e3 media ltd t/a Great State

Agile project delivery: Full digital service development and continuous improvement

Our Agile project management service provides specialists to deliver complex products and services from Discovery to Live. Our Agile delivery framework focuses on meeting user needs, while balancing business requirements. Multi-disciplinary teams deliver value through continuous improvement, collaborative tools and Agile best practices; helping to embed these within your organisation.

Features

• Hybrid and Agile delivery models in line with GDS standards
• Full lifecycle Agile projects: discovery, alpha, beta, live and retire
• Extensive Agile experience: Programme Managers, Delivery Managers, certified Scrum Masters
• Leading and managing Agile Scrum planning, ceremonies, governance and reporting
• Backlog building/refinement, MVP definition, estimation in collaboration with Scrum team
• Coaching/mentoring embeds Agile delivery principles and practices, builds high-performing teams
• Collaborative approach supports inter-team cooperation and coordination with other teams
• DevOps approach with continuous improvement, continuous integration, continuous delivery (CI/CD)
• Release management lifecycle: scheduling, coordinating and managing releases
• Experienced Agile teams using contemporary tools and mindset

Benefits

• Proven record of meeting GDS guidelines and passing GDS assessments
• Enables continuous service and process improvements throughout the project lifecycle
• Flexible approach delivering at pace to realise value more quickly
• Delivering prioritised features lowers risk; user insight informs future releases
• Regular risk, issue and dependency management with clear mitigation activities
• Cross-team communication and collaboration ensures smooth delivery and high-quality product
• Agile skill development, strengthening client self-sufficiency for future projects
• Continuous cycle of testing and user feedback ensures high-quality product
• Comprehensive quality management services aligned to ISO:9001 standards
• Effective project success measures defined early for accurate project reporting

£400 to £1,500 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@greatstate.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

490976547833184

Contact

Public Sector Team
01179021333
publicsector@greatstate.co

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Cloud Content Management System (CMS) services
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: N/A
• System requirements: None

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Based on customer requirements
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide robust, responsive ITIL 4 incident management, problem, and change management. Proactive maintenance, technical debt remediation, patching & backup and test automation. Flexible hours of operation 24/7, 9-5 (UK business working hours) and provide multi-disciplinary support teams and points of escalation. We can provide a Service Level Agreement (SLA) to ensure that any issues which arise can continue be dealt quickly and efficiently. This comprises of two elements; proactive monitoring - of services to identify and isolate potential problems before they become issues and Reactive response - to resolve any unforeseen problems which may arise. Support includes the following key elements: • Event management access management • Request fulfilment • Applications management • Problem management • Support service desk for telephone and email support • Website monitoring • Incident management • CMS platform support and maintenance • Solution support and maintenance • Monthly reporting
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will carry out comprehensive onboarding onto the service.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers can be given access and support (where required) to extract data at the end of a contract. Any additional support required to extract or transfer the data may be chargeable at an additional cost.
• End-of-contract process: In the event of service termination, the end of contract process will be to remove all access to the services and stopping of all resource and services. The responsibility of migrating services and data will be with the customer. Any work or support required to handover to another party or client, extract or transfer data or migration of infrastructure and services will need to be planned in and executed as a separate project and chargeable at an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Customers will be able to manage the every aspect of the service(s) through the Azure DevOps, Zendesk and web portal(s) provided by Sitecore, Umbraco, Contentful, Primsic, Microsoft Azure, AWS and Google Cloud.
• Accessibility standards: None or don’t know
• Description of accessibility: The accessibility of the portals / platforms are managed by Zendesk, Sitecore, Umbraco, Contentful, Primsic, Microsoft Azure, AWS and Google Cloud
• Accessibility testing: The accessibility of the portals / platforms are managed and tested by Zendesk, Sitecore, Umbraco, Contentful, Primsic, Microsoft Azure, AWS and Google Cloud
• API: Yes
• What users can and can't do using the API: All aspects of the Sitecore, Umbraco, Contenful, Prismic, Microsoft Azure, AWS and Google Platforms can be managed via APIs
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: This service can be completely customised and extended to meet the customers specific requirements, the exact nature of this will be discussed with the customer during the onboarding process.

Scaling

• Independence of resources: Resources allocated based on planned needs

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics can be tailored to specific customer needs.; ; But will typically include:; We will provide monthly reports providing a measurement of performance against agreed service levels and conduct a quarterly review with an operational and strategic focus, aimed at continual improvement. Server infrastructure performance: including CPU, Disk, HTTP request and response status, Memory, Network, Number of active instances.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There is data/content export functionality available in the CMS Platforms. Customers can be given access and support (where required) to extract data at the end of a contract. Any additional support required to extract or transfer the data may be chargeable at an additional cost.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • JSON
  • SQL Database Backups
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: This is to be discussed and agreed with the customer.
• Approach to resilience: This information is available on request.
• Outage reporting: Public dashboard and email alerts.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is restricted through in different ways including username and passwords, multifactor authentication and IP restrictions.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 08/04/22
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: We are accredited for ISO 27001:2013 by QMS International. Cyber Essentials (Plus) certification and annual penetration testing by mti.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our change management process controls the lifecycle of all changes, enabling beneficial changes to be made with minimum to no impact to services being provided. Changes to systems include additions, modifications, and removal of anything that can impact the IT services provided. The change could impact architecture, services, processes, people etc.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We perform regular maintenance and housekeeping tasks including: • Event scheduling and administration: scheduling and executing of system events such a batch processing, system back-up or mass data transfers. • Emergency patches and upgrades: process for dealing with emergency patches as and when they are provided by vendors. • Preventive maintenance: actions performed in an attempt to retain an application software item in a specified condition by maintaining updated OS and security patching, measuring performance and utilisation, conducting systematic inspection, and running diagnostic tests to detect incipient failure or degradation and to prevent these where possible at application management level.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All components and services are constantly monitored as part of the managed service monitoring solution (reactive and proactive). Proactive monitoring is based on triggers being set at different thresholds against key metrics such as CPU usage, memory and diskspace. Depending on the severity of the event identified we will respond appropriately and in accordance with agreed service response times.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management is always preceded by either an event, detected automatically via monitoring or a call/ticket being raised (by phone, direct ticket or email) to the service desk. This team will provide initial categorisation and triage where appropriate, and will handle all communications via the ticketing system, status page and notifications. This team will also, using the comprehensive runbook developed, undertake immediate set actions or escalations as required to resolve the incident. We provide monthly reports providing a measurement of performance against agreed service levels and conduct a quarterly review with an operational and strategic focus, aimed at continual improvement.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Through our work within the ISO 14001 environmental management system, we have identified the key aspects where we could have a negative impact on the environment and have a detailed policy and systems in place to reduce our impact. Primarily through the areas of air emissions, water discharges, waste management, land contamination, sustainability of natural resources use, local and community environmental issues and technological options. Some of the areas we are working on currently are:; Working towards carbon neutrality by reducing our direct carbon footprint through the reduction of utilities usage and corporate travel. Having assessed our carbon footprint we are now working towards our goal of carbon neutrality.; Looking at our wider indirect carbon footprint and working with our suppliers, through an assessment process and questionnaire, to ensure we are working with likeminded partners.; Encouraging our employees to decrease their personal carbon footprint through the promotion and use of car-sharing, public transport and our cycle to work scheme, ultimately leading to a reduction in air emissions.; Creating a specific area within the office, enabling bikes to be kept securely within the premises.; Offsetting anything that cannot be reduced through our partnership with Ecologi.; Reducing energy usage through using modern energy efficient equipment.; Moving technology to the cloud to decrease carbon footprint and emissions and increasing the use of renewable energy.; Reducing raw material usage by digitising where possible.; Minimising waste by heavy promotion of reuse and recycling.
• Tackling economic inequality:

  Tackling economic inequality

  We work towards tackling economic inequality in any way we can, at the moment we are focusing on employment, education and training, development of scalable and future proofed new methods and identifying and managing cyber security risks through:; Implementing recruitment practices and employment conditions that will attract good candidates from all backgrounds, minimise turnover of staff and improve productivity.; Support for underrepresented candidates by providing careers advice, including mentoring, mock interviews and CV advice, and opportunities for in-work progression and career development into known skills shortages or high-growth areas.; Offering opportunities for work experience or similar activities.; Providing apprenticeships and industry placement opportunities.; Support for educational attainment resulting in recognised qualifications.; Activities to support relevant sector-related skills growth in the workforce, for example careers talks, curriculum support, literacy support, safety talks and volunteering.; Showing an understanding of scalable and future-proofed new methods to drive greater modernisation of delivery and increase productivity.; Identifying measures to mitigate and manage cyber security risks within the supply chain, such as engaging with the supply chain to identify and build resilience against cyber security risks and actions to raise cyber security awareness.
• Equal opportunity:

  Equal opportunity

  We promote equal opportunity to our potential and current employees in many ways and we are constantly working on the following:; Working on internal unconditional bias through discussion, training and process changes.; Ensuring our job ads are not discriminating and don’t use any stereotypes or biased language.; Ensuring that everyone in the company feels that they are in a safe place and their voices are heard and respected and feel safe in the knowledge that they will never face retaliation for a complaint or raising a concern.; Finding resources and educational material that include examples of different types of discrimination – whether this is indirect discrimination, unconscious biases or offensive. language. Helping our employees awareness of issues they may not have recognised as discrimination before.; Celebrating differences and gaining advocates from other parts of the business, such as with our Great Women initiative.; Ensuring leadership promotes, internally or externally, who we are as a company and who we want to be.; Bringing guest speakers in to talk to our employees helps to bring new viewpoints and conversations around the question of diversity to our workforce.; Employees are able to balance their work and their life in a way that suits them allowing differences to be catered for equally.; Every employee works with their line manager on clear expectation setting aligned with goals that are both achievable and challenging (SMART objectives). Supported by training and development and regular 121s with their manager.; Carrying out company surveys to ensure staff member is included in company decisions and their feedback is heard.
• Wellbeing:

  Wellbeing

  The wellbeing of the people that work for Great State is a key focus for us as a business – we have therefore implemented a range of initiatives, including: ; Providing access to and funding Private Healthcare which includes confidential counselling, discounted gym memberships and discounts on everyday retail items.; Supporting employees to achieve their goals by providing 121’s, objectives and training to encourage mental wellbeing.; Setting up friendly fitness challenges through our Active Teams initiative to motivate employees to care for their physical health and develop our company’s interpersonal relationships.; Offering salary sacrifice schemes to aid financially, whilst encouraging more sustainable commuting with the Cycle to Work scheme.; Arranging regular get-togethers to aid healthy relationships with colleagues to enable mutual support and trust.; Encouraging real breaks with our ‘take a breath’ initiative and walking meetings.; Creating a comfortable work environment to improve physical and mental health, with standing desks, health food and drink options, ergonomic seating and wellness and social spaces.; Recognising and rewarding employees for hard work, increasing confidence and making people feel valued for their contribution, through kudos on our HRIS, rewards, etc. ; Encouraging staff to take responsibility for their own wellbeing by creating a culture that talks about health and wellbeing and supporting employees to take steps to improve themselves. For instance, through our email header talking about flexible working and our expectations for response.; Providing wellbeing workshops, such as yoga.; Offering flexible working to suit different working styles, schedules and preferences.

Pricing

• Price: £400 to £1,500 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@greatstate.co. Tell them what format you need. It will help if you say what assistive technology you use.