SPYROSOFT LTD

Cloud Migration and Application Support Services

SpyroSoft Ltd assist organisations with Cloud Migration and Application Support services using an Agile approach with expert teams based in UK and in Europe. As a technology agnostic company, SpyroSoft enables our clients to make informed decisions on the selection of the right technologies to suit business and user needs.

Features

• Expert Cloud migration practitioners with full development lifecycle capabilities
• Legacy modernisation, support, maintenance and hosting services
• Data modelling, cleansing, migration and transformation services
• Application integration, development, testing and related services
• Architecture design for resilience, performance, scalability and security
• User interface (UI) and User Experience (UX) design
• Ongoing service management, monitoring and application support
• Experience of small and large-scale cloud migrations
• Seamless DevOps & Agile approach

Benefits

• Trusted supplier of high-availability Cloud services to clients across Europe
• Technology agnostic
• Expertise across the whole software lifecycle
• Flexible engagement models including fixed-price delivery
• Agile, iterative, transparent delivery
• Compatible with GDS Service Design Manual and guidelines
• DevOps continuous engineering approach

£192 to £700 a person

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@spyro-soft.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

632375518961681

Contact

Duncan Johnson
01202 059455
publicsector@spyro-soft.com

Service scope

• Service constraints: Spyrosoft can offer all services from both their UK and European bases including 24x7 offerings and full ICO aligned data protection
• System requirements:
  • Amazon AWS, Microsoft Azure, Google Cloud Platform (GCP),
  • SQL Server, Open Source, MySQL, PostgreSQL, MongoDB
  • C#, .NET, Java, HTML5, CSS3, JavaScript Frameworks (Angular, React etc)
  • Mobile iOS/Android and RESTful web service API’s.
  • Full Security suite incl McAfee , Sophos & Symantec

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Spyrosoft Ltd have a full integrated Jira ticketing model and provide Monday to Friday, 9am to 5pm as well as 24x7 service support
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Spyrosoft Ltd offer web-chat support linked to our Jira ticketing system and 24/7 service model
• Onsite support: Onsite support
• Support levels: Spyrosoft Ltd offer multiple service level agreements to meet our Client needs from standard Monday to Friday, 9am to 5pm support through to full 27/7, follow the sun support. We provide UK Account Management alongside European Service Delivery Management & Engineering
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: During the initial phase of the project, our team will work with users who will be responsible for maintaining the solution going forward. That will give us time to evaluate the skill sets of the users, identifying gaps and the level to pitch the training material. ; ; We will then carry out training for users and administrators who will be responsible for the day-to-day maintenance of the solution. ; ; We encourage a 'train the trainer' approach to keep training costs low, and we'll typically train up to six members of a client team in the session. If larger groups are to be trained, we may split the training into several smaller groups to retain the ideal trainer-to-trainee ratio.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: The Spyrosft Ltd model is all about "handing back" the service whenever the Clients wants to and it whatever format or service they wish. The contract end "hand back" would be scoped by the Client and Spyrosoft Ltd in partnership
• End-of-contract process: The exit cost for the contract would be customised based on the Clients requirements

Using the service

• Web browser interface: Yes
• Using the web interface: Spyrosoft Ltd offer customised API's to allow service access or standard API's to access standard services e.g Jira
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Spyrosoft Ltd work with multiple Clients and have multiple use-cases linked to testing/QA and web interfaces
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: We operate a fully Agile and continually monitored and improving solution and service and our policy is no single user incident will impact another user
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • File Servers
  • Application Servers
  • Proprietary Databases
  • Standard Databases
  • Virtual Machines
  • Sharepoint, One Drive and other Cloud data stores
• Backup controls: Our backups follow standard backup approaches but users can, where appropriate, control small data backups and restores
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • IPsec or TLS VPN gateway
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Each Spyrosoft Ltd service level provides a different level of availability dependant on each Clients requirements and budget
• Approach to resilience: As partners with Microsoft, Amazon and Google, we use their services to provide resilience and uptime e.g Microsoft Azure offer 99.99% uptime on their Azure storage service
• Outage reporting: We use email alerts or communication as agreed with the Client e.g SMS or phone call

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We use Supplier standard access control solutions to restrict access to management interfaces and support channels.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Dedicated device over multiple services or networks

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DAS Certification, 22b Church Street, NN10 9YT, UK
• ISO/IEC 27001 accreditation date: 22/11/2019
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials Plus
  • ISO 27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Spyrosoft Ltd have a named Information Security Officer and Data Protection Officer and follow all guidelines/polices to ensure we meet both our ISO 27001 and Cyber Essentials Plus certifications

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: As a specialist Software Development & Testing organisation, configuration and change management are at the heart at what we do so all changes are fully tested to ensure security impact and production uptime
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Spyrosoft Ltd work with our internal specialist R&D solutions operation to ensure we are aware of potential future threats. We operate and follow standard patch testing and deployment policies and receive regular threat updates from our key partners e.g. Microsoft for Azure or Amazon for AWS
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Spyrosoft Ltd operate a proactive approach to monitoring. We both regularly check possible future threats but also follow standard ITIL approaches to production monitoring for availability and capacity. We respond to any multi-user incident as soon as possible and will "lock down" any potential compromise to limit impact
• Incident management type: Supplier-defined controls
• Incident management approach: Spyrosoft Ltd follow ITIL guidelines and implement them to meet our own and Client requirements. Users can report incidents in multiple ways and we provide reports on multi-user incidents

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: We use standard VMWare technologies and solution to ensure Clients data/infrastructure is kept apart

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Fighting climate change:

  Fighting climate change

  Spyrosoft Ltd is committed to reducing its impact on the environment, and to provide a framework for setting objectives and targets to improve our environmental performance.; ; Spyrosoft will measure its impact on the environment and set targets for ongoing improvement, comply with all relevant environmental legislation and raise employee awareness of environmental issues and enlist their support in improving the Company’s performance.; ; Spyrosoft will encourage the adoption of similar principles by its suppliers.; ; Principles ; ; The key points of its strategy to achieve this are:; ; • Minimise waste by evaluating operational practices and ensuring they are as efficient as possible and minimise their environmental impact ; ; • Raise awareness amongst employees on environmental issues and to support and encourage ideas and suggestions for improved environmental performance.; ; • Work with clients and suppliers to encourage high environmental standards; ; • Use resources including water, energy, and other natural resources responsibly ; ; • Promote and invest in technologies, work practices and process’ that provide alternatives to business travel; ; • Meet or exceed all the environmental legislation that relates to the Company; ; We have an Environmental Management Plan which is published on our website, committing us to year-on-year carbon reductions. We report on this annually, with a view to attaining carbon neutrality by 2030.
• Covid-19 recovery:

  Covid-19 recovery

  Across Spyrosoft, we recognise the inestimable impacts of Covid-19 on families across the UK – financially, emotionally, socially and in terms of health and wellbeing. The following details our commitments to supporting our local communities to manage and recover from the impacts: ; ; We are committed to operating as a positive force for training, creating work opportunities for individuals impacted by Covid-19. The Spyrosoft Academy enables our team to access and undertake industry-recognised qualifications. ; ; We offer certification in IT specialisms, and allow individuals access to training remotely, at their own pace. We will continue to offer access to the Spyrosoft training resources to our customers, to promote accessible and flexible learning. ; ; We will provide 1 Apprenticeship opportunity to gain work experience, mentoring and accreditation, qualification of IT certification, per £100k of revenue ; ; Provide communities with full access to the Spyrosoft Academy, to access IT-related training; ; Continue to partner with Taunton College/University College Somerset, to provide: ; ; 2 work placements annually to students undertaking relevant subjects ; ; Attendance at career fairs to engage college leavers to STEM professions ; ; A minimum of 2 interviews annually for graduates completing their final degree in a relevant subject. ; ; When it comes to service delivery, 100% of Spyrosoft’s customer deliverables can be provided remotely.
• Equal opportunity:

  Equal opportunity

  We are an Equal Opportunities employer. We have signed up tot he Government's Disability Confident Employer Scheme. Over 40% of our management team are female, which is unusual in a STEM sector. We have a healthy approach to work/life balance which enables our team to undertake familial commitments and other responsibilities without prejudice. We are a diverse group comprising a broad range of nationalities, and we foster an environment of acceptance and inclusion.
• Wellbeing:

  Wellbeing

  Our team benefit from fair pay, effective work/life balance, and free health insurance. We are committed to ensuring that our team have strong pastoral support and management, and an accepting environment where issues can be raised and resolved promptly and in confidence.

Pricing

• Price: £192 to £700 a person
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Any free services are agreed with the Client during the scoping exercise

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@spyro-soft.com. Tell them what format you need. It will help if you say what assistive technology you use.