Skip to main content

Help us improve the Digital Marketplace - send your feedback

6B Digital

Web Development

We are a passionate in-house development team capable of developing anything from large-scale websites, bespoke systems, Jamstack web applications, mobile apps, software, bespoke APIs and complex integrations, AI and automation tools.

Our cross-functional team is comprised of experienced engineers, UX designers, analysts, architects and product specialists.

Features

  • N/A 6B offer bespoke builds

Benefits

  • N/A 6B offer bespoke builds

Pricing

£550 to £1,200 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul@6bdigital.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

5 7 1 1 7 1 8 8 9 7 9 4 2 0 3

Contact

6B Digital Paul Brown
Telephone: 0113 350 1290
Email: paul@6bdigital.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
N/A
System requirements
Test

User support

Email or online ticketing support
Email or online ticketing
Support response times
Determined by specific SLA requirements, though typically less than four hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
SLA packages can be tailored to meet our clients’ requirements.

Site availability will be targeted at 98% uptime during each calendar month. Prices for this level of support start at £675 per month. This offering can be enhanced to include 1st and 2nd line support and emergency support outside of business hours.

Emergency support outside of business hours is only provided for Category 1 issues and is charged at £675 per half day increment. Charges for out of hours support accrue in half day increments.

1 - Non-isolated, consistently reproducible service problems resulting in a system crash. This service problem must be resolved to enable the end user to continue use.
Response Time (Hours) - 4
Resolution Time (Working Days) - 1

2 A reproducible service problem that may have reduced the response time of the system but does prevent the end user from processing their work in progress. Includes non-isolated, consistently reproducible problems.
Response Time (Hours) - 4
Resolution Time (Working Days) - 3

3 A reproducible functional service problem that does not inhibit or otherwise affect system performance. This includes those defects that are cosmetic in nature.
Response Time (Hours) - 4
Resolution Time (Working Days) - 7
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We can provide user training and guidance, prior to launch - this can be delivered remotely, or onsite, if possible. We will also provide comprehensive user guides for each element of the solution.

Post-launch, we can provide you with a structured support process, including a dedicated account manager, support services desk and online portal, and 24/7 support (if required).
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
We offer the options to backup and securely send all data and the application when a contract ends. In a lot of cases, we build in the ability to export data on demand.
End-of-contract process
Contract inclusions vary depending on client requirements, though typically include R&D, design, build and launch. The following services can be provided as part of an agreed service level agreement:
Dedicated Account Manager - a first point of contact for all ongoing change requests.

Support service desk, via telephone and email, between 8am and 5pm, Monday to Friday, to manage bugs/fixes.

A technical support team, responsible for undertaking any corrective maintenance requests.

A DevOps Engineer for infrastructure maintenance/management.

A purpose-built digital support desk, for easy reporting, ticket tracking, and direct contact with developers working on your support request.

A 24/7 emergency support team.

Monthly corrective, adaptive and change requests.

Monthly module, application and security upgrades.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
N/A
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
Yes
What users can and can't do using the API
Our solutions commonly are built API first. Generally speaking, only the applications we build are able to access the API. This is very dependent on the solution required by our clients.
API documentation
Yes
API documentation formats
ODF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The applications we build can be highly customised if required. In general, most of our applications are bespoke and tailored exactly to our clients requirements.

Scaling

Independence of resources
Our system runs on a commercial grade stack with built-in high availability and vertical/horizontal scalability. We have automated load balancing and fine-grained monitoring to give us the visibility we need to keep everything running smoothly.

We have essential infrastructure services such as persistent storage, data backup/restore, segmentation and system diagnostics.

To ensure high availability and performance, a content delivery network (CDN) can be built into a solution.

Analytics

Service usage metrics
Yes
Metrics types
Metrics are tailored to the application. Commonly we will provide Google Analytics access or other reporting suites.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users data will be provided in CSV, SQL or other format as required.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
How we protect data between the buyer's network and our network varies by each buyer's unique requirements.
Data protection within supplier network
Other
Other protection within supplier network
Network and communication channels are the first point of attack. There are multiple services that all of the major cloud providers offer to mitigate and monitor these attacks.
There are also a number of ways we can build your application to mitigate a potential breach, such as encrypting data at rest and in transit, as well as building in row level encryption. We also help to isolate databases per tenant, which limits a hacker’s ability to access further databases. This, combined with full risk assessments and regular penetration tests from third party companies provides ample protection.

Availability and resilience

Guaranteed availability
We target 99.9% system availability, with contractual stipulations per client(s).

The following services can be provided as part of an agreed service level agreement:
Dedicated Account Manager - a first point of contact for all ongoing change requests.

Support service desk, via telephone and email, between 8am and 5pm, Monday to Friday, to manage bugs/fixes.

A technical support team, responsible for undertaking any corrective maintenance requests.

A DevOps Engineer for infrastructure maintenance/management.

A purpose-built digital support desk, for easy reporting, ticket tracking, and direct contact with developers working on your support request.

A 24/7 emergency support team.

Monthly corrective, adaptive and change requests.

Monthly module, application and security upgrades.
Approach to resilience
Our servers are located in the UK at UKFast data centres, which are PCI and ISO accredited, with 24/7/365 onsite security and access protocol.

Our servers run host-based intrusion detection systems, intrusion prevention systems and web application firewalls, and all information is transferred via SSL with 128 bit encryption. All PCI, PII and sensitive data is encrypted to AES256 standard.

Our system is hosted on multiple secure server clusters. All information is redundantly stored in multiple physical locations in ISO 27001-certified secure data centres.

Our infrastructure is built with high availability at its core with features such as automated server failover and zero downtime deployments.

We target at least 99.99% system availability in any given month, but we typically achieve higher.
Outage reporting
6B Digital offer application management services, which includes access to a service desk. The exact reporting of outages procedure depends on the exact SLA agreed but typically, the service desk will provide email updates for any outages, and a 6B service desk representative will follow up with a phone call.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
Comply with customer requirements as needed.
Access restrictions in management interfaces and support channels
We implement an Access Control Layer with our applications driven by roles and permissions. A role has one or more permissions. A user one or more roles. Access is restricted to various parts of the application by permissions.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
Comply with customer requirements as needed.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Approachable Certification
ISO/IEC 27001 accreditation date
2018 (accreditation was re-certified in 2021)
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We have developed and implemented a series of information security policies, procedures and guidelines for the collection, use, storage, and sharing of personal data, in line with GDPR requirements.

We have appointed an external data protection/information security officer.

We maintain a statutory register to ensure that changes in law and legislation are understood, and any organisational or process changes we make are in line with legal best practice.

As part of our ISO 27001-certified information security management system, we will maintain (and update, as appropriate) a business continuity and disaster recovery plan and risk register during the project, which outlines the key project risks, and any associated actions to actively mitigate these risks.

All Staff of 6B Digital Limited are expected to comply with 6B Digital's information security policy and with the information security management system that implements the policy. All Staff, and certain external parties, will receive appropriate training.

The ISMS is subject to continuous, systematic review and improvement. 6B Digital Limited has established a top level management commitment to support the ISMS framework and to periodically review the security policy. This policy will be reviewed to respond to any changes in the risk assessment or risk treatment plan.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Within 6B we approach change management in line with ISO 27001 with a central process for change requests, which are incorporated into detailed change management plans where needed.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
At 6B we follow ISO 27001 technical vulnerability management processes, including maintaining a full audit log of technical equipment, an audit of vulnerability scans undertaken, clearly defined policy and responsibility for patch management processes. An apt update is run monthly on all servers, in addition to manual checks and updates.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The information security management system is based on the “Deming Cycle” of “Plan, Do, Check, Act” (PDCA) and this methodology is used in all our business processes. 6B staff follow the guidelines in the 6B Information Security Manual which is composed of a number of internal and external documents which can be shared on request. ISO27001 follows “Annex SL” like all ISO standards to ensure that PDCA is a fundamental part of the management system Policy documents can be provided if needed.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Clearly defined policy with guidelines to define urgency level, RACI matrix for personnel involved in incident management response, service level agreements, deliverables mapping, and incident manager responsibilities.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Health and Social Care Network (HSCN)

Social Value

Fighting climate change

Fighting climate change

We adhere to the principles of 14001, and implement an environmental management system to mitigate the risk of our environmental impacts and, where possible, to improve our environmental performance.

This includes the implementation of the following processes throughout the life of the contract:
Implementing a paperless office – all of our core processes are electronic (including our development and testing processes, resource management and allocation, and project management tools)
Appropriate receptacles for the recycling of paper, glass and plastic are situated throughout the office, and staff are encouraged to utilise these facilities
CO2 Emissions: 6B Digital encourages staff to carshare, or use alternative means of transport, wherever possible
We also utilise emailing, conference-calling and Skype, wherever practical, to minimise unnecessary travel
Implement a “Cycle to Work” scheme, with subsidised cycle purchases for our staff.
Waste Electronic Equipment: 6b Digital Limited disposes of any items in line with WEE regulations. A supplier picks up any assets, and provides 6B with a certificate of disposal.
Covid-19 recovery

Covid-19 recovery

Prior to the first COVID-19 lockdown, we worked with our risk management consultant to undertake a test of our business continuity plan, to ensure we had the necessary resources and processes in place to continue to operate effectively.

In line with government guidance and best practice, we also devised and implemented a COVID risk assessment, outlining potential risks and mitigating actions - this is now maintained on an ongoing basis, to ensure we are prepared in the event that the COVID crisis worsens.

Furthermore, we have appointed a Product Director, who is responsible for analysing local, national and industry events that could represent a risk, and reporting this to the board (which then feeds through to our risk management consultant).

As a result of the above, we are able to continue to support our clients effectively, whilst proactively mitigating any future risk to our operations.

We have rolled out a wellness programme across the business to support our teams working remotely and in the office, and we have been certified as one of the UK’s Best Workplace™ for Wellbeing. Furthermore, we continue to make an active contribution to the local economy and wider digital sector, with countless hires planned for 2022 and beyond.
Tackling economic inequality

Tackling economic inequality

We have made a valuable contribution to the wider socio-economic environment - we work with HE establishments and councils from some of Yorkshire’s most deprived areas, to identify and nurture young talent. A previous apprentice from Wakefield College has secured employment after his placement – following a structured career development and training plan, the apprentice is now a full-time developer.

A number of our staff are actively engaging with local schools and colleges in an effort to encourage students to consider a future career in the digital sector. We aim to expand this project to reach more marginalised individuals, such as those from predominantly working-class areas, BAME peoples and disabled peoples.

We also undertake targeted recruitment practices for marginalised, disadvantaged groups – engaging local colleges and job centres, for example, to provide work experience, apprenticeship and employment opportunities.
Equal opportunity

Equal opportunity

We promote opportunities for development across the company. For example, we provide training opportunities up to NVQ level 2 (or similar), according to the specific requirements of each member of staff.

We welcome opportunities for staff development, and provide regular opportunities for all staff to undertake additional training (both internal and external), alongside any planned or unplanned “on-the-job” training.

All staff are inducted into a training needs analysis competency programme, which includes formal and informal performance reviews, and a structured career development plan.

We also empower our staff by providing regular opportunities for feedback, including daily team stand-ups, weekly show & tells, monthly one-on-ones and six-monthly appraisals.
Wellbeing

Wellbeing

We are recognised as a Great Place to Work business, and one of the UK’s Best Workplace™ for Wellbeing.

Pricing

Price
£550 to £1,200 a unit a day
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul@6bdigital.com. Tell them what format you need. It will help if you say what assistive technology you use.