Web Development
We are a passionate in-house development team capable of developing anything from large-scale websites, bespoke systems, Jamstack web applications, mobile apps, software, bespoke APIs and complex integrations, AI and automation tools.
Our cross-functional team is comprised of experienced engineers, UX designers, analysts, architects and product specialists.
Features
- N/A 6B offer bespoke builds
Benefits
- N/A 6B offer bespoke builds
Pricing
£550 to £1,200 a unit a day
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
5 7 1 1 7 1 8 8 9 7 9 4 2 0 3
Contact
6B Digital
Paul Brown
Telephone: 0113 350 1290
Email: paul@6bdigital.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- N/A
- System requirements
- Test
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Determined by specific SLA requirements, though typically less than four hours
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
SLA packages can be tailored to meet our clients’ requirements.
Site availability will be targeted at 98% uptime during each calendar month. Prices for this level of support start at £675 per month. This offering can be enhanced to include 1st and 2nd line support and emergency support outside of business hours.
Emergency support outside of business hours is only provided for Category 1 issues and is charged at £675 per half day increment. Charges for out of hours support accrue in half day increments.
1 - Non-isolated, consistently reproducible service problems resulting in a system crash. This service problem must be resolved to enable the end user to continue use.
Response Time (Hours) - 4
Resolution Time (Working Days) - 1
2 A reproducible service problem that may have reduced the response time of the system but does prevent the end user from processing their work in progress. Includes non-isolated, consistently reproducible problems.
Response Time (Hours) - 4
Resolution Time (Working Days) - 3
3 A reproducible functional service problem that does not inhibit or otherwise affect system performance. This includes those defects that are cosmetic in nature.
Response Time (Hours) - 4
Resolution Time (Working Days) - 7 - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We can provide user training and guidance, prior to launch - this can be delivered remotely, or onsite, if possible. We will also provide comprehensive user guides for each element of the solution.
Post-launch, we can provide you with a structured support process, including a dedicated account manager, support services desk and online portal, and 24/7 support (if required). - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- We offer the options to backup and securely send all data and the application when a contract ends. In a lot of cases, we build in the ability to export data on demand.
- End-of-contract process
-
Contract inclusions vary depending on client requirements, though typically include R&D, design, build and launch. The following services can be provided as part of an agreed service level agreement:
Dedicated Account Manager - a first point of contact for all ongoing change requests.
Support service desk, via telephone and email, between 8am and 5pm, Monday to Friday, to manage bugs/fixes.
A technical support team, responsible for undertaking any corrective maintenance requests.
A DevOps Engineer for infrastructure maintenance/management.
A purpose-built digital support desk, for easy reporting, ticket tracking, and direct contact with developers working on your support request.
A 24/7 emergency support team.
Monthly corrective, adaptive and change requests.
Monthly module, application and security upgrades.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- N/A
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- Yes
- What users can and can't do using the API
- Our solutions commonly are built API first. Generally speaking, only the applications we build are able to access the API. This is very dependent on the solution required by our clients.
- API documentation
- Yes
- API documentation formats
- ODF
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- The applications we build can be highly customised if required. In general, most of our applications are bespoke and tailored exactly to our clients requirements.
Scaling
- Independence of resources
-
Our system runs on a commercial grade stack with built-in high availability and vertical/horizontal scalability. We have automated load balancing and fine-grained monitoring to give us the visibility we need to keep everything running smoothly.
We have essential infrastructure services such as persistent storage, data backup/restore, segmentation and system diagnostics.
To ensure high availability and performance, a content delivery network (CDN) can be built into a solution.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Metrics are tailored to the application. Commonly we will provide Google Analytics access or other reporting suites.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- Less than once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Users data will be provided in CSV, SQL or other format as required.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- Other
- Other protection between networks
- How we protect data between the buyer's network and our network varies by each buyer's unique requirements.
- Data protection within supplier network
- Other
- Other protection within supplier network
-
Network and communication channels are the first point of attack. There are multiple services that all of the major cloud providers offer to mitigate and monitor these attacks.
There are also a number of ways we can build your application to mitigate a potential breach, such as encrypting data at rest and in transit, as well as building in row level encryption. We also help to isolate databases per tenant, which limits a hacker’s ability to access further databases. This, combined with full risk assessments and regular penetration tests from third party companies provides ample protection.
Availability and resilience
- Guaranteed availability
-
We target 99.9% system availability, with contractual stipulations per client(s).
The following services can be provided as part of an agreed service level agreement:
Dedicated Account Manager - a first point of contact for all ongoing change requests.
Support service desk, via telephone and email, between 8am and 5pm, Monday to Friday, to manage bugs/fixes.
A technical support team, responsible for undertaking any corrective maintenance requests.
A DevOps Engineer for infrastructure maintenance/management.
A purpose-built digital support desk, for easy reporting, ticket tracking, and direct contact with developers working on your support request.
A 24/7 emergency support team.
Monthly corrective, adaptive and change requests.
Monthly module, application and security upgrades. - Approach to resilience
-
Our servers are located in the UK at UKFast data centres, which are PCI and ISO accredited, with 24/7/365 onsite security and access protocol.
Our servers run host-based intrusion detection systems, intrusion prevention systems and web application firewalls, and all information is transferred via SSL with 128 bit encryption. All PCI, PII and sensitive data is encrypted to AES256 standard.
Our system is hosted on multiple secure server clusters. All information is redundantly stored in multiple physical locations in ISO 27001-certified secure data centres.
Our infrastructure is built with high availability at its core with features such as automated server failover and zero downtime deployments.
We target at least 99.99% system availability in any given month, but we typically achieve higher. - Outage reporting
- 6B Digital offer application management services, which includes access to a service desk. The exact reporting of outages procedure depends on the exact SLA agreed but typically, the service desk will provide email updates for any outages, and a 6B service desk representative will follow up with a phone call.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Other
- Other user authentication
- Comply with customer requirements as needed.
- Access restrictions in management interfaces and support channels
- We implement an Access Control Layer with our applications driven by roles and permissions. A role has one or more permissions. A user one or more roles. Access is restricted to various parts of the application by permissions.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Other
- Description of management access authentication
- Comply with customer requirements as needed.
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Approachable Certification
- ISO/IEC 27001 accreditation date
- 2018 (accreditation was re-certified in 2021)
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
We have developed and implemented a series of information security policies, procedures and guidelines for the collection, use, storage, and sharing of personal data, in line with GDPR requirements.
We have appointed an external data protection/information security officer.
We maintain a statutory register to ensure that changes in law and legislation are understood, and any organisational or process changes we make are in line with legal best practice.
As part of our ISO 27001-certified information security management system, we will maintain (and update, as appropriate) a business continuity and disaster recovery plan and risk register during the project, which outlines the key project risks, and any associated actions to actively mitigate these risks.
All Staff of 6B Digital Limited are expected to comply with 6B Digital's information security policy and with the information security management system that implements the policy. All Staff, and certain external parties, will receive appropriate training.
The ISMS is subject to continuous, systematic review and improvement. 6B Digital Limited has established a top level management commitment to support the ISMS framework and to periodically review the security policy. This policy will be reviewed to respond to any changes in the risk assessment or risk treatment plan.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Within 6B we approach change management in line with ISO 27001 with a central process for change requests, which are incorporated into detailed change management plans where needed.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- At 6B we follow ISO 27001 technical vulnerability management processes, including maintaining a full audit log of technical equipment, an audit of vulnerability scans undertaken, clearly defined policy and responsibility for patch management processes. An apt update is run monthly on all servers, in addition to manual checks and updates.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- The information security management system is based on the “Deming Cycle” of “Plan, Do, Check, Act” (PDCA) and this methodology is used in all our business processes. 6B staff follow the guidelines in the 6B Information Security Manual which is composed of a number of internal and external documents which can be shared on request. ISO27001 follows “Annex SL” like all ISO standards to ensure that PDCA is a fundamental part of the management system Policy documents can be provided if needed.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Clearly defined policy with guidelines to define urgency level, RACI matrix for personnel involved in incident management response, service level agreements, deliverables mapping, and incident manager responsibilities.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Health and Social Care Network (HSCN)
Social Value
- Fighting climate change
-
Fighting climate change
We adhere to the principles of 14001, and implement an environmental management system to mitigate the risk of our environmental impacts and, where possible, to improve our environmental performance.
This includes the implementation of the following processes throughout the life of the contract:
Implementing a paperless office – all of our core processes are electronic (including our development and testing processes, resource management and allocation, and project management tools)
Appropriate receptacles for the recycling of paper, glass and plastic are situated throughout the office, and staff are encouraged to utilise these facilities
CO2 Emissions: 6B Digital encourages staff to carshare, or use alternative means of transport, wherever possible
We also utilise emailing, conference-calling and Skype, wherever practical, to minimise unnecessary travel
Implement a “Cycle to Work” scheme, with subsidised cycle purchases for our staff.
Waste Electronic Equipment: 6b Digital Limited disposes of any items in line with WEE regulations. A supplier picks up any assets, and provides 6B with a certificate of disposal. - Covid-19 recovery
-
Covid-19 recovery
Prior to the first COVID-19 lockdown, we worked with our risk management consultant to undertake a test of our business continuity plan, to ensure we had the necessary resources and processes in place to continue to operate effectively.
In line with government guidance and best practice, we also devised and implemented a COVID risk assessment, outlining potential risks and mitigating actions - this is now maintained on an ongoing basis, to ensure we are prepared in the event that the COVID crisis worsens.
Furthermore, we have appointed a Product Director, who is responsible for analysing local, national and industry events that could represent a risk, and reporting this to the board (which then feeds through to our risk management consultant).
As a result of the above, we are able to continue to support our clients effectively, whilst proactively mitigating any future risk to our operations.
We have rolled out a wellness programme across the business to support our teams working remotely and in the office, and we have been certified as one of the UK’s Best Workplace™ for Wellbeing. Furthermore, we continue to make an active contribution to the local economy and wider digital sector, with countless hires planned for 2022 and beyond. - Tackling economic inequality
-
Tackling economic inequality
We have made a valuable contribution to the wider socio-economic environment - we work with HE establishments and councils from some of Yorkshire’s most deprived areas, to identify and nurture young talent. A previous apprentice from Wakefield College has secured employment after his placement – following a structured career development and training plan, the apprentice is now a full-time developer.
A number of our staff are actively engaging with local schools and colleges in an effort to encourage students to consider a future career in the digital sector. We aim to expand this project to reach more marginalised individuals, such as those from predominantly working-class areas, BAME peoples and disabled peoples.
We also undertake targeted recruitment practices for marginalised, disadvantaged groups – engaging local colleges and job centres, for example, to provide work experience, apprenticeship and employment opportunities. - Equal opportunity
-
Equal opportunity
We promote opportunities for development across the company. For example, we provide training opportunities up to NVQ level 2 (or similar), according to the specific requirements of each member of staff.
We welcome opportunities for staff development, and provide regular opportunities for all staff to undertake additional training (both internal and external), alongside any planned or unplanned “on-the-job” training.
All staff are inducted into a training needs analysis competency programme, which includes formal and informal performance reviews, and a structured career development plan.
We also empower our staff by providing regular opportunities for feedback, including daily team stand-ups, weekly show & tells, monthly one-on-ones and six-monthly appraisals. - Wellbeing
-
Wellbeing
We are recognised as a Great Place to Work business, and one of the UK’s Best Workplace™ for Wellbeing.
Pricing
- Price
- £550 to £1,200 a unit a day
- Discount for educational organisations
- No
- Free trial available
- No