301
  • SOC1 SOC2 type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: UST follow a defined escalation and reporting approach. Full details can be supplied upon request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Undisclosed. Information can be provided to individual customers under an NDA.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Undisclosed. Information can be provided to individual customers under an NDA.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Undisclosed. Information can be provided to individual customers under an NDA.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management approach is based on the ITIL v3/v4 framework.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  UST engages in numerous initiatives for tackling economic inequality, these include: ; • Working with local Combined Authorities and training providers to build training courses (focussed on digital skills) for economically disadvantaged citizens. ; • People who engage in these courses can then be hired by UST into full-time roles and begin their career in technology. ; • UST support closing skills gaps in key technology areas e.g. UST have developed a mobile application to support the development of skills in Artificial Intelligence for 3 key user profiles – those looking to start a career in AI, those looking to move into an AI role, and citizens who are interested in AI.; • UST are keen to support local SME’s and can agree with a buyer as to how many local SME’s will be utilised in an engagement. ; • UST invest significant sums into innovation aimed at delivering more productivity at lower cost e.g. we have developed our own Generative AI Testing platform.

  Equal opportunity

  UST engages in numerous initiatives for promoting equal opportunities, these include: ; • Working TechSheCan to enable great access to women within the world of tech careers. UST also invested in building the training platform for TechSheCan.; • UST work with numerous partners to support veterans who want to start a carer in Tech once they have left the military.; • UST are an equal opportunities employer and do not discriminate on the basis of age, sex, gender, disability, or religion. We can share our policies and process for this to support discussions. ; • UST have published a detailed Modern Slavery statement and have processes in place to support this. More details can be found at: https://www.ust.com/content/dam/ust/documents/modern-slavery-statement-2022.pdf; • UST works with local skills development partners to support the development of tech skills amongst numerous societal groups.

  Wellbeing

  • UST have developed a Digital Inclusion Community App to support the development of essential digital skills amongst digital excluded people. This enables citizens to be able to use digital services, from both Public and Private organisations, driving a more integrated digital community.

Pricing

• Price: £48,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 30 Days demo version

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukpublicsectorsales@ust.com. Tell them what format you need. It will help if you say what assistive technology you use.