REPLY LIMITED

AWS Platform as a Service (PaaS)

Our AWS PaaS offers robust architecture, agile development, and an integrated Service Desk for seamless application management. Hosted in EU data centres, it ensures compliance, innovation, scalability, and top-notch security, accelerating digital transformation while optimizing performance for businesses of all sizes.

Features

• Use multi-factor authentication and end-to-end encryption.
• Monitor compliance continuously with automatic security updates.
• Allocate resources dynamically for optimized performance and cost.
• Automatically scale to meet real-time application demands.
• Deploy rapidly with integrated CI/CD tools.
• Implement blue-green deployment to minimize downtime.
• Choose data residency options for EU data protection laws.
• Conduct regular data audits for GDPR compliance.
• Monitor application performance in real-time.
• Access customizable dashboards for system insights.

Benefits

• Enhance security to prevent data breaches, ensuring continuity.
• Optimize resources, reducing costs and overprovisioning risks.
• Deploy rapidly, accelerate development, and shorten time-to-market.
• Simplify compliance with automatic updates and data sovereignty assurance.
• Empower developers with efficient tools, focusing on innovation.
• Utilize analytics for informed decisions and strategic planning.
• Scale applications flexibly to meet evolving business requirements.
• Ensure robust disaster recovery for minimal downtime and data backup.
• Receive comprehensive support from certified AWS professionals.
• Offer extensive documentation and training resources for user empowerment.

£350 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at glue.frameworks@reply.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

492968816926989

Contact

Chris Wright
0207 730 6000
glue.frameworks@reply.com

Service scope

• Service constraints: N/A
• System requirements:
  • Active AWS account to access and manage AWS PaaS resources.
  • Internet connectivity with sufficient bandwidth for cloud interactions.
  • Modern web browser for accessing AWS management console and dashboards.
  • Compatible development environments for preferred programming languages.
  • API access enabled for integration with existing business applications.
  • Compliance with minimum security standards for encryption and authentication.
  • System capability for multi-factor authentication setup and management.
  • Pre-existing CI/CD tools integration or readiness for deployment automation.
  • Organizational readiness for adopting blue-green deployment strategies.
  • GDPR compliance infrastructure for data protection and privacy audits.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Based on SLA Agreement.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Web chat testing protocol will be agreed with the client as part of our service design process.
• Onsite support: Yes, at extra cost
• Support levels: We adapt our support to the needs of the users and can offer most support levels requested by clients. We have provided all combinations of first, second, and third line support to our clients; we have provided all combinations of UK business hours, UK extended business hours, US business hours and 24/7 support facilities to our clients. We have provided both real-time telephone support, email support, and on-call support. The costs of each of these models is tailored to the specific needs of our clients to ensure the right level of support is provided to the service in question. In all of our client engagements there will be a dedicated account manager – and typically a cloud support engineer or technical account manager depending on the needs of the client.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide various resources to help users start using our service. This includes comprehensive online documentation with guides and FAQs, interactive webinars for live learning sessions, and personalized onsite training for organizations. Our goal is to offer users the support they need to confidently utilize our service, whether through self-paced learning or personalized assistance.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: Confluence
• End-of-contract data extraction: When the contract ends, users can extract their data through our service's export functionality. They initiate the process via our web interface or API, selecting the desired data sets. We offer guidance and support throughout, ensuring a smooth transition.
• End-of-contract process: When the contract ends, users can extract their data through our service's export functionality. They initiate the process via our web interface or API, selecting the desired data sets. We offer guidance and support throughout, ensuring a smooth transition.

Using the service

• Web browser interface: Yes
• Using the web interface: Reply's platform as a service (PaaS) offers customers a personalized platform designed to meet their specific needs. The web interface is adaptable to meet various requirements, with common functionalities including environment creation and deletion, scaling, and software deployment through pipelines. The extent of customization is subject to the technical capabilities of the services necessary for the platform's operation.
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: We ensure web interface accessibility by employing accessibility testing tools. These tools help us evaluate the usability and inclusivity of our interfaces for users utilizing assistive technologies such as screen readers or voice recognition software. Through these assessments, we identify and address any potential accessibility barriers, ensuring that our web interfaces are user-friendly and accessible to all individuals, regardless of their abilities.
• API: Yes
• What users can and can't do using the API: Through our API, users can seamlessly set up and configure our service according to their needs. Initially, users can utilize the API to provision accounts, configure settings, and integrate our service into their existing workflows. This includes tasks such as creating user profiles, defining access permissions, and configuring various service features.; Additionally, users can make changes to their setup and configuration dynamically through the API. They have the flexibility to update user profiles, adjust access permissions, and modify service configurations in real-time.; However, there are some limitations to the actions users can perform through the API. Certain administrative tasks or sensitive operations may be restricted to prevent unauthorized access or unintended modifications.
• API automation tools:
  • Ansible
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• Command line interface: Yes
• Command line interface compatibility: Linux or Unix
• Using the command line interface: Users can leverage our command line interface (CLI), such as the "Reply CLI", to perform various tasks efficiently. Initially, users can set up the service through the CLI by executing commands to provision accounts, configure settings, and initialize the service within their environment. This includes tasks like creating user profiles, defining access permissions, and configuring service features, all accomplished via command line commands.; Moreover, users can make changes to their setup and configuration seamlessly through the CLI. They can update user profiles, adjust access permissions, and modify service configurations in real-time by executing appropriate CLI commands.; However, there may be some limitations to the actions users can perform through the CLI. Certain administrative tasks or sensitive operations might be restricted to prevent unauthorized access or unintended modifications.

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: We ensure user experience by implementing robust infrastructure and resource management strategies:; ; Scalability: Our service scales to meet demand, dynamically allocating resources.; ; Resource Isolation: We segregate resources to prevent one user's activities from affecting others.; ; Load Balancing: Traffic is evenly distributed across multiple servers, ensuring optimal performance.; ; Performance Monitoring: We continuously monitor and address performance issues proactively.; ; SLAs: Our SLAs guarantee consistent service levels, regardless of demand fluctuations.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics:
  • CPU
  • Disk
  • Memory
  • Network
  • Number of Instances
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines: Complete snapshots of virtualized computing environments.
  • Databases: Structured data from relational or NoSQL database management systems.
  • Applications: Configuration settings, user preferences, and application data files.
  • System Settings: Operating system configurations, registry settings, and preferences.
  • Cloud Storage: Data stored in cloud-based storage platforms and services.
• Backup controls: Users have granular control over backup schedules and configurations through our service's flexible settings. They can specify which items to back up and define individual schedules based on their priorities and requirements.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLA's negotiated on a client by client basis
• Approach to resilience: Our service is designed with resilience at its core, featuring redundancy to eliminate single points of failure and maintain continuity in the face of hardware failures or outages. Load balancing technologies evenly distribute incoming traffic across multiple resources, preventing overload and ensuring optimal performance. Robust disaster recovery plans, including regular backups and failover mechanisms, swiftly restore operations in the event of catastrophic events. Geographic diversity across multiple data centers provides redundancy, ensuring service availability even during regional disruptions. Automated monitoring and response systems continuously monitor performance, triggering rapid responses to anomalies to minimize downtime. Additionally, our service scales seamlessly to accommodate fluctuations in demand, ensuring consistent performance under varying load conditions. Through these resilience features, we guarantee our users high availability, reliability, and uninterrupted service operations.
• Outage reporting: Our service reports outages promptly through multiple channels to ensure users are promptly informed and updated. Users receive notifications on the service dashboard and via email alerts, providing real-time updates on the status of the service and any ongoing issues. Additionally, we maintain a dedicated status page where users can check the current status of the service and receive updates on outages or scheduled maintenance. Furthermore, users can reach out to our support team through various channels for assistance, ensuring that they receive prompt support and updates on outage resolution efforts.

Identity and authentication

• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: When users access our service, we employ a robust authentication mechanism to ensure security. Firstly, we implement Single Sign-On (SSO) solutions, allowing users to authenticate once and gain access to multiple systems and applications within our service ecosystem. This not only streamlines the login process but also reduces the risk associated with managing multiple passwords. Furthermore, we enforce Multi-Factor Authentication (MFA) to add an extra layer of security. Users are required to provide additional forms of verification beyond just a password, such as a one-time code sent to their registered mobile device or email.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Identity federation with existing provider (for example Google Apps)
• Devices users manage the service through: Dedicated device on a government network (for example PSN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 23/06/2017
• What the ISO/IEC 27001 doesn’t cover: Covers: IT & Business Consultancy
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: SOC2, GDPR

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: When changes are proposed, they undergo stringent assessment for potential security impact before implementation. Our change management board, comprising security experts and stakeholders, meticulously reviews proposed changes. These changes are evaluated based on their potential to introduce security vulnerabilities or impact our services' overall security posture. Additionally, we conduct risk assessments to identify and mitigate any potential security risks associated with the proposed changes. Only after these assessments and necessary mitigations are completed do we approve changes for implementation. This diligent approach guarantees that our services remain secure and resilient in the face of evolving threats and changing requirements.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process, aligned with CSA CCM v3.0.1, involves ongoing threat assessment through internal scans, external tests, and monitoring industry threat intelligence. Prioritising vulnerabilities by severity, we deploy patches promptly after rigorous testing. Our information sources include vendor advisories, industry feeds, and collaborative initiatives, ensuring proactive threat mitigation and service security.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our protective monitoring processes swiftly identify potential compromises through automated tools and real-time analysis of system logs and user behavior. When a compromise is detected, our incident response team immediately initiates predefined procedures, including isolating affected systems and escalating the incident as needed. We prioritize rapid response to incidents, guided by predefined service level agreements (SLAs) to minimize impact and ensure the security of our systems and data.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have pre-defined processes in place for common events, which are documented in our incident management framework. Users can report incidents through various channels, including dedicated incident reporting forms on our platform, email, or through our customer support channels. Once an incident is reported, our incident response team assesses the severity and initiates the appropriate response procedures based on predefined criteria, such as impact on service availability or data integrity. Throughout, we provide regular updates to affected users, keeping them informed of progress and resolution times. After resolution, we conduct post-incident analysis to identify root causes and implement preventive measures.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: AWS Virtualisation
• How shared infrastructure is kept separate: Different organizations sharing resources are kept apart through virtualization, network isolation, access controls, encryption, and monitoring. AWS uses virtualization technologies to create isolated environments, ensuring that each organization's data and applications remain separate. Network segmentation is through Virtual Private Clouds and subnetting. Access controls, including IAM policies and resource-based policies, restrict access to authorized personnel only. Encryption is enforced for data in transit and at rest using services like AWS Key Management Service (KMS) and SSL/TLS. Continuous auditing and monitoring through services like AWS CloudTrail and Amazon GuardDuty help detect and respond to any unauthorized access or security incidents.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Our data centers strictly adhere to the EU Code of Conduct for Energy Efficient Data Centres, ensuring optimal energy efficiency and sustainability practices. We employ advanced energy efficiency measures such as optimized cooling systems, server configurations, and renewable energy integration to minimize our environmental impact. Additionally, we prioritize waste heat recovery and provide comprehensive employee training to promote energy-saving initiatives. Regular reporting and benchmarking against industry standards help us track our progress and identify areas for improvement.; ; For further details on our commitment to energy efficiency in the cloud, please visit Amazon's Sustainability page.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our commitment to social value is integral to our values as a business built on an ethical approach demonstrating Glue Reply’s reliability, transparency and honesty.; We can support the buyer to deliver against the Social Value Model Theme of Fighting Climate Change through delivering additional environmental benefits enabling effective stewardship of the environment.; We are ISO14001:2015 certified and since 2012 we have reported our environmental credentials to the Carbon Disclosure Project (CDP.net). We have achieved Carbon Neutral as a whole business since 2023 and aim to produce Net Zero GHG emissions by 2030. We have a clear set of policies and action plan towards these targets.; Our certified environmental sustainability programme includes annual measurement and reporting of document printing, materials recycling, energy saving, energy efficiency, transport and energy consumption. Our KWH consumption per employee is calculated and our transition to renewables including percentage of renewables as a proportion of our total kWH consumption is reported. We complete an annual environmental policy and assessment for our supply chain partners. All our core systems are run in green cloud environments managed by certified providers.; Our cloud services are provided in a carbon-neutral manner including our direct supply chain. A proportion of this is achieved through carbon offsetting and we provide measurements on emissions that demonstrate offsetting ensures our contracts are carbon positive. Our preferred scheme is Forest Carbon (https://www.forestcarbon.co.uk).; At the start of the engagement we will agree the initiatives to implement, incorporate the agreed social value milestones into the wider programme and manage them alongside all other deliverables. A detailed project plan will be prepared and key performance measurements agreed to monitor the progress of the social value initiatives. We incorporate social value implementation and monitoring into the role of the Client Director.

  Covid-19 recovery

  Our commitment to social value is integral to our values as a business built on an ethical approach demonstrating Glue Reply’s reliability, transparency and honesty.; We can support the buyer to deliver against the Social Value Model Theme of COVID-19 recovery through provision of employment opportunities and implementation of people health initiatives to help local communities manage and recover from COVID-19.; We have implemented initiatives to promote opportunities for those who face barriers to employment;; - Enrolled into the Nuffield Research Placement scheme (funded by Nuffield Foundation) to provide placements to disadvantaged and deprived year 12 students providing research opportunities. Individuals who perform well are offered a Degree Apprenticeship place.; - Run a Degree Apprenticeship scheme where we use Generation (a not-for-profit) to cross-train individuals from deprived backgrounds, without necessarily STEM backgrounds in technology. We partnered with Google who commit to provide engineering engagements and training and development on Google Cloud Platform related technologies.; As a responsible employer we have implemented the 6 standards of the Mental Health at Work Commitment, we support our employees no matter what situation they face and have appropriate structures for them to speak to neutral experts 24x7. Both employees and managers are trained on mental health. Post-COVID we actively promote physical activities and have revised working practices to inspire each employee to make their own choices to find their ideal work-life balance.; At the start of the engagement we will agree the initiatives to implement, incorporate the agreed social value milestones into the wider programme and manage them alongside all other deliverables. A detailed project plan will be prepared and key performance measurements agreed to monitor the progress of the social value initiatives. We incorporate social value implementation and monitoring into the role of the Client Director.

  Tackling economic inequality

  Our commitment to social value is integral to our values as a business built on an ethical approach demonstrating Glue Reply’s reliability, transparency and honesty.; We can support the buyer to deliver against the Social Value Model Theme of Tackling Economic Inequality through provision of new business, new jobs and skills and incresaing supply chain resilience and capacity.; We have implemented initiatives to promote opportunities for those who face barriers to employment;; - Enrolled into the Nuffield Research Placement scheme (funded by Nuffield Foundation) to provide placements to disadvantaged and deprived year 12 students providing research opportunities. Individuals who perform well are offered a Degree Apprenticeship place.; - Run a Degree Apprenticeship scheme where we use Generation (a not-for-profit) to cross-train individuals from deprived backgrounds, without necessarily STEM backgrounds in technology. We partnered with Google who commit to provide engineering engagements and training and development on Google Cloud Platform related technologies.; - Run a Code for Kids initiative where we work with schools to teach over 3,000 children across a broad range of schools how to program.; We have a Supplier Code of Conduct and all our suppliers must comply in the areas of labour law and human rights, worker safety and environmental sustainability. Reply operates as set of SME type companies and we understand the benefits that this these organisations can bring and we often select SME’s as part of our supply chain; At the start of the engagement we will agree the initiatives to implement, incorporate the agreed social value milestones into the wider programme and manage them alongside all other deliverables. A detailed project plan will be prepared and key performance measurements agreed to monitor the progress of the social value initiatives. We incorporate social value implementation and monitoring into the role of the Client Director.

  Equal opportunity

  Our commitment to social value is integral to our values as a business built on an ethical approach demonstrating Glue Reply’s reliability, transparency and honesty.; We can support the buyer to deliver against the Social Value Model Theme of Equal Opportunity through tackling workforce inequality, identifying and managing the risks of modern slavery and increasing representation of disabled people.; Glue Reply is committed to promoting equality and diversity and promoting a culture where we actively value difference and recognise people from different backgrounds and experiences bring valuable workplace insights and enhance the way we work. Making everyone feel equally involved and supported results in rewarding work experiences and fuels innovation.; We make employment decisions based on merit, qualifications and competence. Our workforce has high cultural diversity, above industry standards, and has higher levels of gender diversity than industry averages. We have a strong equality ethos and run a genuine meritocracy where individuals are assessed solely on their performance and how their contribution has helped further the organisation.; We are committed to preventing modern slavery in our corporate activities and supply chains.; We have implemented initiatives to promote opportunities to identify and tackle inequality in employment, skills and pay in the workforce.;; • Founding signatory of the Tech Talent Charter; • Women in Technology social network organises events and has an active community.; • Donated some of our BCS Corporate Membership places to Coding Black Females; At the start of the engagement we will agree the initiatives to implement, incorporate the agreed social value milestones into the wider programme and manage them alongside all other deliverables. A detailed project plan will be prepared and key performance measurements agreed to monitor the progress of the social value initiatives. We incorporate social value implementation and monitoring into the role of the Client Director.

  Wellbeing

  Our commitment to social value is integral to our values as a business built on an ethical approach demonstrating Glue Reply’s reliability, transparency and honesty.; We can support the buyer to deliver against the Social Value Model Theme of Wellbeing through supporting the physical and mental health of the rowkforce and community.; As a responsible employer we have implemented the 6 standards of the Mental Health at Work Commitment, we support our employees no matter what situation they face and have appropriate structures for them to speak to neutral experts 24x7. Both employees and managers are trained on mental health.; We perform assessments on wellbeing regularly and our significant annual report on this covers a wide range of dimensions across the business. We present the findings to all employees whilst keeping individual information 100% confidential. We then have our focus group working on these results to drive a culture of continuous improvement; Post-COVID we actively promote physical activities and have revised working practices to inspire each employee to make their own choices to find their ideal work-life balance.; • Our active challenge on Strava rewards employees for taking breaks. For every mile they walk or run we give £1 to charity, with an extra £5 every time during work hours. #WorkLifeBalance has driven an active work-life balance culture with >70% peak uptake.; • Our staff also have access to on-line yoga and fitness programmes.; At the start of the engagement we will agree the initiatives to implement, incorporate the agreed social value milestones into the wider programme and manage them alongside all other deliverables. A detailed project plan will be prepared and key performance measurements agreed to monitor the progress of the social value initiatives. We incorporate social value implementation and monitoring into the role of the Client Director.

Pricing

• Price: £350 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at glue.frameworks@reply.com. Tell them what format you need. It will help if you say what assistive technology you use.