Skip to main content

Help us improve the Digital Marketplace - send your feedback

COPADO LIMITED

Copado

Service is a multiuser, transaction-based application suite for deployment of metadata and for products that enable processing of the below:

● Plan development activities
● Organise+ maintain development pipelines
● (Re)commit files & metadata
● Manage gates and deployment
● Scan security and quality
● Test functionality prior to release

Features

  • Version Control Integrations
  • Scheduled CI Jobs
  • Branch Management
  • Rollback
  • Snapshot Differences
  • Copado CLI Plugin
  • Commit Grid
  • Custom Settings Deployment
  • Quality Gate Rules
  • SCA Scans

Benefits

  • Seamlessly integrates with GitHub, Bitbucket for streamlined version management+collaboration
  • Automates continuous integration tasks, ensuring timely execution and efficiency.
  • Simplifies branch creation and management, enhancing team collaboration and workflow.
  • Offers instant rollback capabilities for quick reversion to stable states.
  • Identifies discrepancies between environments, facilitating synchronisation and conflict resolution.
  • Provides a user-friendly command-line interface.
  • Enables tracking+management of changes to version control and user stories
  • Allows for precise updates to custom settings across different environments
  • Sets strict quality standards for deployments, ensuring only high-quality builds
  • Code quality and security by scanning for vulnerabilities

Pricing

£2,400 to £3,360 a user

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mhill@copado.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 3 5 6 9 6 1 0 0 7 0 7 9 7 3

Contact

COPADO LIMITED Matt Hill
Telephone: 7894097542
Email: mhill@copado.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Copado is an add-on for Salesforce, and requires an installation from the Salesforce AppExchange in order to function.
Cloud deployment model
Public cloud
Service constraints
Planned Maintenance Windows: Copado undergoes planned maintenance which is communicated in advance.
Support for Major Versions: Supports the two most recent major versions per year.
Version Control System Requirement: Integration with a version control system (VCS) like GitHub or Bitbucket is necessary.
API Limits: Copado might consume significant Salesforce API calls, impacting Salesforce daily API limit.
Hardware and Network Requirements: Adequate internet connectivity and compliance with network security policies.
Data Deployment Limits: Limitations on the number of records and the size of data that can be deployed using Copado Data Deploy.
System requirements
  • Salesforce User License
  • Version Control System

User support

Email or online ticketing support
Email or online ticketing
Support response times
24/7 Severity 1 and 2 coverage includes weekends and holidays
Severity 3 and 4 target response times include local business hours only and exclude weekends and holidays.

Level 1 Critical = 1 hour, Level 2 Urgent = 2 hours, Level 3 High = 4 hours, Level 4 Medium = 8 hours
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
This is what Salesforce strives for and Copado would inherit their accessibility standards.
Onsite support
No
Support levels
There are three main tiers: Success, Success+, and Success Signature, with costs being 15%, 25%, and 50% of the net license cost, respectively. Technical Account Manager (TAM)
Availability: Included in the Success Signature plan, which is the highest tier of support offered by Copado.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Copado CI/CD supports users in starting with the service through a comprehensive blend of educational resources and support mechanisms designed to cater to a wide range of learning preferences and requirements:

Online Training: Copado Academy offers a rich library of online courses and certifications for various roles, including admins, developers, and release managers, facilitating self-paced learning.
User Documentation: Comprehensive documentation is available, covering everything from getting started guides, best practices, to detailed feature explanations, ensuring users can find answers to specific queries.
Copado Community Access: Users can engage with the Copado Community for peer support, discussion groups, and access to a wealth of shared knowledge and experiences.
Webinars and Demos: Regularly scheduled webinars, including live demos, provide insights into best practices, feature updates, and allow users to ask questions in real-time.
Support and Customer Success: Dedicated support and customer success teams are available to assist with technical issues, guide strategic implementation, and ensure users maximize their investment in Copado.
DevOps Exchange: Provides access to a repository of integrations, templates, and add-ons to extend Copado's functionality, supported by documentation and community insights.
Onsite Training and Workshops: For organisations seeking tailored training, Copado offers the possibility of onsite workshops and training sessions.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Copado does not provide exports of data, as data is not retained after it is processed. Data deletion is completed after agreement termination after customer request is approved, and data erasure can be requested at the time of termination or at any time by the customer.
End-of-contract process
There is no additional cost at the end of the contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Copado is built on top of Salesforce, and makes use of the standard Salesforce service interface. Access to the service interface is controlled by the customer inside of Salesforce.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
This is what Salesforce strives for and we would inherit their accessibility standards.
API
Yes
What users can and can't do using the API
Copado uses a private REST api
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Yes, Copado is built on the Salesforce platform which allows significant levels of customization to how our service is configured and operates.

Scaling

Independence of resources
The Copado front end is installed on a customer’s Salesforce instance with demand managed by Salesforce. The Copado backend is on a scalable GCP architecture that grows to manage increases in demand.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Copado does not provide exports of data, as data is not retained after it is processed. Data deletion is completed after agreement termination after customer request is approved, and data erasure can be requested at the time of termination or at any time by the customer.
Data export formats
  • CSV
  • ODF
  • Other
Data import formats
  • CSV
  • ODF
  • Other

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Standard SLA is 99.5%. If Services Availability falls below 99.5% during any Reporting Period, Customer’s exclusive remedy for violation of the SLA shall be the Service Credits outlined below.
Scheduled Uptime Service Credit
Less than 99.5% - 3%
Less than 98% - 5%
Less than 95% - 10%
Less than 90% - 25%
To receive a Service Credit, Client must notify Copado support within 30 days of the end of the Reporting Period in which the Availability falls below the thresholds set forth in the table above. Under no circumstance shall the Unavailability of the Services be deemed a default under the Agreement. If Copado fails to maintain the minimum performance standards described herein for (i) two consecutive months; or (ii) any three-month period in any rolling twelve-month period, the Customer shall have the right, at its sole option, to terminate their Agreement (in whole or in part) upon written notice to Copado. If the Customer elects to terminate the Agreement (in whole or in part) due to Copado’s performance, Copado shall refund all prepaid and unearned amounts based on the remaining months of the Agreement term.
Approach to resilience
Copado follows a warm failover DR strategy. Where available data is mirrored to a secondary site hourly. In the event of a system outage Copado will fail over to an alternate site to meet RTO/RPO objectives.
Outage reporting
A status page is available at https://status.copado.com which contains status updates as well as historical uptime details.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
Other user authentication
All authentication occurs through Salesforce. Copado inherits the existing SSO and Security settings defined by the customer through Salesforce.
Access restrictions in management interfaces and support channels
Copado uses least privilege, role-based security architecture and requires users of the system to be identified and authenticated prior to the use of any system resources. Employees are authenticated into systems that contain sensitive data by using Single Sign On (SSO) and multifactor authentication (MFA). Also separately sign on to any systems or applications that do not use SSO functionality.Additional layer of security teams access through VPN. If support is specifically requested, access will be granted through customer’s Salesforce Org and will be configured for a time period set by the customer.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
A-LIGN
ISO/IEC 27001 accreditation date
29/04/2022
What the ISO/IEC 27001 doesn’t cover
Copado is a DevOps and testing tool for Salesforce. The scope of this certification includes the Copado DevOps, Robotic Testing, and Essentials tools.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • SOC2
  • FEDRAMP

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
SOC2, FEDRAMP
Information security policies and processes
The Copado security framework consists of policies, procedures and controls that align to ISO 27001, SOC 2, FedRAMP and GDPR and other applicable privacy requirements. Copado's Risk Governance Plan includes all aspects of Copado systems, applications, networks, and employees. The Copado ISMS has established policies relating to each of these areas including (but not limited to):
Personnel Security Policy
Personally Owned Devices Policy
Remote Access Policy
Security Awareness and Data Privacy Training Policy
Systems Security Planning Policy
Workstation Policy
Network Security Policy
All policies are reviewed annually, approved by management, and available to all employees on an internal security website. Policies are acknowledged by employees upon hire as well as annually using a tool called Drata.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Copado maintains a Configuration and Change Management Policy which is reviewed annually, approved by management, and available to all employees on an internal security website.

We maintain the described policies, which are reviewed annually by management.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerability scanning is performed on a regular cadence, and at least weekly, in accordance with Copado’s Vulnerability Management policy. Policy is reviewed and approved by Management annually. These technologies are customized to test the organization's infrastructure and software in an efficient manner while minimizing the potential risks associated with active scanning. Retests and on- demand scans are performed on an as needed basis.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We have a suite of monitoring and compensating controls that are in place to work to mitigate this risk, these tools include GCP Security tools, Expel, Snyk, Detectify, Uptycs, among others. Alerts are configured and investigated by the Security operations team daily, if remediation is required the security operations team would create a security ticket to track any investigation/remediation until completion. Copado maintains an Incident Response Policy and procedures which are tested and trained upon annually. Testing includes tabletop exercises. The policy is reviewed annually, approved by management, and available to all employees on an internal security website.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Copado maintains an Incident Response Policy and procedures which include predefined processes for common events. The policy is reviewed annually, approved by management, and available to all employees on an internal security website. Testing and training on incident response procedures occurs annually and includes tabletop exercises. Users can report incidents by emailing security@copado.com or using our anonymous hotline which can be found on https://www.copado.com/platform-security. Incident reports are primarily provided via email, but depending on the severity of the event may be communicated in other ways including a written report, link via secure box drive, and virtual meeting.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

Fighting climate change

We are an online SaaS provider, with no offices and limited commute for employees with minimum emission. We also rarely perform any on-site tasks for customers and have limited travel + emission.

Equal opportunity

Creating a culture of diversity, equity, and inclusion and belonging is up to every one of us at Copado. Thinking about diversity across all dimensions including gender, ethnicity, backgrounds, and even thought gives us a competitive advantage and is consistent with our COPA values and being a mission-driven company.

Wellbeing

Our employees wellbeing is a top priority for Copado and ensuring a work place with room for being honest and honest about well being is a priority.

Pricing

Price
£2,400 to £3,360 a user
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
There is an option to use Copado Essentials on a trial basis (a basic version of Copado's core product) for a limited time period.
Link to free trial
https://docs.essentials.copado.com/en/articles/4109800-free-license-usage-and-terms-of-service

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mhill@copado.com. Tell them what format you need. It will help if you say what assistive technology you use.