DGM AGILITY LIMITED

DevSecOps (Consultancy Service)

DGM Agility has been developing a best practices framework since 2019. DevSecOps is a methodology that integrates security practices into the DevOps (Development and Operations) process. It aims to ensure that security is treated as a priority throughout the software development lifecycle, rather than being added as an afterthought.

Features

• Secure by Design
• Automation of security processes
• Continuous monitoring and feedback
• Collaboration across teams
• Shift-Left Security
• Compliance Regulatory Alignment
• Automating the provisioning of on site offsite resourcing
• FinOps framework to control cloud costs
• Secure by Design

Benefits

• Improved Security Posture
• Faster Time to Market
• Cost Saving of Repeatable Process
• Continuous Improvement
• Increased trust and satisfaction
• Prioritises Security without Compromising Agility
• Build and deliver secure software more efficiently, effectively and reliably
• Controlling Cloud Costs
• Aligned to Secure by Design

£1 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at darren.muizelaar@dgmagility.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

421766457011296

Contact

Darren Muizelaar
07538122855
darren.muizelaar@dgmagility.com

Planning

• Planning service: Yes
• How the planning service works: Our approach to planning involves:; ; Assessing the current state, by understanding the organisation current development and operations and security processes.; Define and document clear goals and objectives.; Establish cross functional teams that includes members from Development, Security and Operations to encourage collaboration and communication.; Educate and train teams on DevSecOps on core principles and secure by design practices.; Implement continuous monitoring to monitor applications, infrastructure and networks for security threats in real-time. ; Ensure compliance and regulatory alignment implementing controls and processes to maintain compliance with standard's such as GDPR, PCI-DSS, NCSC; Develop continuous improvement and practices throughout the teams based on feedback, lessons learned and changing security threats.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Our DevSecOps training encompasses a wide range of topics related to software development, operations, security, and collaboration. The specific training required depends on individual roles within the organization and the level of expertise needed.; Foundational DevOps Training:; Understanding DevOps principles, practices, and culture.; Familiarity with version control systems (e.g., Git), continuous integration (CI), and continuous deployment (CD) pipelines.; Knowledge of containerization technologies (e.g., Docker) and container orchestration platforms (e.g., Kubernetes).; Security Fundamentals:; Basic understanding of cybersecurity concepts, including threats, vulnerabilities, and risk management.; Knowledge of common security controls and best practices for securing software applications and infrastructure.; Awareness of compliance standards and regulatory requirements.; Automation and Tooling:; Training on automation tools and technologies used in DevSecOps pipelines, such as configuration management tools (e.g., Ansible, Chef, Puppet), CI/CD platforms (e.g., Jenkins, GitLab CI/CD), and infrastructure-as-code (IaC) frameworks (e.g., Terraform).; Familiarity with security automation tools for vulnerability scanning, compliance checks, and security testing (e.g., Snyk, Checkmarx, Qualys).; Role-Specific Training:; Tailored training based on specific roles within the organization, such as developers, operations engineers, security analysts, and QA/testers.; Role-specific training may focus on technical skills, domain knowledge, and responsibilities related to DevSecOps practices.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: DevSecOps plays a crucial role in the setup and migration process by ensuring that security is integrated into every stage of the migration lifecycle. Before initiating the migration process, DevSecOps teams conduct a comprehensive security assessment of the existing infrastructure, applications, and data. They identify potential security risks, vulnerabilities, and compliance requirements that need to be addressed during the migration. DevSecOps also helps in developing a detailed migration plan that includes security considerations from the outset. Our team implement secure configuration management practices to ensure that the migrated infrastructure and applications are properly configured and hardened against security threats. They leverage automation tools to enforce security policies, patch management, and access controls consistently across the migrated environment. We set up continuous security monitoring systems to monitor the migrated infrastructure and applications for security threats and vulnerabilities in real-time.; Our team implement secure deployment and orchestration practices to automate the provisioning, deployment, and configuration of migrated applications and infrastructure. They use tools like container orchestration platforms (e.g., Kubernetes) and infrastructure-as-code (IaC) frameworks to ensure consistent and secure deployments.; Our Team fosters collaboration and communication between development, operations, and security teams throughout the migration process.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Being a niche provider of performance testing and test automation. We provide independent risk analysis to determine the level of testing required to reach SLAs and achieve optimum performance before executing and reporting on performance testing.; ; We performance test mobile, desktop and web applications. Our automated testing greatly reduces the time manual testing requires and therefore greatly reduces costs whilst providing an easily maintained repeatable set of automated tests.; ; We are tool agnostic and are familiar with all the industry leading tools as well as open source tools.; ; Not all tests are suitable for automation and we can help you determine the ROI. We can help establish which applications or systems are most at risk according to business use and prioritise which should be performance tested. We deliver this by four clear stages - Discover, Build, Execute and Report.; ; Our consultants are able to tease our functional /non-functional requirements from the business, ensuring they are built into the test plan.; ; Non-functional software quality the key is infrastructue as code so that all the test environments, includig integration, performance and security are identical to production, meaning the risk of introcuing new defects is significantly reduced and replication production issues easier.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: No

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: We deploy and support self-healing clusters with advanced real-time monitoring to achieve above 99.99% availability to support a range of website. e-commerce and application stacks. This includes the deployment of AutoScale clusters - syncing between nodes, sessions and database scaling for Hybrid and Multi-Cloud.; ; We provide responsive and proactive patch management, real time log analysis and monitoring of your Cloud environment and assistance with achieving compliance (e.g., PCI DSS) using tools such as AWS SecurityHub, Azure Security Centre and Security Command Center (GCP).; ; We provide Managed DevOps services to deploy new testing platforms, perform stress testing, code analysis and continuous integration using automation tools we setup and deploy for your organisation.; ; Our proactive cost management and optimisation services include reserved instance planning and guidance, optimisation of resources and more.

Service scope

• Service constraints: Our support services may rely upon licensed tools, vendors and 3rd parties.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: DGM Agility will respond to tickets within agreed Service Level Agreements (SLAs). Any response times will depend on the urgency and priority classification. Typically: P1 - 15 Minutes P2 - 30 Minutes P3 - 60 Minutes
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We use 3rd party off the shelf solutions; Zendesk uses the Voluntary Product Accessibility Template (VPAT), to publish an Accessibility Conformance Report (ACR), which documents an audit of our systems relative to WCAG 2.1 AA performed by a third party accessibility vendor.; ; We pay attention to Accessibility throughout our release cycle. This includes:; ; Following the standards and documentation created by our Product Accessibility team.; Training everyone involved in delivering our products around assistive technology and Accessibility best practices. This includes, designers, engineers, product and program managers, and content writers. At a personal level we try to make sure all Zendesk product and engineering employees think about the humans at the other end of the internet by sharing stories and feedback.; Leveraging Garden, our design system, from early design through development to ensure an accessible foundation for all our products; Testing our products before release using both manual and automated techniques.; Conducting regular research with agents, admins and end users who rely on assistive technology to collect feedback and help us prioritize improvements.; Systematically tracking both remediation and new feature progress to drive quality improvements; Engaging third-party auditors to conduct regular compliance audits of our products.; Listening to feedback from customers.
• Support levels: Basic - 9-5 - Email, Chat, Telephone Enhanced - 9 - 5 - Email, Chat, Telephone, MI Reporting Premium - 9 - 5 - Email, Chat, Telephone, MI Reporting, Service Desk Access & out of normal hours support. Pricing is detailed within our pricing schedule

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft Azure, AWS, Oracle OCI, Google GCP

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are committed to sustainability and recognising our responsibility to minimising impact of our operations and services on the environment. We have a fully integrated approach to environmental management, meeting the principles of the Environmental Protection Act 1990, WEEE Directives, Greening Government Commitments and ISO14001. Our Method Statement comprises two elements confirming our commitment to ensuring that opportunities under contract deliver the Policy Outcome and Model Award Criteria; (1) Actions our organisation is taking (2) Activities we’ll undertake to support the contract (1) Examples demonstrating our commitment to Fighting Climate Change; • Carbon Reduction Plan target to become NetZero by 2030 and have flagged UN SDG targets 9 and 12 as our priorities. • Our UK offices are powered by renewable energy • We have a Climate Positive Workforce with our Carbon emissions offset through our partnership with Ecologi at 10.8 tonnes CO2 per employee/year. • We Promote Sustainable travel: Our people use sustainable commuting methods through Cycle-to-Work, season ticket loan and secure bike-parking schemes. • Installing state-of-the-art conferencing facilities realising a significant reduction of office-to-office commuting. • Reducing waste: We have introduced waste management systems in our offices, minimised single-use water bottles and operate paperless offices. (2) Activities we’ll undertake to reconnect people with the environment and increasing awareness to protect and enhance it. We will track and optimise the carbon footprint of the target estate using industry leading Carbon calculators. We’ll promote embedding sustainability as a digital design principle inline with Greening Government Commitments and support awareness of CO2e reduction and best practice. We will minimise the carbon footprint of our work using technology to work remotely by default. To enable awareness, and to influence the supply chain and local communities, we will share best practice with the project team, its supply chain and educate the local community.

  Tackling economic inequality

  Tackling economic inequality As an equal opportunity employer, we are committed to creating an attractive working environment which promotes equal career opportunities for all employees regardless of social identity. Our Board is 50% women. We identify inequalities in employment, skills and pay through our Whistle Blowing Policy, Annual staff survey and our Affinity groups like LGBTQ+/Multicultural. We continue to tackle inequalities via our Equality, Diversity & Inclusion Policy (aligned to Equality Act 2010, including the Public Sector equality duties), our status as a Level 1 Disability Confident Employer, and by aligning to the 5 principles of the Government Good Work Plan. We address inequality by focusing on: • inclusive, accessible recruitment practices: we proactively engage local deprived communities with all roles advertised through Vercida Group, a D&I resourcing specialist • offering a range of quality employment opportunities; • providing an inclusive working environment which promotes career progression; • educating our people to act with tolerance and compassion; • compliance with equal pay reporting. To support in-work progression, our career paths offer broad opportunities to choose a career that accommodates personal goals. We ensure that: • Our Academy provides equal opportunity to training and recognised certification designed and developed to supplement knowledge, coaching and skills gained from the day-to-day tasks and responsibilities to enhance career development. • Everyone has a mentor they meet regularly to discuss career progression and well-being. • Detailed development feedback is given twice a year measured against transparent performance criteria by their line manager who have attended Inclusive leadership training. • Promotions happen once a year and all promotions are communicated throughout the company. Our planned activity and targets: By Q3 2022 start our apprenticeship programme to help reduce the digital skills gap By Q4 2022 Disability Awareness training provided

  Equal opportunity

  There are 14.1 million disabled people in the UK. 19% of working age adults are disabled (Family Resources Survey, 2019 to 20), however, disabled people are twice as likely to be unemployed as non-disabled people. We recognise the inequalities that have been amplified during the pandemic, in particular to those with disability. As a Disability Confident Employer, we have incorporated Disability awareness training as part of our mandatory training for our UK workforce from April 2022 onwards. We are committed to becoming a Disability Confident Level 2 employer by June 2022. We are an equal opportunity employer and publish our Diversity and Inclusion Policy. We continuously focus on any barriers that may prevent underrepresented groups from being appointed to a position, especially management positions. All UK Jobs are advertised through an inclusive and accessible job platform via our partnership with Vercida group, a D&I resourcing specialist. We recognise our role, is to use our expertise to make sure people with disabilities can connect and contribute to the workplace in the best way possible, to ensure they are thriving at work and within their role for the organisation. Our Inclusive leadership management training plays a vital role in creating and sustaining an inclusive working environment. This ranges from implementing the people management policies that will impact on how a person with a disability experiences work, to managing absence or a flexible working model to support the individual. Our inclusive and accessible development practices support managers to; attract the most suitable talent; be confident about supporting colleagues with a disabilities / health condition through on-boarding, training, and progression; understand how to identify and reduce, through workplace adjustment, the barriers that would prevent someone from reaching their potential; ensure fair treatment for all colleagues and create and inclusive working environment and culture.

  Wellbeing

  Throughout the pandemic we prioritised helping our staff and local communities to manage and recover from the impact of COVID-19. We implemented initiatives to reduce the demand on public services and improve how we support physical and mental health such as introducing company-funded private healthcare for our people and became a Disability Confident employer. Our Method Statement comprises two elements confirming our commitment to ensuring that opportunities under a contract deliver the Policy Outcome and Model Award Criteria; (1) Actions our organisation is taking (2) Activities we’ll undertake to support the contract (1) Example activities of how we influence staff, suppliers, customers and communities to support health and wellbeing, including physical and mental health and demonstrate our commitment to the Award Criteria; • signatory of Mental Health at Work commitment • Implemented the Mental Health at Work 6 Core Standards and enhanced standards • We utilise our Intranet to promote an active healthy lifestyle, use of our benefits like Cycle to Work Scheme, annual Fitness challenges and awareness of mental health encouraging open discussions with a clear route to support. • Our people have equal access and opportunity to regular training through our Academy to enhance their career prospects. They receive ongoing career progression planning through their mentor. • Encouraging our people to seek help and feel supported through structured appraisals and access to our Mental Health specialists. (2) Activities we’ll undertake on to promote personal and community health and well-being. As the delivery partner, we propose to co-design with the project team, a charity partner and a CPD accredited provider to offer education and training on Health and Wellbeing to unemployed people affected by Covid19. Our aim is to support them to find employment in the Health and Wellbeing sector. This will benefit both the individuals and the community.

Pricing

• Price: £1 a unit
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at darren.muizelaar@dgmagility.com. Tell them what format you need. It will help if you say what assistive technology you use.