JBi Digital

Web Application Development

JBi creates custom-built, interactive and secure cloud-based apps for your business that are completely bespoke and cost effective.

Our collaborative, user-centred approach to web app development is driven towards bringing your organisation the best possible engagement and results with optimal technology.

Features

• The best combination of frameworks
• Agile & transparent project management
• Rigorous validation & quality assurance testing

Benefits

• Access to our web app development experts
• Bespoke, cost-effective, secure, and validated web app creation
• A multi-platform, interactive, and personalised experience for your users
• Maximum automation requiring little or no manual intervention
• The reassurance of ongoing hosting, testing and maintenance
• Support from a team that feels like your own

£640 to £1,320 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@jbidigital.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

556169517413494

Contact

David Gelb
0207 043 2510
tenders@jbidigital.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: When proprietary services are used and they incur any licence or other fees, the supplier (client organisation) will be responsible for covering these. In addition, this will not be required if any open source software is utilised.
• System requirements: Software licences for commercial use

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: All response times are defined as part of our Service Level Agreements (SLAs) and tailored for each client’s specific requirements. We also carry out regular reviews to ensure that all services listed in the SLA’s are being adhered to.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: JBi provide a range of support services to suit each client’s requirements. Services include design, development, security, marketing, testing and hosting. In addition to a ticketing system, JBi offer a personalised account management service to discuss all aspects of the account. All services are charged at the same rate as part of the support contract. The only additional support charges are for out of hours which is charged at 1.5 our normal day rate.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As part of our service, JBi offer a tailored training session on the system being developed. Training can be delivered at JBi Head Office, on-site or via a webinar. JBi can also offer additional training sessions, user guides or application support as part of an ongoing maintenance agreement at the end of the project. Our solution architects will also prepare an easy-to-follow technical document that lays out the end-to-end design of your solution and shows you how the software, hardware and data will work together to meet your needs.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Word document
  • Email
• End-of-contract data extraction: There will be a handover or extraction of the database depending on where the database is stored. This can be done via CSV or database-export and will depend on the requirements of the new product owner.
• End-of-contract process: We have a defined Project Exit Plan which will be explained in detail in a handover session between our team and the new product owner. This plan will cover things like the end of contract agreement, project specifications (including digital assets, domains, SSL etc) and any research that was done, tailored to each product and owner. JBi will be available for the entire handover phase (timeline dependant on SLA) to make sure we assist with the transition at every step of the way.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/A
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Services reliant on APIs provided by respective platforms
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We create tailored, scalable headless architecture, APIs and platforms that put you in control across all your touchpoints and give your users a fast, seamless, personalised experience that no off-the-shelf solution can match.

Scaling

• Independence of resources: This depends on the size of the solution or digital platform. We offer isolation solutions for both single- and multi-tenant functions, and monitor demand and adjust available resources as needed via alerts that are set up at the beginning of each project. Resource scaling is available as needed and would be an additional charge.

Analytics

• Service usage metrics: Yes
• Metrics types: Drupal and similar software's built-in data analytics tools. Additional tools such as Google Analytics may also be incorporated, as well as specialist tools like Hotjar, and Matomo, and accessibility tools for other service usages. We also offer uptime/downtime availability monitoring for all servers.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data export requirements depend on individual system restrictions and requests from end users, and are driven by specific business requirements.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • (if required) Word document
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • Direct or partial database imports
  • Excel imports

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Availability is dependent on the particular platform, and any SLAs are tied to that platform uniquely and specifically. ; SLAs are agreed on a per-customer basis covering aspects relating to workload. Most of the SLAs are to 99.95%+ uptime levels.
• Approach to resilience: We provide tailored solutions with baked-in resilience. Our professional services include web-app firewalls and advance DDoS mitigated solutions. Solutions are based upon discussions with each customer and tailored to their project requirements. Further information is available upon request.
• Outage reporting: Primary, public, and customer information is reported primarily by email alert. Should SMS notifications be required, we can add these at an additional charge. Internally, we have a number of tools and closed monitoring systems that allow us to monitor outages, and other service reporting indicators.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Role-Based Access Controls (RBAC) are defined at the outset of all admin and management systems. These define user permissions within each interface, ensuring only authorised personnel have access to specific functionalities.; Multi-Factor Authentication (MFA) is mandatory for all management interfaces and support-channel access, significantly enhancing security.; Secure Protocols, such as SSH with strong ciphers and public-key authentication for encrypted communication, can be provided. ; Firewall rules and IP restrictions control access to our tools, servers, and back-end development platforms.; User management reviews of system users to ensure only active users who need access have access and are actioned periodically.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: CyberEssentials and CyberEssentials Plus Certification guidelines are strictly adhered to.
• Information security policies and processes: We have a number of different of policies and procedures we adhere to, most notably, we have achieved accreditation from CyberEssentials/CyberEssentials Plus Certification, and we are working towards accreditation in ISO-27001.; ; Our fundamental procedures include physical personnel security considerations, which are covered by internal security operating procedures.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We follow a defined approach to changes based on impact analysis and controlled through release logs and patch logs, depending on the SLA requirements.; ; When changes are required to infrastructure, the tech team implement these and revert back to the customer.; We also have a roll-back process if changes don't get implemented.; Finally, we implement subversioning and version control by specific IDs, as well as look at up-and-coming end of life processes where appropriate.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We subscribe to several sources that monitor vulnerability across all systems. More information on these sources, both internal and external, is available upon request.; Our management approach centres around identification and classification: We identify the urgency of the vulnerability through a needs assessment, then categorise it into two levels: priority and severity. Based on that, we will take action in a specific time frame.; We offer IT health checks and penetration scanners on a case to case basis, with frequency dependent on the customer.; For critical patches and urgent security issues, our turnaround is 24hrs-5 days (depending on threat assessment).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We do a threat assessment based on severity and priority. Our assessment is based on the particular kind of threat, as divulged by the monitor - for example, user access, rogue users, etc.; We also monitor trends over a defined period of time.; ; Response to critical-level threats is usually within the hour response. Response time is based on the severity of the threat, as well as the client SLA.; ; We alert stakeholders via phone and email communication depending on threat severity. ; ; Our IPS system is integrated with our IDS system in order to serve fast and accurate assessments.
• Incident management type: Supplier-defined controls
• Incident management approach: The incident management process starts with the identification and assessment of the priority and severity of the issue/event. ; Incident responses are worked on in accordance with client communications plans to provide quick and clear communication updates and deploy a team of professionals to address the incident and bring services back to a normal state.; The JBi tech team plays a crucial role in mitigating the incident on our end for the fastest possible resolution. Communication with the end user about the incident depends on the client's SLAs and specific agreements.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  JBi Digital is aware of its responsibility to the environment - our teams employ industry best-practices for environmentally friendly web development. All websites are designed and developed with streamlined, user-optimised navigations, optimised imagery and UK-based hosting providers to minimise the amount of CO2 production per view. Clients are given the option to have their website's environmental footprint assessed pre- and post-launch, with recommendations made on how to reduce their impact further. In addition to a best practice approach to development, JBi Digital offers a "Cycle to Work" scheme to all employees, encouraging the use of environmentally friendly commuting options as an alternative to public transport and cars. The office is also set up with clear recycling stations for recyclable items, such as plastics, compost, and glass.

  Covid-19 recovery

  The JBi team has adapted its service to streamline post-pandemic operations, offering both in-person and remote meetings while maintaining a "business-as-usual" relationship with all clients. Employees retain the option to work from home and isolate where necessary, but are now being encouraged to return to the office for at least two days a week in order to supplement the local economy. The agency is also actively involved with The Childhood Trust, London's child poverty charity, as it seeks to mitigate the impacts of COVID-19 on disadvantaged children in the capital. Whilst childhood poverty was prevalent before the coronavirus pandemic, its scale and complexity has been compounded by recent economic and political circumstances. Founded in 2013, The Childhood Trust supports grassroots charities and projects across the city through match-funding, with the goal of providing aid to the 700,000 children in the capital living below the poverty line. By funding local projects, supporting children through volunteering and advocating for disadvantaged families, The Childhood Trust is alleviating the pandemic's impact on London's vulnerable youth. JBi Digital has been The Childhood Trust's long term digital partner since 2020, and launched an award-winning website for the charity in 2021. JBi Digital has also run several digital campaigns that have helped increase the number of donations and level of awareness the charity receives.

  Tackling economic inequality

  JBi Digital is keenly aware of the social responsibility it has to its employees, clients and local community. In order to fulfil this responsibility, JBi: - Offers above minimum wage to all employees - Actively supports employees in fast tracking their careers, investing in training and education - Recruits from across the UK without socio-economic bias - Commits a portion of its revenue every year to charitable causes JBi Digital is also proud to have been The Childhood Trust's long term digital partner since 2020. Founded in 2013, The Childhood Trust is London's child poverty charity. It supports grassroots charities and projects across the city through match-funding, with the goal of providing aid to the 700,000 children in the capital living below the poverty line. As part of this partnership, JBi was appointed to design and build a new website for The Childhood Trust on a pro bono basis, reinvigorating the charity’s brand and digital presence. The website was launched in 2021, and has more-than-doubled the Trust’s online donations since launch. It was named "Best Non-Profit Website" at the WebAwards 2021. JBi continues to support The Childhood Trust in any way it can as it strives to tackle economic inequality. In previous years, members of the JBi London team have volunteered for the charity's "Decorate a Child's Life" campaign and raised over £1,000 for the charity by running a 5k Tough Mudder.

  Equal opportunity

  Inclusion and equality of opportunity are both a key part of our internal and recruitment culture. We always hire for talent and are constantly looking for ways to increase the diversity of our recruitment pool. We use data to ensure that our team is both skilled and diverse. By working with mentoring and apprenticeship programmes that focus on candidates from poorer socio-economic environments, we provide opportunities to such recruits to get a foothold in the industry. Our interview panels are always made up of a mix of races and genders. We will continue to review our recruitment process to ensure fairness throughout. We make regular donations to charities which raise awareness of racism in the workplace and fight for economic diversity as part of our ongoing social responsibility.

  Wellbeing

  Employee wellbeing is a priority for JBi's leadership team, and integral to the agency's ways of working. Internally, we hold ourselves to five key values, the most important of which is respect. This applies to both our clients and our employees, and has allowed us to establish an open, closely-knit team that is non-hierarchical, autonomous, fast-paced and vibrant. We offer employees a range of benefits, including free therapy sessions and other health benefits. We also offer a cycle to work scheme, training budgets and additional perks for longer serving employees. Finally, we track all billable time and monitor employee workloads carefully. Our anti-slavery and human trafficking commitment is just as strong, and our statement on this subject can be found in the footer of our website and at the link below: https://www.jbidigital.co.uk/terms/anti-slavery-human-trafficking-statement/ The board of directors has overall responsibility for ensuring that this policy complies with the agency's legal and ethical obligations. The directors also have day-to-day responsibility for implementing this policy, monitoring its use and effectiveness and auditing internal control systems and policies and procedures to ensure they are effective in preventing or remediating the risk of modern slavery.

Pricing

• Price: £640 to £1,320 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@jbidigital.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.