Red Ant Digital

Red Ant Cloud Hosting

A cloud platform-as-a-service for applications, with a particular focus on
data collection, ingestion, integration and orchestration. Typical use
cases include pharmacovigilance for monitoring drug safety/adverse drug reactions, device incidents and vigilance, at-scale data collection, backend services for consumer-facing webforms, websites and mobile apps, or other datacentric developments.

Features

• Data orchestration
• Systems integration
• Front-end templates
• Data ingestion
• Data cleansing
• Data storage
• Analytics

Benefits

• Securely collect data directly from users
• Integrate multiple sources of data together
• Provide a simple backend for public-facing websites
• Compare and reference multiple data sources
• Quickly develop new APIs
• Provide easy-to-use reporting interfaces

£30,000 an instance

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@redant.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

512200099122454

Contact

Sarah Friswell
08454593333
enquiries@redant.com

Service scope

• Service constraints: No significant constraints
• System requirements: A Red Ant application platform licence

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Red Ant Service Desk will process all Service Requests within business hours: 9:00 – 17:00, Monday to Friday, excluding UK public holidays and following SLAs where appropriate. ; ; Red Ant Service Desk will process P1 incidents 24/7 without limitation. All P2-P3 incidents will be processed within business hours: 9:00 – 17:00, Monday to Friday, excluding UK public holidays and SLAs apply within these timeframes only.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Red Ant will prioritise all Incidents from P1 to P3, using impact and urgency to determine this. ; ; Red Ant Service Desk will process P1 incidents 24/7 without limitation. All P2-P3 incidents will be processed within business hours: 9:00 – 17:00, Monday to Friday, excluding UK public holidays and SLAs apply within these timeframes only.; ; Note that the management of all incidents is non-chargeable where the fault is found to lie within Red Ant. Where an incident has occurred due to a change by the client or a 3rd party within the responsibility of the client, the time required to resolve the incident will be charged to the client’s service request budget.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide onsite training and induction, and we have; online documentation available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data can be extracted via the API or we can provide a data dump as part of our professional services. Flows and pattern designs can also be extracted via the web interfaces in a standard JSON format.
• End-of-contract process: Any end-of-life and handover needs at the end of the contract are analysed and a bespoke handover plan is created at a cost agreed by both parties.

Using the service

• Web browser interface: Yes
• Using the web interface: The web interface offers drag-and-drop workflow development; and editing, integration management, light coding capability for; data manipulation and transformation, and automatic; provisioning, deployment, version control and team management.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: The interface is broadly accessible to users using assistive; technologies, but specific accessibility features have not yet been; developed.
• Web interface accessibility testing: No specific testing.
• API: Yes
• What users can and can't do using the API: Any feature that is available through the web interface can be; quickly exposed as an API - it has full access.
• API automation tools: Terraform
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Each user is given a single tenant VPC on dedicated infrastructure.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Amazon Web Services

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual instances
  • Databases
  • Content Files
• Backup controls: Backup schedules are defined based on scope and are changed at an engineering level - backup options can be added to the system if required.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Uptime of 99.5% excluding downtime caused by scheduled maintenance, emergency maintenance or a force majeure event. Downtime is measured from the time a trouble ticket is opened by the customer until restoration of the hosted service. Service credits for service outages are subject to individual agreement.
• Approach to resilience: We follow best practices as outlined in Amazon Web Services' "Well Architected Framework: Reliability Pillar" documentation.
• Outage reporting: Individual application statuses are provided within the application control panel. General outages and status updates on resolutions are delivered as email alerts.

Identity and authentication

• User authentication:
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Typically we apply a permissions system based on the following factors: user authentication; user role, location, device. Access restrictions are defined as part of the project.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: 13/03/2017
• What the ISO/IEC 27001 doesn’t cover: UK operations only
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Self Certification
• PCI DSS accreditation date: 15/02/2017
• What the PCI DSS doesn’t cover: Anything outside of PCI-DSS Questionnaire D (ie storage of credit card data)
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Red Ant has a ISO27001 approved Information Security Manual that is followed internally. Full information on our policies and process is available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Key information and system assets are tracked on physical & information asset registers that include risk assessment and impact of the system/asset. Change management systems (JIRA kan-ban boards) are in place for each product and an overall information security board. Change requests are raised as tickets and go through an operation/business & technical reviews before being implemented.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Automated monitoring and logging of systems is in place on all products. Our suppliers operate regular venerability assessments & patching, and provide us information about potential threats. Potential / identified threats and vulnerabilities are raised in the relevant IS change management system for review and resolution.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Monitoring and alerting for unauthorised activity / compromises is available on our systems & products. A list of monitoring & alerts is available on request.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: IS incidents identified are recorded on a Security Incident Report Form following the procedures relating to the identification, control and recording of incidents handled using existing escalation procedures when required. Information security events are assessed by the ISMS Committee and ISMS Manager to determine if they are to be defined as information security incidents. When relevant, details are referred to more senior management. All comments and actions arising from any incident are recorded on the Security Incident Report Form and appropriate action is instigated.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Heroku
• How shared infrastructure is kept separate: Heroku provides virtualised OS instances referred to as Dynos that operate a running Docker image in a virtual sandbox. This virtual instance has its own network stack and access to resources.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Renewable Energy - AWS is committed to running our business in the most environmentally-friendly way. As part of Amazon’s commitment to achieving 100% renewable energy, AWS exceeded 50% renewable energy usage for 2018. ; ; Cloud efficiency - AWS’s infrastructure is 3.6 times more energy efficient than the median of the surveyed U.S. enterprise data centers. More than two-thirds is attributable to combination of more energy efficient server population and much higher server utilization. AWS data centers are also more energy efficient than enterprise sites due to comprehensive efficiency programs. When factoring in the carbon intensity of consumed electricity and renewable energy purchases, which reduce associated carbon emissions, AWS performs the same task with 88% lower carbon footprint..; ; Reducing water used for cooling in AWS data centers - AWS has multiple initiatives to improve our water use efficiency and reduce the use of potable (drinking) water. AWS develops water use strategy by evaluating climate patterns for each AWS Region, local water management and availability, and the opportunity to conserve drinking water sources. We assess both the water and energy usage of each potential cooling solution to select the most efficient method; Evaporative cooling, Recycled water, Onsite water treatment, Water efficiency metrics.

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Covid-19 recovery

  In March 2020, when Red Ant made the decision for the entire team to work from home ahead of the Government announcement, the leadership team took extensive measures to ensure that the team remained connected and supported throughout a challenging period where it was all too easy to feel isolated and uncertain:; • our all-company meeting was increased in frequency to weekly, with complete transparency over what Red Ant was doing and how the business planned to cope, including income, outgoings and how they affected everyone individually; • support networks in the form of Slack channels and Zoom calls were set up to provide a day-to-day connection for team members, from book groups to daily quizzes, lunch and breakfast clubs; • all-team wellbeing initiatives, including a 12-week wellness programme with a professional life coach covering sleep, mental health sessions, healthy eating, yoga and Pilates, as well as virtual quizzes and escape rooms; • sharing and celebration of successful projects, including the team’s work with the Government on MHRA’s covid-specific yellow card system, which boosted team morale as it made a significant difference to the rollout of safe, effective treatment for covid and, ultimately, the delivery of vaccinations; This allowed the business to not only survive but thrive, with the team growing by 33% and the business seeing its best year from a commercial perspective.; Following a year of disruption and adaptation to new ways of working due to the pandemic, the leadership team made the decision to transform Red Ant into an employee-owned business which is now 60% owned by the team. We set up an Employee Ownership Trust (EOT) as an alternative to traditional business models where profits are solely enjoyed by investors and business leaders, as a progressive way of doing business that benefits all employees.

  Equal opportunity

  Red Ant is passionate about diversity, equality and encouraging the progression of everyone. Unique among technology companies, Red Ant is an employee-owned business with a team that comprises:; • 59% women across all roles from boardroom to developers, including our CEO; • a wide range of ages – school leavers up to 50+, some who have worked for the company for more than 10 years and others who have joined straight from education or as part of an apprenticeship, opening up opportunities for women and others without traditional work histories; • women returners to work and career changers who were actively recruited for their life skills as well as their work skills; • a truly diverse group of people who are both neurotypical and non-neurotypical; We have introduced working practices that specifically support women and those with caring responsibilities:; • core hours are designed to enable parents and carers to spend time with their families when they need it most at the beginning and end of the day; • hybrid working patterns mean that the team spends at least some of the week working from home, which makes a significant difference to childcare arrangements and their cost as well as other responsibilities including caring for elderly relatives; • Red Ant is always prepared to discuss and develop roles to support the team’s lives outside work – for example, the business adapted a sales support role for a talented client-facing team member when she needed to adjust her work pattern to care for her children

  Wellbeing

  Because we have such a diverse team, we recognise the importance of providing a safe space for people to reach their full potential and be themselves without judgement or discrimination. We also have a comprehensive programme for supporting and spreading awareness of mental health issues on both a team and individual level – for example, to recognise World Mental Health Day, we took part in the Lord Mayor’s Green Ribbon scheme and organised a range of wellbeing activities for the team. We believe this kind of security makes for a truly honest way of working which brings clarity to both relationships within the team and working styles within projects. It also allows us to identify where people may need more help and support, giving us the opportunity to work with them to overcome any challenges before they feel overwhelmed.; We recognise that we are all individuals with different working styles and unique needs, based on our roles, talents and preferences. We adopt an open door, open mind policy based on encouraging people to talk about their needs, listening to what they have to say and, where possible, making changes to support them. As examples, we have signed up to Spill, a dedicated resource which offers access to therapy for all team members whenever they need someone to talk to, and some of our neurodiverse team members use noise-cancelling headphones and are able to request other team members to sit with them as a ‘mirror’ to help them concentrate on intense tasks. ; We also run all-company wellbeing sessions, from yoga and Pilates to advice about sleep, healthy eating and gratitude journaling.

Pricing

• Price: £30,000 an instance
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@redant.com. Tell them what format you need. It will help if you say what assistive technology you use.