Solution Performance Group Ltd

Bespoke Software Web Application Development

The SPG Bespoke Software Development For Web Applications Service involves the creation of custom web-based solutions tailored to meet the specific needs and requirements of businesses and organisations. We can design, develop and manage web application projects throughout the entirety of the Software Development Lifecycle.

Features

• Business requirements gathering
• Data analysis
• Bespoke Web application development
• QA and Security Testing
• Web site and content management development
• Agile application development
• Proof of concept
• Prototyping
• Design, build, implement and support
• Application maintenance and management

Benefits

• Fast application deployment
• Customised solutions to meet client's business requirements
• Pay as you go development to reduce risk
• Deliver service improvements, process automation and efficiencies
• Improve data governance and quality
• Better user and customer experience (UX and CX)
• Efficient and cost-effective operational service delivery
• Quality assurance and compliance
• Deliver innovation at a pace that suits the business
• Lower cost of application development

£450.00 to £1,600.00 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@thinkspg.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

597200911497201

Contact

The Solution Performance Group Team
0191 4957490
hello@thinkspg.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Bespoke developments can build on existing application portfolio or can be a standalone development.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Please refer to Service Definition document for details of service.
• System requirements: Please refer to Service Definition Document

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Please refer to Service Definition Document.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Please refer to the Service Definition Document.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: SPG will provide full training and documentation.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: Data is owned by the client. If data needs to be extracted, SPG can provide this is a variety of formats.
• End-of-contract process: We can design, develop, build, deploy, maintain and support the application either in whole or in part. The service can be delivered as a one-off project or ongoing service. Please refer to the Service Definition document.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Application can be tailored for mobile devices.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: User customisation can be accommodated. Please refer to the Service Definition document.

Scaling

• Independence of resources: This is a bespoke application development service and therefore the client can specify their requirements. The service is independent of any other clients.

Analytics

• Service usage metrics: Yes
• Metrics types: This is a bespoke application development service and therefore the client can specify their requirements.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Build onto existing vendor's software or provide bespoke software

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Other
• Other data at rest protection approach: This is a bespoke application development service and therefore the client can specify their requirements.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: This is a bespoke application development service and therefore the client can specify their requirements.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: This is a bespoke application development service and therefore the client can specify their requirements.
• Approach to resilience: This is a bespoke application development service and therefore the client can specify their requirements.
• Outage reporting: This is a bespoke application development service and therefore the client can specify their requirements.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: This is a bespoke application development service and therefore the client can specify their requirements.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ATLAS Certification Ltd
• ISO/IEC 27001 accreditation date: 04/01/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have a range of security policies and procedures.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: This is a bespoke application development service and therefore the client can specify their requirements.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: This is a bespoke application development service and therefore the client can specify their requirements.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: This is a bespoke application development service and therefore the client can specify their requirements.
• Incident management type: Supplier-defined controls
• Incident management approach: This is a bespoke application development service and therefore the client can specify their requirements.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Moving to the Cloud delivers real sustainability: 1. Cloud servers run at a much higher utilisation rate than conventional on-premise servers meaning less energy is wasted running servers with idle capacity 2. More-efficient servers, means less of them which means a reduction in the manufacturing of hardware and minimal waste 3. Cloud environments typically run in highly-efficient data centres often using 'green' energy reducing environmental impact.

Pricing

• Price: £450.00 to £1,600.00 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@thinkspg.com. Tell them what format you need. It will help if you say what assistive technology you use.