Rowden Technologies Ltd

Software Development

Rowden provide dedicated cloud software design, test, build, and deploy services to enable clients to utilise best in class software developers to solve challenging real world issues. Our service is cloud first but can provide offline fall back and recovery options when access to a cloud environment is not achievable.

Features

• Rapid Prototyping
• Best in class software development
• Continuous Integration Continuous Deployment
• Specialist hardware integration

Benefits

• Combined Software and hardware integration service
• preference for action over firm requirements provides flexibility
• Flexible, agile proccess enables change early
• Support for multiple envionments

£450 a unit a day

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@rowdentech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

633531184886666

Contact

Sales Team
+44 (0) 117 4285759
sales@rowdentech.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Rowden provide plugin development for current applications including tactical situational awareness tools on Android. Rowden also provide full stack applications either cloud native or optimised for mobile operations.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: There are no specific constraints applied to the service. The buyer will be consulted with any constraints that arise from the requirements capture.
• System requirements: Android 8+

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are dependent on service level agreements as agreed with the buyer.; Flexible response times can be provided allowing users to ensure support is available when needed, including for operational purpures.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All support is co-ordinated by each dedicated customer technical account manager and levels are agreed on a customer-by-customer basis. We only charge a premium for 24/7 support and this at 200% of normal hours rates.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will conduct a detailed and thorough assessment of the client’s requirements, including Key Performance Indictors (KPIs) enabling us to customise a tailored solution. The assessment phase will be continuous throughout the life of the service and an agile response to any client changes in requirements will be adopted.; ; An initial bedding-in period will be provided to ensure that users are able to exploit the services in full and as intended. Any changes will be made if required followed by a tailored onboarding process. This can include BYOD / CYOD or a mixture. Current IT/mobile infrastructure maybe incorporated into the implementation of the system.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Rowden respects that your data is your data. It can be removed by you at any time. All data at the termination of the service will be destroyed unless prior arrangement has been agreed. Depending on the nature of the service, the offboarding process will be tailored to the situation. In most cases, the cloud-based infrastructure will be deactivated, and data and cluster resources removed and/or destroyed in line with NCSC guidance.
• End-of-contract process: At the end of the contract period the cloud hosted environment will be suspened for a period of 10 working days before all instances and data are deleted in line with NCSC guidance.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • Linux or Unix
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Rowden use modern software development and UI tools to ensure that the mobile and desktop user experience is matched. This reduces the training burden and provides a unified customer experience in some instances the UI or limited functionality is removed due to compatibility issues. This is discussed with the customer and mitigations presented.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Rowden can provide a service interface to allow 3rd party customer application to interact. This is generally in the form of an API but specific M2M interfaces as well as Specific hardware interfaces are available.
• Accessibility standards: None or don’t know
• Description of accessibility: Our service is designed to enable both online and offline access to user data. ; Offline data is cached securely until the customer is able to access online services. ; The customer is able to access the service via public internet or though secure VPN access.
• Accessibility testing: A specific test plan is generated for the user as soon as the requirement is understood. This enables Rowden to modify the interface due to firmware incompatibilities or to enable a specific requirement.
• API: Yes
• What users can and can't do using the API: Rowden believe in open architectures and as such provide a detailed set of APIs that can be used by the customer to modify data or services that are available. ; ; The API is not generic and is adjusted to reflect the needs of the customer. Access to the API is via end to end encryption in most cases but niche deployments may provide reason to have a public API.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Rowden do not believe that a single solution provides the flexibility the our users require. ; We are able to customise our service across the whole stack. From front end re-design to adding additional service capabilities and hardware integration. ; ; We also provide a platform to 3rd party or MOD / Government partners to contribute or customise the service. This enables evergreening and remove the potential for vendor lock-in

Scaling

• Independence of resources: By offering a cloud based solution in multiple UK datacentres and working with users to understand the capacity and load baseline requirements we are able to scale independantly of other users.; ; Once in production, our expert network and hosting architecture staff will monitor and manage all service supporting components to ensure the service is maintained.

Analytics

• Service usage metrics: Yes
• Metrics types: Rowden provide a custom set of metrics that can be reported on either in real time or via scheduled reports. ; ; There is a vast set of metrics that can be reported on, as an example; Geo Spatial location ; Number of Active users; Security violations ; User separation data; User interaction data; Crash reports; UI interactions
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Rowden respects that your data is your data. It can be removed by you at any time. Depending on the customers needs Rowden will either automate the process or provide user access to date. ; Often there is a requirement to transform the data to enable further exploitation this is a service that is provided.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Raw database export
  • Source Code
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We will provide the user with compensation in the form of a service extension if through the fault of the Supplier the service has been degraded to such a level as to prevent the user from gaining access.; ; All UK datacentres used have a 99.9% uptime. As part of the on boarding process specific buisness critical SLAs can be requested including the ability to specify critical events that will require additional support or resource.
• Approach to resilience: We build our public cloud solutions to utilise the redundant and fault tolerance features of the cloud. Servers can be distributed across multiple availability zones and regions and duplicated where appropriate to provide fault tolerance across all disaster scenarios.; ; Using the latest clustering techniques we are able to provide elastic scaling on demand ensuring high performance is maintained across all traffic demands.; ; We utilise the latest DevOps and Infrastructure-As-Code practices to create dynamic, scalable and resilient applications that are easy to maintain, cost efficient and reliable.
• Outage reporting: In the event of an outage, the Service Delivery Manager contacts the the user to inform them. The User also has full access to a management dashboard with configurable email alerts. Further updates are then communicated using a combination of methods, including the dashboard, phone, or email in accordance with the severity of the outage as documented in our Incident Management process.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
• Access restrictions in management interfaces and support channels: Azure Active Directory (Azure AD) has been incorperated to identity and access management interfaces. Azure AD is a multitenant, cloud-based directory and identity management service from Microsoft. It combines core directory services, application access management, and identity protection into a single solution.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Rowden utilise a bespoke Information Security Policy which is governed at board level and tailored to support individual projects.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to component configuration are submitted to a Minor or Major change management process with the aim of maintaining operational service whilst incorperating the change as quickly as possible. All changes are technically reviewed, risk-assessed, scheduled and then re-reviewed post-implementation.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Security reviews are performed every quarter and discussed at service review meetings. We also offer automated security testing thoughout the life of the service and specific security testing after any system level change has be implemented.; ; An annual independent 3rd party vulnerability and security testing audit is avaliable sure the user request, this will be condcted using an independent ISO27001 security testing company.; ; Critical issues found are raised immediately via the service desk to be fixed by the support team under SLA.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Events can be configured both by the users and the Service Delivery team to trigger alerts. If an attack is detected, alerts will be raised and outputs from the logging platform used to create a mitigation response. These alerts are integrated into our support service. All incidents and security events are resolved under SLA.
• Incident management type: Supplier-defined controls
• Incident management approach: All incidents are reported into a central monitoring dashboard, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution. Rowden Technologies operates to a robust Incident Management process that can be tailored to the users requirements.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Rowden Technologies Ltd is committed to achieving Net Zero emissions by 2050 or sooner. Rowden uses spend analysis to understand its carbon footprint. Spend analysis applies carbon intensity factors to procurement categories (such as postage, accommodation, electricity, travel, etc.) to estimate a carbon footprint. This approach is widely used and is recognised by the GHG Protocol. Rowden uses Spherics carbon accounting software to assess its emissions. Rowden’s target is to reduce its emissions by 25% based on per head calculations by 2030. Rowden operates two carbon offsetting schemes. Over the past 14 months Rowden has worked with its partner Ecologi to plant 7300 trees and offset 533.37 tons of CO2. Rowden has supported climate projects across the globe, including peatland restoration and conservation in Indonesia, generating clean electricity from hydropower in India and onshore wind energy generation in Taiwan. Our progress can be viewed here: https://ecologi.com/rowdentechnologiesltd As part of Rowden’s commitment to being a next generation systems integrator, we take managing our environmental impact very seriously. The following initiatives demonstrate some of our key carbon reduction or offsetting initiatives that are currently. Electric Vehicle (EV) Charging Rowden has built Electric Vehicle (EV) Charging infrastructure at its Bristol HQ. While Rowden currently does not own any vehicles, EVs will be prioritised as part of any vehicle procurement initiatives. Rowden encourages active travel to work through cycle to work schemes and cycling infrastructure. Reducing the impact of our HQ site Rowden’s sustainability champions run campaigns focused on reducing energy use at Rowden HQ, including reducing evening and weekend energy consumption. The office has been designed with sustainability in mind, including using automatically controlled lighting and energy efficient evaporative air-cooling systems. Recycling is prioritised and measured.
• Wellbeing:

  Wellbeing

  Rowden has numerous policies and practices that specifically encourage health and wellbeing in the workplace. A selection of these are outlined below: Board-level commitment to the importance of health and wellbeing at work. Good physical workplace conditions, including on-site gym and ‘wellness room’. Mental health resources, such as ‘wellness action plans’ and access to employee assistance programs. Health-focused benefits such as company sick pay, a cash plan for routine health expenses and income protection insurance. Financial wellbeing platform, with one on one financial coaching Open communication about mental health – e.g. training for line managers, embedding mental health and wellbeing questions into 121s, sharing resources with employees, signposting additional support, etc. Commitment to inclusion in the workplace, outlined in an Equality, Diversity and Inclusion strategy. Cycle-to-work scheme and facilities for active travel to work. Hybrid working and flexibility with office hours. Healthy lunch and snacks provided for all employees every day. Strong focus on culture and cooperative team behaviours, as well as a focus on dealing with conflict maturely and respectfully, and supporting one another. Implementation of employee voice mechanisms, allowing employees to have feedback on issues related to their employment. Strong Covid-19 response – with an emphasis focus on communication, employee feedback and mental health considerations.

Pricing

• Price: £450 a unit a day
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Rowden will support the user to define what they want to trial before providing a 1 month free to use trial. ; All data generated by the user will be avaliable for export if required.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@rowdentech.com. Tell them what format you need. It will help if you say what assistive technology you use.