THE CURVE CONSULTING SERVICES LIMITED

The Curve - Cloud Software Services

Our software development service delivers high-quality, customer-focused solutions across all sectors & technologies. The Curve can help with actually writing code in all current technologies, but we can also help to create the right environment to make you more effective in the medium and long term.

Features

• Ubiquitous access for multi-site & multi-device collaboration
• Self-service configuration and management
• Scalable Platform
• Fully-Managed Service

Benefits

• Enables collaboration between multiple users across multiple sites
• Leverages cost-effective cloud-based operation
• General productivity/workflow efficiencies/increase
• Delivers Disaster Recovery & Business Continuity

£0.02 a gigabyte

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lt@thecurve.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

680079102299126

Contact

Mai Mai Steele
0114 303 4070
lt@thecurve.io

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Our software services can be adapted to the customer's requirement and environment. The software we build for customers can be integrated with existing bespoke and/or third party solutions as well as being run as a standalone service.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Network Connection Dependency. To fully benefit from cloud computing services, your business or consumers must always have an internet connection.
• System requirements: All system requirements are determined per Customer/project engagement.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Type of Response by Severity Level; ; Time to first response; Critical (Severity 1) - Immediate(when raised by phone); Major (Severity 2) - 4 business hours; Minor (Severity 3) - 24 business hours; ; Update frequency; Critical - every hour; Major - every 4 business hours; Minor - every 24 business hours; ; Root Cause determination (time starts after issue reproduction); Critical - 48 hours; Major - 60 business hours; Minor - 12 business days; ; Contact Channels; Critical - Phone (recommended), Email, Ticketing; Major - Email, Ticketing; Minor - Email, Ticketing
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We outsource our ticketing software so we've not done any direct testing ourselves.
• Onsite support: Yes, at extra cost
• Support levels: Bronze Support 8x5 (M-F 0900 - 1700) Email/Ticket Support only, 100 cases p.a. up to 2 named contacts, £10,000 p.a.; ; Silver 24x5 (M-F 0001-2359) Email/Ticket/Phone Support, 500 cases p.a., up to 5 named contacts, £25000 p.a.; ; Gold 24x7x365 Email/Ticket/Phone Support, Unlimited cases, up to 8 named contacts, £50000 p.a. ; ; Platinum 24x7x365 Email/Ticket/Phone Support, Unlimited cases, up to 10 named contacts, £75,000 p.a. 1 Named Support Engineer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Entirely dependent on the customer, their requirements and their operating environment - we provide any/all user help methods: onsite training, online training and/or user documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: Google docs
• End-of-contract data extraction: As the data is protected and stored in the cloud, the Customer is provided with full access to their data as required. There are a number of export mechanisms if the goal is to move away from the service and is situation-dependent.
• End-of-contract process: The nature of our contracts are varied. This is something to be discussed and agreed with the Customer. We work closely with our partners as well to ensure smooth handover.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We build solutions that fully support the customer's requirements. We optimise the mobile and desktop versions so that each does the right thing well. Many solutions are web based and can easily be made into mobile apps, and will take into account the differences like format, device type, bandwidth, touch input, slower processers and portrait screens.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service interface is defined by the project requirements. The service interface will be fully documented in the Customer's technical solution design document.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: To date, we've not perform any interface testing with users of assistive technology. We are happy to do so if assistive technology capability are to be included as part of a Customer requirement.
• API: Yes
• What users can and can't do using the API: The functionality of API's vary from project to project and their functionality and attributes will be documented in the technical specification that accompanies each solution design.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The customisation of our software solutions vary from project to project and their functionality and attributes are documented in the technical specification that accompanies each solution design.

Scaling

• Independence of resources: Each cloud instance is discreet & separate by design. The services are designed to be scale and reactive to changes in both load and demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Depending upon the Customer's operational environment and requirements, some key service metrics available for measuring & reporting include, but are not necessarily limited to:; ; Ticket Volume,; Average Resolution Time,; Average First Response Time,; Average Handle Time,; and First Contact Resolution Rate.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Amazon Web Services, Microsoft Azure, IBM Cloud

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: As a Cloud Provider Reseller, each service allows several options for encrypting data at rest, for additional layer of security, ranging from completely automated encryption solution to manual client-side options. Each solution is tailored to customer's stated requirements as part of the technical solution design.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data export can be achieved using industry recognised formats such as tarball, ftp, json, csv, email, other similar binary formats. The customer's operational environment will no doubt influence which formats will be used as required.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Json
  • Tarball
  • Email
  • Tsv
  • Xml
  • Excel
  • Html
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Json
  • Ftp
  • Tarball
  • Tsv
  • Xml
  • Excel
  • Html

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: As we are a Reseller, we use the SLA's offered by the Cloud Provider... links for AWS: https://aws.amazon.com/s3/sla/ ; MS Azure: https://azure.microsoft.com/en-us/support/legal/sla/ ; IBM CLoud: https://cloud.ibm.com/docs/overview?topic=overview-slas
• Approach to resilience: Information on how our service is designed to be resilient is available upon request.
• Outage reporting: Service outages are reported directly to The Curve's Support Team for action via email and SMS.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: We have full identity and access management control - customer has the ability to define user's groups, controls, policies & permissions.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Working towards ISO 27001, 9001
  • Resold providers fully compliant to several certs i.e. ISO, PCI

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We are in the process of pursuing ISO security standard accreditation. Currently, we have an internal information security policy best practice which adopts a risk-based approach, sets the direction of investment decisions, ensure conformance with internal and external requirements, fosters a security-positive environment for all stakeholders. We also review performance in relation to business outcomes.
• Information security policies and processes: We have an information security policy and follow processes accordingly. This policy can be provided to customers upon request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have an internal configuration and change management policy and follow processes accordingly. This policy can be provided to customers upon request.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We have an internal vulnerability management policy and follow processes accordingly. This policy can be provided to customers upon request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have an internal protective monitoring policy and follow processes accordingly. This policy can be provided to customers upon request.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an internal incident management policy and follow processes accordingly. This policy can be provided to customers upon request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)
  • Other
• Other public sector networks: PSNs could be connected as dictated by customer requirements

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Helping organisations transition to digital solutions reducing their environmental impact through paperless services

  Equal opportunity

  allowing people to access information / data from remote locations, empowering people with different abilities, needs, and preferences

  Wellbeing

  providing ability for organisations to better manage workloads and therefore stress

Pricing

• Price: £0.02 a gigabyte
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Dependent upon cloud provider. Free tier options are available - details provided upon request.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lt@thecurve.io. Tell them what format you need. It will help if you say what assistive technology you use.