Mosaic Island

Cloud Applications Development & Delivery

Enterprise Java software / system development, integration, delivery and support of cloud based applications. Includes migration of 3rd party java applications to cloud within 'lift & shift replatforming and re-engineering' approaches.

Features

• Application Java based Software to realise requirements
• Published APIs / Services Catalogues
• AWS hosted including Infrastructure as Code
• Knowledge management recorded for full Application Lifecyle
• Technical Support & Cloud Operations (subject to requirement)
• Automated Assurance and Deployment (CI/CD)
• Agile based development methodology
• Managed upgrades / replacement of components
• Training and knowledge transfer to customer organisation
• Auto scaling based on traffic profiles

Benefits

• Custom Application Software to realise Business Requirements
• Published service levels
• Use of AWS Cloud hosting optimising operating costs
• Application delivery for people, processes and technology
• Maintained application software within managed roadmap

£25,000 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.silcock@mosaicisland.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

661150737796285

Contact

Tony Silcock - Head of Operations
07595594926
tony.silcock@mosaicisland.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Choice of infrastructure sizing configurations that determine performance; ; Choice of SLAs with different levels of Service Availability, RPO, Response and Fix times.
• System requirements:
  • Spring Java based Software Solution
  • AWS Cloud hosting

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We have a choice of service levels available. The specific arrangement suitable for your needs will be discussed as part of the initial scoping work.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer a choice of SLAs with different levels of Service Availability, Recovery Point Objective; Recovery Time Objective, Incident/Event Response and Fix times. Support levels can be tailored to client requirements.; ; An account manager will be the contact for service related matters. Engineerings provide technical support when required
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As part of service transition phase, full documentation is written and issued on service architecture, process operation, cloud deployment and user management. Training can be provided to operations users and to service users
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Code: Github (Java / SQL / Terraform)
  • Jira Issue Management System & Confluence Wiki
  • MS Teams or Slack
  • Knowledge mgmt: Sharepoint (Dropbox or Google Drive)
  • Lucidchart (or Visio or Omnigraffle)
• End-of-contract data extraction: Data exports:; - a backup / copy of the database; - a copy of the code (access to the repository to clone artefacts); - service documentation; - configuration data; - a service termination document that governs exit management and data transfer / destruction (as required)
• End-of-contract process: Exit plan is maintained within contract / standard operations; Termination notice is issued; Transition plan is agreed to implement the exit plan; Artefacts and data are transferred or destroyed as required; Integration / Exit management support is provided by account / technical teams

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Browser based access uses HTML 5 / bootstrap responsive pages to enable access by both mobile and desktop browsers
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Administration / configuration management Web UI is provided
• Accessibility standards: None or don’t know
• Description of accessibility: Web UI can be adapted to comply with WCAG accessibility standards
• Accessibility testing: Testing can be completed if required as part of implementation phase
• API: Yes
• What users can and can't do using the API: - Rest and SOAP based API operations for access service functionality, service orchestration, and business processing. ; ; - 3rd party applications / clients can be integrated using published APIs
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Software delivery can be tailored to clients needs. Requirements analysis and solution assessment is completed within discovery /initiation phases of any engagement

Scaling

• Independence of resources: Each deployment is within a client AWS account; By use of dedicated accounts this ensures segregation of each client's deployment and data

Analytics

• Service usage metrics: Yes
• Metrics types: Service usage metrics can be tailored to client needs. We recommend use of a specialist monitoring tools such as New Relic Application Performance Monitoring and Logz.io to provide insight on performance and issue management ( in addition to AWS Cloudwatch metrics)
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Use of AWS Cloud with encryption and IAM based access controls on Data at Rest e.g. in S3 / RDS
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be exported via:; - API; - batch files in XML, CSV format; - DB Backups.; - Via Web UI (low volume)
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • DB backup (e.g. SQL)
  • CSV
  • XML
  • API
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • DB Backup
  • API
  • CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Service levels tailored to client requirement. Application service levels up to 99.9% availability underpinned by AWS 99.99% availability (https://aws.amazon.com/compute/sla/). If service performance does not the service level then service credits are issued on a tiered scale to discount future months payments (or any adhoc service development work). If service has been terminated and the service is within the final month then a service credit payment is issued.
• Approach to resilience: Use of AWS infrastructure with automated recovery / resilient based on client requirement. For example an application that fails healthchecks can be replaced in < 5minutes. If contiguous availability is required the service can be provisioned to N+1 availability for each component within the service with a region using availability zones. If loss of service due to loss of an AWS region is required then inter-region availability can also be implemented - subject to requirement assessment.
• Outage reporting: AWS Dashboard; Use of Reporting Services; Email alerts; Web GUI

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: AWS IAM.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: May 2024
• What the ISO/IEC 27001 doesn’t cover: N/A - All supporting IT services and departments of Mosaic Island are in scope in accordance with our Statement of Applicability.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001 controls in line with Mosaic Island Statement of Applicability. This includes a customer security assessment completed for each engagement by the engagement lead and approved by the Head of Information Security.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Use of Jira Service Desk to control change requests. ; Use of terraform / Github actions to codify infrastruction and application changes ; Documentation of change requests -> current state operations artefacts updated ; implementation plan with roll forward & rollback instructions; testing of procedure in QA before production; ; Security impacts are assessed based on change type; to determine change risk and mitigation controls such as security testing or use of AWS trusted advisor to identify issues and risks
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Use AWS Trusted Advisor to monitor for potential vulnerabilities.; Use of Github dependant to advise of security issues with software so they can be patched. ; Promote upgrading of components to latest versions; Use of containers within AWS cloud services to reduce infrastructure and services being managed
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Subject to assessment with customer: use of AWS Guard Duty and New Relic APM
• Incident management type: Supplier-defined controls
• Incident management approach: Use of workflow within Jira Service Desk to report and govern incidents

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Mosaic Island recognises the importance of environmental and sustainability issues, and how these contribute to overall climate change. We therefore consider these matters in all our business decisions, ensuring we adhere to our company environmental policy, demonstrating our commitment to the wider community and clients. Remote working has a positive impact on a company’s environmental footprint and is a huge factor into why we made a permanent shift to having a remote workforce, and closing our main office which therefore brings a reduction in our individual and business carbon footprints. We prioritise the procurement of eco-friendly products and services from local suppliers, emphasising the reduction of environmental impact throughout our supply chain and ensuring that they are produced and supplied in a sustainable fashion, do not contain toxic materials, and can be recycled and/or are produced from recycled materials. We actively seek suppliers who share our dedication to sustainable practices. By collaborating with environmentally conscious suppliers, we aim to create a network that collectively contributes to the preservation of our planet. Our services prioritise energy efficiency, and we advocate for the adoption of green technologies that align with carbon reduction goals. We also work closely with our customers to implement strategies that optimise their eco systems, reducing overall carbon footprint. We have an efficient use of equipment – by keeping our surplus electronic equipment out of the landfill. At times when our business replaces electronic items, we recycle as much as possible, by holding technology auctions to our employees. All proceeds are then donated to charity. We have introduced a work cycle scheme, encouraging all our people to be eco-friendly with their transportation. In addition, we report on our carbon footprint which helps increase transparency and accountability in our supply chain.

  Equal opportunity

  Our Diversity & Inclusion committee is in place to ensure we are prioritising an inclusive working environment. As part of this ongoing commitment to creating an inclusive workplace and to close the disability employment gap, we ensure our entire workforce undertakes compulsory training on equality and diversity. We also make sure our hiring process is inclusive, and we ensure we include language that appeals to a wider breadth of people. We also carry out work assessments which provide a framework of questions to help understand how best to cater for our people’s needs; this provides equality to all and ensures no one feels isolated. We also make sure we use the most modern and up to date technology to create more opportunities for people without restrictions, as well as operating a fully flexible working environment which ensures restrictions such as inaccessible public transport can be avoided as an example. We have clear policies that outline our position on equality including a statement on the prevention of Modern Slavery and Human Trafficking. These policies affirm our zero-tolerance approach and governs all our business dealings and the conduct of all persons or organisations with whom we contract directly or who we appoint on our behalf. We have compiled a supplier code of conduct which formally explains how we expect suppliers to operate, which includes relation to avoiding labour exploitation and driving equal opportunities. All our contracts require our suppliers to adhere to this policy and we will not engage with any supplier that does not. We have adequate controls in place to manage, monitor and mitigate such risks which inform us which parts of our Supply Chain or Business areas are most vulnerable. Our risk assessment is reviewed periodically and updated to ensure that our controls remain appropriate and robust.

  Wellbeing

  As a fully remote working organisation, it is especially important for us to combat any potential feelings of isolation and ensure our people are happy, engaged, and productive. Health and wellbeing play a large part in this and is always encouraged throughout our workforce. We conduct regular initiatives to build stronger physical and mental health, this became more apparent throughout the COVID19 pandemic where the strongest of mindsets were tested. Initiatives such as team step challenges to encourage the importance of keeping active. We also run weekly coffee mornings to ensure we communicate regularly with the team, also encouraging people to take regular breaks. We run regular initiatives for ‘mental health awareness week’, which include encouraging time spent outdoors, connecting with nature, checking in with people and taking breaks, supported by our 5 qualified Mental Health First Aiders, who act as a point of contact for all mental health and wellbeing matters. We have a Diversity/Inclusion committee which includes the topic of mental wellbeing, where monthly workshops are held. We assess risk, provide resources, promote mental wellness strategies, and evaluate the effectiveness of relevant initiatives running. Our most recent workshop was a campaign for workplace culture change called ‘bringing your whole self to work’ which empowers employees to support their own and others wellbeing. We have active Cycle Scheme and Gym membership initiatives to encourage physical and mental health benefits. We provide proactive support including Employee Assistance Programmes which provide access to support services including qualified, confidential guidance and counselling to ensure our people have the support needed. All of these topics and resources are documented on our central ‘hub’ accessed by our workforce, including details of any initiatives we run, signposting to useful organisations and helpful guidance and advice on health and wellbeing.

Pricing

• Price: £25,000 a unit a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.silcock@mosaicisland.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.