Agile Professional Group

Digital application development and integration service

Agile Professional Group provides specialist technical services to develop highly responsive and scalable cloud-based applications. Specialising in API development, SaaS integration and mobile responsive front end solutions.

Features

• SaaS architecture
• Mobile responsive user interface
• Data analytics and reporting
• Highly configurable and scalable
• Fully managed service, delivered securely via the cloud
• ISO27001 certified cloud infrastructure
• GDPR compliance and privacy by design across all services
• APIs available for process automation and data accessibility
• UI design and prototyping

Benefits

• Reduced management overhead
• Efficient information sharing across systems and teams
• Flexibility of system integrations
• Cloud based offering, reducing the need for on premise hardware
• Reduced on premise technical staff / system administration
• 24/7 access via mobile and desktop platforms

£5,000 an instance

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@agileprofessional.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

444344436898581

Contact

Sales team
07939997392
sales@agileprofessional.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Our change management processes include patches and fixes during pre-planned maintenance windows. All planned maintenance will be agreed in; advance with our customers.; ; Our deployment and upgrade strategies include backup plans, version control, emergency system updates, communication planning and internal documentation for ongoing releases.
• System requirements: Internet access and compatible web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard hours of support: ; Monday to Friday between 09:00 to 17:00 (excluding UK bank holidays).; ; Response times:; From 60 minutes to 5 days depending on the severity and priority of the incident.; ; We provide weekend and our of hours support where tailored service level agreements are in place.; ; Support tickets can be raised via email or our cloud based ticketing system 24/7.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Our web support tools are provided by a world leading 3rd party support tool. More details on accessibility can be provided upon request.
• Onsite support: Yes, at extra cost
• Support levels: We provide a technical account manager or customer success manager per project where agreed in advance.; ; Support levels / response times:; Critical - 1 Hour; High - 4 hours; Medium - 1 business day; Low - 2 business days; ; Each category is defined in the SLA per service.; ; Our of hours support will be provided as necessary and at additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our on-boarding process consists of the following - On-site/remote on boarding workshop, interface and wire-framing for bespoke features, system integration connector configuration, integration development for bespoke features, quality assurance, beta/field testing. Performance tracking (providing a dedicated Customer Success representative); ; User and system documentation is provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: Customers can extract data electronically via an XML or JSON feed, Agile Professional shall also provide manual data (e.g. database) exports where necessary.
• End-of-contract process: At the end of the contract, we will provide data extracts as necessary and also comply with data sanitation or purging requests as per GDPR regulations. There is no additional cost for data extracting services.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We use responsive web design to create a single adaptable interface to react to the size of a user’s device with one content source. The same content will be available on all screens, but some UI components may function differently as per responsive design to adapt to the screen size.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The platform interface is a web portal interface with dashboard capabilities, which allows users / administrators to configure the application and user / role management.; ; The platform uses responsive web design to allow the interfaces to adapt and be displayed on devices of different dimensions. This means that both desktop and mobile users are provided with a consistent experience across all devices.
• Accessibility standards: None or don’t know
• Description of accessibility: More details on accessibility can be provided upon request.
• Accessibility testing: Interfaces are tested using desktop screen reader software, and our text editor supports a variety of screen readers. More details can be provided upon request.
• API: Yes
• What users can and can't do using the API: We use cutting edge middleware technologies and support an 'API first' architecture as part of our approach to software development. We also offer bespoke API development to help our users get access to specialist API functions.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Super users, administrators and other users can individually the application according to their needs. This ranges from basic UI settings to roles and permissions and advanced workflow management.

Scaling

• Independence of resources: Our SaaS infrastructure is proactively and continuously monitored, adjusted, tuned and scaled by our technical team. Our data centre provider provides built in auto scaling functionality to ensure resilience in critical situations. We can use hybrid approaches for client hosted environments where required. This can be necessary where a client has a mandatory requirement to keep sensitive data within their network.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage metrics, such as page hits, feature/menu access, duration of session, time of session, client type, browser type, device type, OS type, user type, and several others. All relevant and GDPR complaint user behaviour can be analysed. Admin users can export data to CSV and build bespoke reports if required.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be extracted electronically via an XML or JSON feeds.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • JSON
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our hosting provider has the following SLA's on services used:; Cloud services and Virtual Machines - 99.9% guarantee
• Approach to resilience: Load Balancing; ; Resilience and service availability such as load balancing is part of our offering, separation of users and environments is implemented securely, and the UK data centre is ISO/IEC 27001 certified with disaster recovery plans in place.; ; Database load balancing will be supported if required.; ; Business Continuity & Disaster Recovery:; Our Business Continuity Plan is a comprehensive statement of actions to be taken before, during and after a disaster. This plan is designed to reduce the risk to an acceptable level by ensuring the restoration of critical functions and services within a short time frame, and all essential production within a longer, but permissible, time frame. This plan identifies the critical functions and services for our cloud services and the resources required to support them. Guidelines and recommendations are provided for ensuring that needed personnel and resources are available for disaster preparation, assessment and response to permit the timely restoration of services.; ; Backups: ; The solution is backed up daily
• Outage reporting: Customers are notified by our support team in the event of an outage and we maintain a public status dashboard.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: The service supports several authentication methods, but also allows users to access certain public information without authentication.; ; Management interfaces and support channels are restricted by profile and role based user permissions.; ; For authenticated areas, the service supports:; - SAML 2.0; - OAuth 2.0; - OIDC; - Multi Factor Authentication; - LDAPS; - Username / Password
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: We also support SAML 2.0 and OAuth 2.0 / OIDC

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Our cloud infrastructure is PCI DSS compliant
  • Our cloud infrastructure is fully compliant with EU-US Privacy Shield
  • Our cloud infrastructure is ISO/IEC 27001 certified

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our solution is fully cloud based and hosted at our UK data centre, which is ISO/IEC 27001 certified. ; ; All data in transit is encrypted using HTTPS/TLS, data at held securely and stored in compliance with DPA, data sanitisation methods are used when required, appropriate equipment disposal techniques are used when required, resilience and service availability such as load balancing is part of our offering, separation of users and environments is implemented securely.
• Information security policies and processes: Policies are reviewed on a regular basis and staff are reminded of their commitment to follow each policy at regular intervals. ; ; Agile Professional have a number of policies that relate to information security, business continuity and terms of use. Reporting is made at Director level. Policies are reviewed annually and compliance is monitored by Directors.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Depending on the scale of the change required, we implement the following basic flows as part of our change management procedures:; ; - Request for Change RFC; - Change Record; - Change Classification; - CAB Agenda; - Forward Schedule of Changes (FSC); - Post Implementation Review (PIR); - Rollback strategies; - Backup planning; - Version control; - Maintenance windows (for major updates and migrations); ; All configuration changes must be submitted to a review process. An audit trail of configuration changes is retained. Configuration changes are applied by an automated, tested process, never manually to eliminate human error.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats are identified during regular penetration tests. If critical or high vulnerability threats were identified these could be patched system wide within a short time.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We ensure all components receive regular security updates, patches at both operating system and application level. This is standard with all our production environments. Our regular security reviews ensure our systems are not susceptible to common security vulnerabilities, as described in OWASP top ten vulnerabilities.; ; With automated monitoring, we are able to pro-actively identify upcoming patches, updates etc. This helps us work in advance to ensure our infrastructure is up to date, with latest stable patches and updates deployed as soon as possible.
• Incident management type: Supplier-defined controls
• Incident management approach: Clients can report incidents by email, phone or via our ticketing system. The service desk team will analyse the incident and gather as much information as possible from log files, investigations etc and will at the same time make senior management aware of the incident and escalate appropriately in accordance with our defined escalation procedures. Following an incident, a report will be compiled and shared with the customer and any further actions clearly identified.; ; Major incidents will be reported on our public status page.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  Create opportunities for entrepreneurship and help new, small; organisations to grow, supporting economic growth and business creation.; ; Create employment and training opportunities, particularly for people in; industries with known skills shortages or in high growth sectors.; ; Influence staff, suppliers, customers and communities through the delivery of the contract to support employment and skills opportunities in high growth sectors.

Pricing

• Price: £5,000 an instance
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@agileprofessional.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.