Proventeq Limited

Liferay on Azure cloud services

Proventeq offers seamless deployment of Liferay Digital Experience Platform (DXP) on Microsoft Azure's cloud infrastructure. This integration leverages Azure's scalability, reliability, and security features to provide organizations with a robust and efficient platform for building and managing digital experiences.

Features

• Deployment Planning- Define the deployment architecture,
• Azure infrastructure provisioning
• Azure platform configuration supporting Liferay
• Deploy Liferay DXP application onto the Azure infrastructure.
• integrating Liferay DXP with other Azure services and third-party applications
• Monitoring and Maintenance:
• Support and Troubleshooting:

Benefits

• Holistic Digital Experience Solutions
• AI-driven Insights and Optimization
• Advanced Security and Compliance
• Scalability and Performance Optimization
• Cost-effective Cloud Solutions
• Global Reach and Accessibility
• Innovative Development and Integration

£605 to £1,375 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Bids@proventeq.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

608784662301206

Contact

Sarah Churchard
0118 907 9296
Bids@proventeq.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Proventeq's service, such as Liferay on Azure Cloud, integrates with various software services, including Liferay Digital Experience Platform, Microsoft Azure Cloud Platform, and Microsoft 365 Suite. This integration enhances digital solutions, streamlines collaboration, and empowers organizations to create personalized and immersive digital experiences.
• Cloud deployment model: Hybrid cloud
• Service constraints: Not applicable
• System requirements:
  • Microsoft Azure Subscription
  • Liferay License
  • Appropriate network connectivity
  • Browser compatibility
  • Operating System Compatibility with Azure infra and end user devices

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard support is available 9 AM to 5:30 PM on week days. Severity 1 - Response time within 4 working hours. Severity 2 - Response time within 8 working hours. Severity 3 - Response time within 16 working hours. Severity 4 - Response time within 24 working hours. Weekend and/or after office support across different timezone or same timezone is discussed with the client and response time is agreed.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard support is available 9 AM to 5:30 PM on week days. Severity 1 - Response time within 4 working hours. Severity 2 - Response time within 8 working hours. Severity 3 - Response time within 16 working hours. Severity 4 - Response time within 24 working hours. Weekend and/or after office support across different timezone or same timezone is discussed with the client and response time is agreed.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Proventeq facilitates users' adoption of our services through a multifaceted approach. This includes comprehensive user documentation accessible online, providing step-by-step guides, tutorials, and FAQs. Additionally, we offer online training sessions conducted by experienced professionals to familiarize users with the service's functionalities and best practices. For more personalized assistance, onsite training sessions can be arranged, tailored to the specific needs of the organization. Our dedicated support team remains available to address any queries or issues, ensuring a smooth onboarding process and empowering users to leverage the service effectively for their business needs.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Upon contract termination, users can extract their data from Proventeq's systems through a straightforward process outlined in our offboarding documentation. This process typically involves accessing a designated data export tool or interface within the platform, where users can select the data they wish to extract. Once initiated, the system securely packages the selected data into a format specified by the user, such as CSV or XML. Users then download the exported data to their local systems or migrate it to alternative storage solutions, ensuring continuity of data ownership and compliance with contractual obligations.
• End-of-contract process: At the end of the contract with Proventeq, a review of services provided typically occurs, addressing project outcomes and any outstanding issues. Discussions ensue regarding contract renewal, extension, or termination based on mutual objectives.; ; The contract price generally covers core services like setup, licensing, implementation, basic training, and support. However, additional costs may apply for services beyond the agreed scope, such as advanced customization, specialized training, or third-party integrations. These extra costs are outlined in the contract terms or handled through separate agreements.; ; In summary, the contract's conclusion involves evaluating service delivery, exploring future engagements, and clarifying any additional costs outside the contract's core services.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: In the context of Liferay on Azure services, differences between mobile and desktop service lie in user interface optimizations. The mobile service features a responsive design tailored for smaller screens and touch-friendly interactions. While core functionality remains consistent, certain features may vary due to mobile-specific requirements. Performance optimizations prioritize reduced page load times for smooth mobile experiences. Overall, the mobile service aims to provide an optimized user experience on mobile devices while maintaining functionality parity with the desktop service.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service interface for Proventeq's Liferay on Azure services typically consists of a user-friendly web portal accessed through a browser. Users interact with the interface to manage and access their Liferay portal deployed on Azure. The interface provides functionality for content management, user administration, customization, and configuration of the Liferay environment. It may feature intuitive navigation, dashboard views, and administrative controls for efficient management of the portal. Additionally, integration with Azure services allows for seamless access to cloud resources and monitoring capabilities directly from the interface.
• Accessibility standards: None or don’t know
• Description of accessibility: Proventeq's service is accessible through a web portal via browsers, offering centralized management of the Liferay portal on Azure. API integration enables advanced users to interact programmatically. Mobile accessibility ensures optimal viewing and interaction on smartphones and tablets. Dedicated client applications may streamline user experience and provide additional features. These channels cater to diverse preferences and requirements, ensuring seamless interaction with Proventeq's services.
• Accessibility testing: As of now, Proventeq hasn't conducted specific interface testing with users of assistive technology. However, we are committed to ensuring accessibility in our services and continuously strive to make our interfaces user-friendly for individuals using assistive technologies. We regularly review accessibility standards and guidelines such as WCAG (Web Content Accessibility Guidelines) to improve the accessibility of our interfaces. If required, we are open to conducting interface testing with users of assistive technology in the future to further enhance accessibility and user experience for all individuals.
• API: Yes
• What users can and can't do using the API: Through our API, users can set up the service by initiating and configuring the setup process, provisioning resources, and establishing connections with external systems. They can also make changes to service configurations, adjust user permissions, update system preferences, and modify integration settings. Additionally, users can access and retrieve data stored within the service, enabling integration with external applications or custom reporting tools. However, there are limitations. Certain administrative tasks or sensitive operations may require elevated permissions not available through the API. Complex configurations may not be fully supported, necessitating manual intervention. Rate limits may also be enforced on certain actions to prevent abuse. While our API offers extensive capabilities, users should be mindful of these limitations when setting up or making changes programmatically.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can customize various aspects of our service to tailor it to their specific needs and preferences. This includes customization of user interfaces, configurations, workflows, and integrations. Through administrative settings or configuration options within the platform, users can adjust layouts, colors, and branding elements to reflect their brand identity. They can also configure permissions, access controls, and user roles to align with their organizational structure and security requirements. Additionally, users can customize workflows, automation rules, and business logic to streamline processes and workflows according to their unique requirements. Generally, customization capabilities are available to users with administrative privileges or designated roles within the organization. This ensures that customization is managed by authorized personnel and aligns with organizational policies and standards.

Scaling

• Independence of resources: Proventeq ensures user experience isn't impacted by demand through scalable infrastructure, resource allocation, performance monitoring, capacity planning, SLAs, and responsive support teams.

Analytics

• Service usage metrics: Yes
• Metrics types: The top five service metrics for Liferay on Azure Cloud include uptime and availability, response time, scalability, security compliance, and customer satisfaction. These metrics collectively ensure the reliability, performance, security, and user satisfaction of the Liferay portal deployed on Azure Cloud. Monitoring uptime guarantees uninterrupted access, while response time measures the speed of service. Scalability assesses the system's ability to handle increased demand, while security compliance ensures data protection and regulatory adherence. Customer satisfaction feedback enables continuous improvement efforts to enhance user experience. Together, these metrics provide comprehensive insights into the service's performance and effectiveness.

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Liferay

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users export their data through a user-friendly interface within our platform. They initiate the export process by accessing the designated data export tool, typically located in the platform's settings or administration section. From there, users can select the specific data they wish to export, choosing from various options such as individual files, folders, or entire datasets. Once the selection is made, the platform securely packages the data into a standardized format, such as CSV or XML. Finally, users download the exported data to their local systems or transfer it to alternative storage solutions for further use or archival purposes.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We agree SLAs with the client regarding the service availability with appropriate refund policy.
• Approach to resilience: The services uses third party data centers and we will rely on the resilience of third-party data center provider.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Proventeq restricts access in management interfaces and support channels through Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA), IP Whitelisting, Secure VPN Access, and Audit Logging. RBAC assigns roles and permissions, MFA verifies identities, IP Whitelisting limits access based on IPs, Secure VPN encrypts traffic, and Audit Logging monitors user activities. These measures ensure only authorized personnel access sensitive systems and data.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV
• ISO/IEC 27001 accreditation date: 26/03/2022
• What the ISO/IEC 27001 doesn’t cover: Not applicable
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: As an ISO 27001 certified organization, Proventeq upholds stringent information security policies and processes. These encompass comprehensive risk management practices to identify, assess, and mitigate security risks. Role-based access controls ensure authorized access to sensitive data, while encryption and data protection measures safeguard against unauthorized disclosure. Incident response procedures facilitate prompt detection and mitigation of security incidents, minimizing their impact. Proventeq prioritizes continual improvement, regularly reviewing and updating security policies to address emerging threats and technologies. By adhering to ISO 27001 standards, Proventeq demonstrates its commitment to maintaining robust information security practices, safeguarding client data, and ensuring confidentiality, integrity, and availability.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Components are meticulously tracked using version control systems or configuration management databases throughout their lifecycle. Changes undergo stringent assessment for potential security impact via comprehensive review processes, including risk assessments and security testing. Proposed changes are evaluated against security policies to ensure compliance and mitigate risks. Change management workflows involve stakeholder collaboration and approval mechanisms, ensuring validation before implementation. Audit trails and logging mechanisms capture change details, enabling traceability and accountability. Regular monitoring and auditing of configuration changes facilitate the identification and remediation of security vulnerabilities while ensuring adherence to best practices.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability management involves assessing potential threats, deploying patches promptly, and staying informed about emerging risks. Threat assessments include continuous monitoring, penetration testing, and vulnerability scanning to identify vulnerabilities. Patches are deployed through automated processes and scheduled updates to mitigate identified risks. Information about potential threats is sourced from various channels, including security advisories, threat intelligence feeds, vendor notifications, and industry-specific forums. This information is regularly reviewed and analyzed to prioritize patch deployment and proactive risk mitigation measures.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring processes for Liferay on Azure Cloud include continuous monitoring of system logs, network traffic, and user activities to identify potential compromises. We employ advanced threat detection tools and anomaly detection algorithms to swiftly detect any suspicious behavior or security incidents. In the event of a potential compromise, our response protocol involves immediate investigation, containment, and remediation measures to mitigate the impact and prevent further escalation. Our goal is to respond to security incidents promptly, typically within minutes or hours, depending on the severity and nature of the compromise, ensuring minimal disruption and maximum protection for our users.
• Incident management type: Supplier-defined controls
• Incident management approach: We maintain pre-defined incident management processes for common events, ensuring swift and effective resolution. Users report incidents through dedicated channels such as email, phone, or a web-based portal. We provide detailed incident reports outlining the nature of the incident, impact, actions taken, and preventive measures. These reports are communicated to users through email notifications or accessible via a centralized incident management platform, facilitating transparency and accountability throughout the incident lifecycle.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a company we are using a hybrid work approach where we minimize our office overheads for heating and lighting etc., this also means travel to the office is limited, where applicable. We are limiting our onsite customer visits where possible and deploying best-in class Digital Workplace productivity tools to deliver our work. This approach enables us to reduce our carbon footprint from excessive commuting to work and customer sites.

  Covid-19 recovery

  As we have progressed through the Covid-19 pandemic, we have followed all Government guidelines. We have deployed new ways of working, continuing a remote working model, so that we can deliver customer projects whilst working remotely. We have provided support and guidance to our employees, including allowing sufficient time to recover from Covid to help support their physical and mental wellbeing. We have also deployed best digital workplace tooling to enable the remote working and sustainable travel solutions.

  Tackling economic inequality

  As a growing SME we are creating new job opportunities, at various skillset levels. With our Hybrid working model, we are opening up access to talent across greater areas of the country as we are now not so dependent on close-to-office location. We regularly undertake a skills gap analysis to see what resource we require. We are ISO27001 UK certified to ensure IT Security is managed effectively. Our products for customers provide greater efficiencies in the use of data within larger government services and private organisations.

  Equal opportunity

  We are an equal opportunities company. We recruit for knowledge and skills and allow flexibility due to our Hybrid working model. This enables us to have a diversified workforce. We demonstrate respect to each other and ensure a fairness of approach in our recruitment and selection processes and in all interactions with employees and clients. We have a constant learning culture to enable individuals to enhance their personal skillsets.

  Wellbeing

  We encourage employees to take regular breaks for their wellbeing. We have introduced measures to enhance employee mental health such as organizing virtual coffee break sessions; undertaking regular pulse surveys and Senior Management having regular ‘check in’ sessions with employees. We have adopted a variety of digital tools to measure and support employee wellbeing. Our products/systems provide efficiencies that enable customers to provide greater support to their employees/users, (e.g. through ensuring more efficient and informed public services).

Pricing

• Price: £605 to £1,375 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Bids@proventeq.com. Tell them what format you need. It will help if you say what assistive technology you use.