Sopra Steria Ltd

Container Application Platform as a Service (aPaaS)

This aPaaS builds on Red Hat's OpenShift Container Platform (open container standard and Kubernetes) to provide integrated DevSecOps securely as a Managed Service. The preconfigured DevOps environment contains CI/CD pipelines and deployment within a secure cloud environment providing the basis for rapid development and operation of microservice and containerised applications.

Features

• Subscription based Open-Source container-based application PaaS
• Automated DevSecOps CI/CD, pipelines using customer source control management
• Managed runtime supporting rapid Microservice development and operation
• Supported OpenShift platform based on container and Kubernetes architectures
• Extensible runtime to support legacy application, inclusion, and migration
• Resilient, fault tolerant platform using UK AWS data centres
• Polyglot of languages (Java, .NET, Node, Angular, NoSQL, Python)
• Hybrid cloud options using secure and dedicated connectivity
• UK Service desk, aPaaS support, and environment management
• Automated, cloud native security components protecting containers as standard

Benefits

• DevSecOps-as-a-service to increase application delivery speed and quality
• Supports agile development at scale through automated tooling
• Rapid deployment, start/stop aligned to digital service project lifecycle
• Flexible subscription model with service levels
• OpenShift with Sopra Steria’s expertise managing secure cloud containerisation
• Reduced cost of application ownership and budget certainty
• Legacy enablement through migration/integration of existing applications
• Elastic platform, integrate cloud services and additional middleware options
• Accreditable solution with add-on accreditation and security monitoring options
• Managed data access with high availability and resilience

£112,500.00 a unit a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at soprasteria-gcloud@soprasteria.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

500868769862816

Contact

Sopra Steria G-Cloud Team
0370 600 4466
soprasteria-gcloud@soprasteria.com

Service scope

• Service constraints: The following constraints exist within the service ; • Supported running of four application runtime nodes as specified in the Red Hat OpenShift Container platform documentation; • Buyers will configure a VPN to the cloud hosted environment ; • Additional middleware products would be licensed by the Buyer; Note: Additional runtime nodes can be added to the service on request in an elastic manner and will incur additional costs.
• System requirements:
  • Buyers will configure a VPN to the cloud hosted environment
  • Additional middleware products would be licensed by the Buyer

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Sopra Steria offers a technical support service desk for authorised users. Issues can be reported at any time and will be prioritised according to the nature of the issue. Our base service target response time for major issues is 95% within 2 working hours (09:00 to 17:00 on working days); and we aim to resolve minor calls within 10 working days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: The cost of this service includes a standard support package, which provides you with access to a Service Desk and a Service Delivery Manager. You can report issues at any time, and these will be prioritized based on their severity. We aim to respond to major issues within two working hours (from 09:00 to 17:00 on business days) with a success rate of 95%. Our goal is to resolve minor issues within a span of 10 business days. The OpenShift subscriptions included in the service also provide Red Hat support. Additionally, you can access the Red Hat knowledge base at any time, seven days a week.; DevSecOps and application support is available through Sopra Steria’s additional G-Cloud services.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Sopra Steria is committed to collaborating with the customer to tailor the platform according to their unique requirements. This includes the fundamental setup of the standard environment, such as the integration of DevOps tools, which is part of our standard offering.; Should there be any additional needs, these can be catered to through the consultancy services provided by Sopra Steria. This ensures that all specific requirements are met and the platform is customized to the customer's satisfaction.; To facilitate the customer’s understanding and usage of the platform, we provide comprehensive user documentation. This documentation serves as a guide, providing detailed instructions and information about the platform. Additionally, we offer training services upon request. This is an optional service available at an extra cost, designed to provide a more in-depth understanding of the platform and its functionalities. This training can be invaluable in helping users maximize the platform's potential and efficiency.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The extraction of data, whether it be source code, images, general data, or application logs, depends on the specific solution and the customer's preferences. Options are available for customers to handle extraction themselves or to have us manage the process as a chargeable service. ; Source Code: The customer will already have the source code in their possession. However, in cases where a source code repository is offered as an option, the source code can be exported for consumption into a new repository. ; Customer-Specific Images: These images can be duplicated and exported from the Container Registry. This means that any images specific to the customer's projects or applications can be easily copied and transferred out of the Container Registry.; Data Extraction: Customers have the ability to extract their data while they still have access to the environment. Alternatively, we can facilitate the data extraction as part of a chargeable off-boarding activity. ; Application Logs: Similar to data extraction, customers can retrieve application logs while they still have access to the environment. If preferred, we can provide the available logs as part of a chargeable off-boarding activity.
• End-of-contract process: In our base service, the responsibility of extracting customer information lies with the customer. This means that customers are expected to retrieve their own data. This access to extract information is available until the contract ends.; Once the contract is terminated, the environment, including the application runtime environment and all related data, will be decommissioned by Sopra Steria. Therefore, when the contract ends, all the systems and data associated with the customer's account will no longer be available. If the customer needs more time to extract their data, the contract can be extended on a month-by-month basis, according to the terms laid out in the pricing document. This means that customers can choose to extend their contract for one or more months if they need additional time to complete their data extraction.; As an alternative, we offer a service to extract customer information, such as source code, images, data, log information, etc., at an additional cost. If customers prefer, we can handle the data extraction process for them, but this service comes with an extra charge dependent on the specific deployment. Any such charges would need to be agreed as part of contract end discussions.

Using the service

• Web browser interface: Yes
• Using the web interface: We grant access to the Red Hat OpenShift Container Platform Management Console, enabling users to oversee and manage container deployments within the platform. Users can perform various tasks within the environment, including deploying, stopping and scaling containers. To allow Sopra Steria to manage the underlying platform configuration in order to guarantee the service, user access is restricted to the management of containers; Our service incorporates Jenkins, a top-tier open-source automation server. This integration allows clients to utilize a web interface to oversee their continuous integration and continuous delivery pipelines. These pipelines facilitate the construction and deployment of container images within a project.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: None
• API: Yes
• What users can and can't do using the API: We offer direct, native access to the foundational APIs of the Red Hat OpenShift Container Platform. This means that you can interact with the platform at a deeper level, beyond the user interface. The OpenShift API mirrors the capabilities of the web user interface, enabling a wide range of operations. These include the initiation of new projects, overseeing existing projects, generating containers, and managing both deployment and runtime configurations. This comprehensive access ensures that you have the flexibility and control to manage your projects effectively.
• API automation tools:
  • Ansible
  • Other
• Other API automation tools:
  • Jenkins
  • Tekton CI CD
  • OpenShift S2I builders
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: The Red Hat OpenShift Container Platform provides users with the ability to interact via a Command Line Interface (CLI) tool. This tool is designed to replicate the capabilities found on the web console, thus allowing users to execute the same operations directly from the command line within the OpenShift Container Platform environment.; It's important to note that each user's access and permissions are meticulously controlled by their unique authentication model, which enforces Role-Based Access Control (RBAC) and additional security measures. This model allocates privileges in accordance with the user's role, effectively constraining the range of actions they can undertake within the platform.; The RBAC mechanism is a fundamental component of the platform's security strategy. It ensures that users can only access resources and perform actions that align with their assigned roles. This mechanism establishes a strong and secure framework that inhibits unauthorized access and preserves the platform's integrity. Therefore, while the CLI tool provides adaptability and ease of use, it also adheres to the rigorous security standards of the Red Hat OpenShift Container Platform.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: The Container Platform is hosted on dedicated resources within the AWS public cloud, specifically deployed in an AWS account that is unique to each client. This setup ensures segregation and is a key component of the service provided to the customer. The objective is to uphold the service quality, making certain it is not influenced by the requirements of other customers.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics: Container availability, health and resource allocation
• Reporting types:
  • API access
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: All data at rest is safeguarded using encryption services. These services are provided by our trusted third-party cloud service provider, Amazon Web Services (AWS). The decryption keys, which are crucial for converting the encrypted data back to its original form, are securely stored within AWS's Key Management System. This robust multi-layered security approach ensures that the client’s data is not just stored, but it is stored with the highest level of protection maintaining the integrity and confidentiality of client data.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • OpenShift environment and supporting Containers
  • 2. Volumes attached to Containers
• Backup controls: Our base service includes daily backups for the OpenShift Environment and its attached volumes. If you need more frequent backups for any service component, we can arrange this during the onboarding process. Please note, this will incur extra charges.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: Other
• Other protection within supplier network: Within the AWS network client specific data is held within a segregated VPC and Account. AWS is responsible for ensuring segregation of customer data. Within the VPC and account dedicated storage is provided to the client. Access to the OpenShift Container Platform environment management is secured using user RBAC. Application access can be secured by the client using the single sign on capability present within the environment. OpenID / OAuth tokens are typically used to secure application access to specific users with specific roles.

Availability and resilience

• Guaranteed availability: Our Container aPaaS platform is engineered to be a Highly Available (HA) solution, leveraging HA configurations for essential services. This design aims to achieve an impressive availability target of 99.95%, ensuring that applications are accessible nearly all the time.; It’s important to note that these availability targets are set without any associated penalties for the supplier. However, we understand that different businesses have unique needs and may require different availability targets or a service credit regime. ; We are open to discussions about tailoring these aspects to better suit the buyer’s specific requirements. Please note that customizing these targets or implementing a service credit regime may incur additional costs. We believe in flexibility and are committed to working with you to find the best solution to meet the buyer’s business needs.
• Approach to resilience: The service is deployed in a High Availability architecture as recommended by Red Hat with nodes split across the UK AWS Availability Zones (logical Data Centres). Additional detail is available on request.
• Outage reporting: As part of our standard monitoring service we provide an adequate level of system health monitoring of our solution to ensure it is stable and has enough resource to operate effectively. Our standard checks include testing devices for connectivity, verifying log feeds and infrastructure resources (e.g. CPU, memory, storage capacity, etc.). In our standard implementation this service is integrated with our service management toolset which allows IT related alerts to be automatically directed to the relevant team for prompt resolution. In addition, depending on the client requirements, we can implement additional features to provide an enhanced monitoring and management service with metrics on application availability and business processes. We can also include more mature capabilities such as extended log retention, enhanced service desk support, and protective monitoring service. Moreover, we provide our Remote Operations Centre (ROC) which monitors the health of our client IT systems 24 x 7 in a bid to prevent any outage from happening.

Identity and authentication

• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: OAuth token based authentication to access restful API and web console access as per Red Hat OpenShift Container Platform documentation found at https://docs.openshift.com/container-platform/4.10/authentication/index.html.
• Access restrictions in management interfaces and support channels: Access to platform management interfaces is governed by role-based access controls, which assign permissions based on job roles. Additionally, access to the AWS hosted infrastructure and OpenShift console will be via required VPN. ; Customers who need to access the management interface of the Red Hat OpenShift Container Platform must undergo an authentication process. This is limited to certain pre-identified individuals to ensure security and control.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Management interfaces are restricted to Sopra Steria staff using role based access controls. Additionally, conditional access rules are in place to control the locations from which access is permitted. Multi-factor authentication (MFA) is also employed to enhance security. Customers accessing the Red Hat OpenShift Container Platform management interface will require to be authenticated which will be restricted to specific named individuals. The option to configure federated integration with the customer's identity source allowing for seamless user authentication and access management is available upon request.
• Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV Business Assurance, London, SE1 9LQ, United Kingdom
• ISO/IEC 27001 accreditation date: Date of last re-certification: 01 December 2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Sopra Steria has established an Information Security Management System (ISMS) and comprehensive set of security policies as part of its ISO27001 certification with an overarching ‘UK Corporate Security Policy’ issued by Sopra Steria’s UK Head of Corporate Security and approved by the UK CEO. We have a robust set of security processes and controls to ensure security is effectively embedded in our organisation and these are all subject to both internal and external audit as part of our certification requirements. These controls and processes are systematically applied to our client operations which thus comply with ISO27001. Sopra Steria also adheres to HMG Information Security and Information Assurance Standards, the Cabinet Office’s Security Policy Framework (SPF) and HMG Good Practice Guides, and is also certified under NCSC’s Cyber Essentials Plus scheme. Sopra Steria has a Corporate Information Security team led by the Head of Corporate Security who has the delegated responsibility from the Board for operating our ISMS. As part of our security governance, we have established a Corporate Information Security Forum (CISF) that meets quarterly sits below, and ensures that the ISMS is being maintained at an operational level. The CISF reports into the Information Security Steering Board (ISSB).

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management process is aligned with ITIL and ISO20000 best practice and includes: ; Maintaining a Service Asset and Configuration Management Database (CMDB) to enable Incident, Changes and Problems to be tracked against the affected Configuration Items ; Recording, tracking, reporting and auditing of Configuration Items (CIs) in relation to the Solution both physical and virtual ; detail the relationship between Configuration Items aiding in Change impact assessment as well as Incident and Problem Resolution; Use of Change Advisory Board to impact assess any changes including relevant stakeholders (including Security) and ensure change is managed including any appropriate rollback processing
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Sopra Steria employs robust security measures on its platform, leveraging Amazon Web Services for threat detection. Automated vulnerability scanning is performed during image creation. Compliance is ensured through automated CIS benchmark testing and vulnerability scanning of all systems and containers. Network controls, firewall capabilities, and Data Loss Prevention (DLP) aid in meeting compliance requirements for system segmentation and isolation. Risk reporting and scoring mechanisms help mitigate attack risks. Patches are regularly applied to the underlying OS and OpenShift service for enhanced security.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Sopra Steria is able to provide Security Operations Centre services for protective monitoring is available as an additional optional service.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our standard approach to incident management is aligned to ISO20000 and ITIL best practice. ; • Incidents logged and monitored throughout their lifecycle ; • Incidents are categorised with relevant resolution prioritisation and target closure time ; • Root cause analysis is undertaken and uncorrected errors transferred to Problem Management ; • Prompt communication of service failures to manage the expectation of users ; • Perform lessons learnt from incident as part of our continuous improvement ; • Exceptional major incidents are assigned an accountable manager who will drive appropriate stakeholder engagement ; • Reporting and analysis is reflected in service reporting to the customer

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Amazon Web Services (AWS)
• How shared infrastructure is kept separate: AWS provides segregation of client data and activity through their platform. Details are available on AWS website. Each buyer’s Container Platform is hosted on dedicated resources within the AWS public cloud, specifically deployed in an AWS account that is unique to each client. This setup ensures segregation and is a key component of the service provided to the customer.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: AWS has always focused on energy efficiency and continuous innovation in its datacentres in order to reduce energy usage and increase operational excellence. Its scale also allows AWS to achieve higher resource utilization and energy efficiency than the typical on-premises datacentre. In fact, 451 Research found that AWS’s infrastructure was 3.6 times more energy efficient than the median of surveyed enterprise datacentres, with more than two thirds of this advantage due to a more energy efficient server population and higher server utilization.; Amazon has become the largest corporate buyer of renewable energy in the U.S. after announcing 14 new projects in North America and Europe. The projects bring Amazon’s total renewable energy investments to 10 gigawatts of electricity production capacity—enough to power 2.5 million U.S. homes.; Already the largest corporate buyer of renewable energy in Europe and globally, Amazon continues to advance its ambitious goal to power 100% of its activities with renewable energy by 2025—five years ahead of its original target.; The latest announcement means Amazon now has 232 renewable energy projects around the world, including 85 utility-scale wind and solar projects and 147 solar rooftops on facilities and stores worldwide.; For more information, visit https://sustainability.aboutamazon.com/

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Sopra Steria has committed to becoming Net Zero by 2028 and has been ranked in the top 1% of companies globally by CDP placing us on the A-list for our work tackling climate change over the past 5 years. ; ; Our work has a direct positive impact on our client’s services, for example through lower emissions, reduced waste, and more sustainable supply chains. ; ; Additional environmental benefits: We also provide contract-specific sustainability programmes for clients, which are designed & deployed by our team of Sustainability Consultants. During procurement, these experts will develop a sustainability programme based on a clients objectives, the material impacts, and opportunities within the service. ; ; We have experience in… ; • Undertaking service environmental impact assessments ; • Measuring energy consumption, and emissions generated, required to deliver a particular service (e.g., office use, business travel, use of technology and supply chain); • Evaluating the sustainability of technology products (e.g., GGICT, Energy Star, as well as product and service foot printing) ; • Making business case-backed recommendations, implementation roadmaps for improvements ; • Delivering improvement programmes ; • Reporting performance, using recognised reporting standards, accounting methods ; ; Influencing staff, suppliers, customers and communities: regarding our staff, we feature sustainability in our employee communications, and offer all employees paid volunteering time which can be used to support sustainability activities, such as beach cleans and climate hackathons.

  Covid-19 recovery

  Employment, re-training and other opportunities: In the high-growth Digital sector, Sopra Steria is continually developing the skills of our workforce, including via upskilling and reskilling initiatives, e.g. via a new Career Coach, or by extending our apprenticeship programme.Through our ‘Tech for Good’ programme, and the various Social Value programmes we design and deliver for our customers, we focus on jobs and skills for disadvantaged and under-represented groups, including those disproportionately affected by Covid. ; ; People and communities: Our ‘Tech for Good’ programme is designed to provide people, small businesses and VCSEs with skills they need to thrive and is focused on those from disadvantaged or under-represented communities. Since the beginning of the pandemic, we have transitioned to a hybrid-virtual programme to ensure continued accessibility. For example, we worked with ELATT, a digital skills charity, to create hybrid learning, ensuring those who were shielding or otherwise unable to access classroom learning, as well as those who most needed to be in a classroom to support their learning, could still participate. ; ; Organisations and businesses: In the first year of the pandemic, we ran free training courses for charities and SME’s – offering Microsoft Teams training and modules on cyber security and resilience. We continue to offer pro-bono consulting for charities to help them use technology to better serve their communities. ; ; Physical and mental health needs: Since the pandemic, we have put in place measures to prevent and manage risks to employee wellbeing – including the wellbeing of contracted staff – together with appropriate training and individual support, and initiatives to raise awareness of mental health issues at work. We have also trained ca. 60 Mental Health First Aiders. ; ; Workplace conditions: All our office locations have strict Covid safety protocols, with considerations for cleaning, ventilation, and occupancy.

  Tackling economic inequality

  1) New businesses, jobs, and skills ; ; Entrepreneurship and SMEs: Sopra Steria adheres to the Prompt Payment Code. SMEs provide us with innovative and agile solutions and deliver 50% of our work. ; ; Barriers to employment: We provide education, skills training and employment opportunities, such as mentoring, for those facing barriers to employment. ; ; Skills shortages: We address the digital skills gap inside and outside of our business through in-work and community learning opportunities. ; ; Educational attainment: We offer a number of skills development programmes, including apprenticeships. ; ; Influence: Staff are encouraged to use paid volunteer time to support our community innovation, entrepreneurship and employability initiatives. ; ; Suppliers must comply with our Supplier Code of Conduct, which requires workforce skills development. ; ; Our customer social value programmes include business competitions and work experience placements. ; ; We work with community organisations such as Villiers Park and Career Ready to deliver business, jobs, and skills programmes. ; ; 2) Supply chain resilience and capacity ; ; Diverse supply chain: We work to improve supplier diversity by… ; • Making it easier to do business with us ; • Measuring current supply chain diversity ; • Creating new VCSE partnerships ; ; Innovation & new methods: Through horizon-scanning, supplier & industry collaboration, we support development of new technologies that improve public services, like our ethical data-driven approaches to serving vulnerable citizens. ; ; Collaboration: We have obtained the ISO44001 Collaborative Business certification. ; ; Cyber security: We are certified to Cyber Essentials Plus and ISO27001 standards. We require our suppliers to have resilient information security processes, and flow down necessary cyber standards. ; ; Influence: Staff undertake cyber security training, and participate in our innovation processes.; ; Suppliers are engaged through our Collaborative Business approach and must adhere to strict security requirements. ; ; We share knowledge with customers via our social value programmes, continual service improvement, industry engagements. ; ; We participate in community resilience, innovation forums such as techUK.

  Equal opportunity

  Sopra Steria’s vision is to create an inclusive culture that embraces difference as a source of creativity, innovation, and competitive advantage. Our Equality, Diversity & Inclusion (EDI) strategy, overseen by a dedicated EDI Manager, applies to contract workforces. ; ; 1) Disability employment gap ; Representation: We are a Disability Confident Committed Employer. Our partnership with Vercida helps us improve diversity through recruitment. ; ; Skills development: All employees are given access to on-and-off-the-job development. We also have initiatives such as our Disability Network, and also our partnership with Business Disability Forum which supports disabled employees in their skills development. ; ; Staff, suppliers, customers and communities: ; Staff - all employees can join our Disability Network. Our Disability Steering Group has employee representation and executive-level sponsorship. ; Suppliers - our Supplier Code of Conduct requires all suppliers to maintain high standards of EDI in their workforces. ; Customers - we regularly work with clients to improve accessibility in digital services. Example, we are providing insight to a client on the effects of digital transformation on accessibility. ; Communities - we work with community representatives in the design and delivery of our disability work.; ; 2) Workforce inequality ; Identify and tackle inequality: We have a range of initiatives to identify, tackle inequality in our workforce, e.g.: ; • Diversity data dashboards help us understand EDI indicators and inform our programmes. ; • Employee inclusion networks give employees in under-represented groups a voice in our EDI strategy. ; • We are working to recruit more people from under-represented groups. ; ; In-work progression: We offer opportunities for people from under-represented groups, such as our Female and Black and Ethnic Minority Employee mentoring programmes. ; ; Modern Slavery: as signatories to the UN Global Compact, we actively work to prevent human trafficking through pre-employment checks and transparent recruitment practices. Our Supplier Code of Conduct includes requirements for demonstrably preventing modern slavery.

  Wellbeing

  Sopra Steria is fostering a workplace where our people are actively supported to be healthy & well, and can talk openly about their mental health. ; ; 1) Improve health and wellbeing: Our company-wide health and wellbeing programme is for all our employees, including contracted staff, and includes…; • Work-life balance policy providing flexible and remote working options ; • Extensive employee assistance programme ; • Range of healthcare benefits ; • Employee Trust, providing financial support in times of hardship ; • Mental Health First Aiders, now with 60 trained staff ; • Calendar of virtual classes, including fitness, meditation, stress management, nutrition, and resilience ; ; 2) Improve community integration: ; ; Our outcomes-focused, and user-centred approach to Social Value means that in creating programmes for our clients, we engage community representatives by conducting user research and needs analysis. ; ; Health, wellbeing & community integration: influence staff, suppliers, customers, and communities: We engage all stakeholders in our Social Value work on Wellbeing, for example… ; Staff - in addition to the staff support described, we also equip our people to support others’ wellbeing, for example by ensuring people managers have additional wellbeing training and objectives. ; Suppliers - our Supplier Code of Conduct requires all suppliers to support the health and wellbeing of their workforce. ; Customers - our Social Value consulting team designs Social Value programmes tailored to clients’ Social Value priorities, including Health & Wellbeing. For example, we are providing pro-bono consulting to a national mental health charity to help them identify how to use technology to improve outcomes for service users. ; Communities - To play a positive role in all our communities, all employees are given 3 days paid volunteering annually, and we offer matched funding to support charitable fundraising.

Pricing

• Price: £112,500.00 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at soprasteria-gcloud@soprasteria.com. Tell them what format you need. It will help if you say what assistive technology you use.