Copado
Service is a multiuser, transaction-based application suite for deployment of metadata and for products that enable processing of the below:
● Plan development activities
● Organise+ maintain development pipelines
● (Re)commit files & metadata
● Manage gates and deployment
● Scan security and quality
● Test functionality prior to release
Features
- Version Control Integrations
- Scheduled CI Jobs
- Branch Management
- Rollback
- Snapshot Differences
- Copado CLI Plugin
- Commit Grid
- Custom Settings Deployment
- Quality Gate Rules
- SCA Scans
Benefits
- Seamlessly integrates with GitHub, Bitbucket for streamlined version management+collaboration
- Automates continuous integration tasks, ensuring timely execution and efficiency.
- Simplifies branch creation and management, enhancing team collaboration and workflow.
- Offers instant rollback capabilities for quick reversion to stable states.
- Identifies discrepancies between environments, facilitating synchronisation and conflict resolution.
- Provides a user-friendly command-line interface.
- Enables tracking+management of changes to version control and user stories
- Allows for precise updates to custom settings across different environments
- Sets strict quality standards for deployments, ensuring only high-quality builds
- Code quality and security by scanning for vulnerabilities
Pricing
£2,400 to £3,360 a user
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
6 3 5 6 9 6 1 0 0 7 0 7 9 7 3
Contact
COPADO LIMITED
Matt Hill
Telephone: 7894097542
Email: mhill@copado.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Copado is an add-on for Salesforce, and requires an installation from the Salesforce AppExchange in order to function.
- Cloud deployment model
- Public cloud
- Service constraints
-
Planned Maintenance Windows: Copado undergoes planned maintenance which is communicated in advance.
Support for Major Versions: Supports the two most recent major versions per year.
Version Control System Requirement: Integration with a version control system (VCS) like GitHub or Bitbucket is necessary.
API Limits: Copado might consume significant Salesforce API calls, impacting Salesforce daily API limit.
Hardware and Network Requirements: Adequate internet connectivity and compliance with network security policies.
Data Deployment Limits: Limitations on the number of records and the size of data that can be deployed using Copado Data Deploy. - System requirements
-
- Salesforce User License
- Version Control System
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
24/7 Severity 1 and 2 coverage includes weekends and holidays
Severity 3 and 4 target response times include local business hours only and exclude weekends and holidays.
Level 1 Critical = 1 hour, Level 2 Urgent = 2 hours, Level 3 High = 4 hours, Level 4 Medium = 8 hours - User can manage status and priority of support tickets
- No
- Phone support
- No
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- This is what Salesforce strives for and Copado would inherit their accessibility standards.
- Onsite support
- No
- Support levels
-
There are three main tiers: Success, Success+, and Success Signature, with costs being 15%, 25%, and 50% of the net license cost, respectively. Technical Account Manager (TAM)
Availability: Included in the Success Signature plan, which is the highest tier of support offered by Copado. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Copado CI/CD supports users in starting with the service through a comprehensive blend of educational resources and support mechanisms designed to cater to a wide range of learning preferences and requirements:
Online Training: Copado Academy offers a rich library of online courses and certifications for various roles, including admins, developers, and release managers, facilitating self-paced learning.
User Documentation: Comprehensive documentation is available, covering everything from getting started guides, best practices, to detailed feature explanations, ensuring users can find answers to specific queries.
Copado Community Access: Users can engage with the Copado Community for peer support, discussion groups, and access to a wealth of shared knowledge and experiences.
Webinars and Demos: Regularly scheduled webinars, including live demos, provide insights into best practices, feature updates, and allow users to ask questions in real-time.
Support and Customer Success: Dedicated support and customer success teams are available to assist with technical issues, guide strategic implementation, and ensure users maximize their investment in Copado.
DevOps Exchange: Provides access to a repository of integrations, templates, and add-ons to extend Copado's functionality, supported by documentation and community insights.
Onsite Training and Workshops: For organisations seeking tailored training, Copado offers the possibility of onsite workshops and training sessions. - Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- Copado does not provide exports of data, as data is not retained after it is processed. Data deletion is completed after agreement termination after customer request is approved, and data erasure can be requested at the time of termination or at any time by the customer.
- End-of-contract process
- There is no additional cost at the end of the contract.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- Copado is built on top of Salesforce, and makes use of the standard Salesforce service interface. Access to the service interface is controlled by the customer inside of Salesforce.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- This is what Salesforce strives for and we would inherit their accessibility standards.
- API
- Yes
- What users can and can't do using the API
- Copado uses a private REST api
- API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Yes, Copado is built on the Salesforce platform which allows significant levels of customization to how our service is configured and operates.
Scaling
- Independence of resources
- The Copado front end is installed on a customer’s Salesforce instance with demand managed by Salesforce. The Copado backend is on a scalable GCP architecture that grows to manage increases in demand.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- No
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Copado does not provide exports of data, as data is not retained after it is processed. Data deletion is completed after agreement termination after customer request is approved, and data erasure can be requested at the time of termination or at any time by the customer.
- Data export formats
-
- CSV
- ODF
- Other
- Data import formats
-
- CSV
- ODF
- Other
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Standard SLA is 99.5%. If Services Availability falls below 99.5% during any Reporting Period, Customer’s exclusive remedy for violation of the SLA shall be the Service Credits outlined below.
Scheduled Uptime Service Credit
Less than 99.5% - 3%
Less than 98% - 5%
Less than 95% - 10%
Less than 90% - 25%
To receive a Service Credit, Client must notify Copado support within 30 days of the end of the Reporting Period in which the Availability falls below the thresholds set forth in the table above. Under no circumstance shall the Unavailability of the Services be deemed a default under the Agreement. If Copado fails to maintain the minimum performance standards described herein for (i) two consecutive months; or (ii) any three-month period in any rolling twelve-month period, the Customer shall have the right, at its sole option, to terminate their Agreement (in whole or in part) upon written notice to Copado. If the Customer elects to terminate the Agreement (in whole or in part) due to Copado’s performance, Copado shall refund all prepaid and unearned amounts based on the remaining months of the Agreement term. - Approach to resilience
- Copado follows a warm failover DR strategy. Where available data is mirrored to a secondary site hourly. In the event of a system outage Copado will fail over to an alternate site to meet RTO/RPO objectives.
- Outage reporting
- A status page is available at https://status.copado.com which contains status updates as well as historical uptime details.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Other
- Other user authentication
- All authentication occurs through Salesforce. Copado inherits the existing SSO and Security settings defined by the customer through Salesforce.
- Access restrictions in management interfaces and support channels
- Copado uses least privilege, role-based security architecture and requires users of the system to be identified and authenticated prior to the use of any system resources. Employees are authenticated into systems that contain sensitive data by using Single Sign On (SSO) and multifactor authentication (MFA). Also separately sign on to any systems or applications that do not use SSO functionality.Additional layer of security teams access through VPN. If support is specifically requested, access will be granted through customer’s Salesforce Org and will be configured for a time period set by the customer.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- A-LIGN
- ISO/IEC 27001 accreditation date
- 29/04/2022
- What the ISO/IEC 27001 doesn’t cover
- Copado is a DevOps and testing tool for Salesforce. The scope of this certification includes the Copado DevOps, Robotic Testing, and Essentials tools.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- SOC2
- FEDRAMP
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- SOC2, FEDRAMP
- Information security policies and processes
-
The Copado security framework consists of policies, procedures and controls that align to ISO 27001, SOC 2, FedRAMP and GDPR and other applicable privacy requirements. Copado's Risk Governance Plan includes all aspects of Copado systems, applications, networks, and employees. The Copado ISMS has established policies relating to each of these areas including (but not limited to):
Personnel Security Policy
Personally Owned Devices Policy
Remote Access Policy
Security Awareness and Data Privacy Training Policy
Systems Security Planning Policy
Workstation Policy
Network Security Policy
All policies are reviewed annually, approved by management, and available to all employees on an internal security website. Policies are acknowledged by employees upon hire as well as annually using a tool called Drata.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Copado maintains a Configuration and Change Management Policy which is reviewed annually, approved by management, and available to all employees on an internal security website.
We maintain the described policies, which are reviewed annually by management. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Vulnerability scanning is performed on a regular cadence, and at least weekly, in accordance with Copado’s Vulnerability Management policy. Policy is reviewed and approved by Management annually. These technologies are customized to test the organization's infrastructure and software in an efficient manner while minimizing the potential risks associated with active scanning. Retests and on- demand scans are performed on an as needed basis.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- We have a suite of monitoring and compensating controls that are in place to work to mitigate this risk, these tools include GCP Security tools, Expel, Snyk, Detectify, Uptycs, among others. Alerts are configured and investigated by the Security operations team daily, if remediation is required the security operations team would create a security ticket to track any investigation/remediation until completion. Copado maintains an Incident Response Policy and procedures which are tested and trained upon annually. Testing includes tabletop exercises. The policy is reviewed annually, approved by management, and available to all employees on an internal security website.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Copado maintains an Incident Response Policy and procedures which include predefined processes for common events. The policy is reviewed annually, approved by management, and available to all employees on an internal security website. Testing and training on incident response procedures occurs annually and includes tabletop exercises. Users can report incidents by emailing security@copado.com or using our anonymous hotline which can be found on https://www.copado.com/platform-security. Incident reports are primarily provided via email, but depending on the severity of the event may be communicated in other ways including a written report, link via secure box drive, and virtual meeting.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Equal opportunity
- Wellbeing
Fighting climate change
We are an online SaaS provider, with no offices and limited commute for employees with minimum emission. We also rarely perform any on-site tasks for customers and have limited travel + emission.Equal opportunity
Creating a culture of diversity, equity, and inclusion and belonging is up to every one of us at Copado. Thinking about diversity across all dimensions including gender, ethnicity, backgrounds, and even thought gives us a competitive advantage and is consistent with our COPA values and being a mission-driven company.Wellbeing
Our employees wellbeing is a top priority for Copado and ensuring a work place with room for being honest and honest about well being is a priority.
Pricing
- Price
- £2,400 to £3,360 a user
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- There is an option to use Copado Essentials on a trial basis (a basic version of Copado's core product) for a limited time period.
- Link to free trial
- https://docs.essentials.copado.com/en/articles/4109800-free-license-usage-and-terms-of-service