Cirro

Legacy Application Migration

Cirro helps to take historic applications, those not originally designed for cloud, to work efficiently as a SaaS application. Additionally the team of developers can help modify (or recode) aspects of your application or design and create (or containerise) secure, resilient and optimal Cloud SaaS applications.

Features

• Validate application suitability for Cloud
• Deploy, monitor and optimise application
• Create SaaS improvement plan
• Recode, redeploy, re-architect
• Optimise code base and application
• Create end to end process & documentation
• Create deployment scripts & libraries
• Integrate NoC & SoC monitoring & reporting
• Add alerting & risk monitoring
• Maintain, update and keep secure

Benefits

• Reduce application cost & complexity
• Identify & mitigate risks
• Optimise performance & user experience
• Deliver cloud and mobile native application

£500 to £750 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michaelo@cirro-solutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

728272808039284

Contact

Michael Owen
020 3418 0412
michaelo@cirro-solutions.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Re-design of application components; Re-coding; Re-architecture
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: None
• System requirements:
  • Access to existing application
  • Licensing agreements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We have a full customer SLA. Response time range from 15mins to 4 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Users can ask general question; Raise tickets; Request help
• Web chat accessibility testing: No additional testing has been done
• Onsite support: Yes, at extra cost
• Support levels: It is rare to provide onsite support, however this may be required from time to time and is done so on a case by case basis, charged at time and material.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Initially we run a remote session to understand the initial requirements and run a gap analysis
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: This is delivered to customer requirement
• End-of-contract process: Once the customer has confirmed the data extract requirements, then all data is securely removed from all systems. This process can be recorded, monitored by a customer or a 3rd party and a certificate can be provided (at extra cost).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: This is down to customer requirement
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: This is delivered to customer requirement
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: This is delivered to customer requirement
• API: Yes
• What users can and can't do using the API: This is delivered to customer requirement, if the current application doesn't have an API then this can be coded (created) against customer specification
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: This is delivered to customer requirement

Scaling

• Independence of resources: On our cloud infrastructure we virtually separate resources and guarantee performance (we don't vary the contention ratio).; ; On Public or 3rd party cloud platforms, it isn't possible for anyone organisation to have true independence of resources as the contention ratio is variable

Analytics

• Service usage metrics: Yes
• Metrics types: This is delivered to customer requirement. This can be done as scheduled regular reporting, via a dashboard or a combination.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: This is delivered to customer requirement
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: This is delivered to customer requirement
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: This is delivered to customer requirement
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats: This is delivered to customer requirement

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: This is delivered to customer requirement
• Approach to resilience: This is delivered to customer requirement
• Outage reporting: This is delivered to customer requirement

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: All management interfaces are only accessible by named and security vetted individuals via a two factor authenticated session on an IPSEC v2 VPN tunnel. All connections are logged and audited. Multiple failed attempts automatically lock the individual user account with automated notification sent. All passwords are timed and must be unique and can't be recycled. Cirro also support Software Defined Networking (SDN) virtualisation technologies, including Network Virtualization using Generic Routing Encapsulation (NVGRE) and Virtual Extensible LAN (VXLAN). These technologies are designed to supported better connectivity, access and scalability specifically for cloud computing environments.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: IQS Standards Audits Division
• ISO/IEC 27001 accreditation date: 16/07/2019
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Cirro hold ISO 27001 and has security policies in place which are reviewed:; - following any security incident; - every quarter

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We run a full change control process based on risk, we have a standard change request process, typically for where we, or a customer request a change. We have an urgent change control process which focuses more on averting a potential issue at short notice.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All potential vulnerabilities are assessed and scored against:; - Likelihood of event; - Impact of event; - Ability to identify ; ; These scoring is part of the overall risk assessment and determines how quickly a patch (or change) is implemented, either permanently or temporarily
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We run a full SoC to monitor and detect events.; ; We only open aspects of the environment based on need, by default all other aspects of the environment are locked down. ; ; We run full AV, IDS/IPS, network monitoring, log-on attempts (and failures). We monitor for known vulnerabilities and continue update rules based on real-world threats
• Incident management type: Supplier-defined controls
• Incident management approach: We run a full ticketing and helpdesk system against an agreed SLA and to customer requirement

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Commitment to Reduce Carbon Footprint and Climate-Related Initiatives In alignment with our commitment to reducing our ecological impact, we are dedicated to collaborating with our customers and suppliers to contribute to environmentally sustainable initiatives that improve ecosystems and reduce ecological impact. Our primary objective is to minimise the environmental impact of our operations. Focus on Environmental Impact Reduction Our main focus is to engage in discussions with our customers to explore collaborative approaches for reducing the environmental impact, particularly by minimising non-essential travel, to reduce energy usage and wastage of time and materials, all of which have an impact on operational consumption. As we transition back to regular operations, we are focused on reducing our physical impact, including initiatives such as flexible working, minimising printing, and enhancing recycling efforts. We are committed to optimising our physical office requirements to ensure efficient resource utilisation. Future-Focused Solutions and Efficiency We are dedicated to designing future-oriented solutions that embed efficiency into our design and delivery processes. Leveraging the momentum generated by the pandemic, we aim to build on successful new working methods. At Cirro, we are continually looking to identify potential improvements in the way we work to improve our operational efficiencies which directly impact energy usage, travel or ecological impact. By championing these initiatives, we are steadfast in our commitment to not only reduce our own ecological impact but also to actively engage with our stakeholders to foster environmental sustainability and support initiatives that have a positive impact on our world.

  Equal opportunity

  Delivering Social Value Theme 4 and PPN 06/20 Model Award Criteria In the following section, we elaborate on our approach to fulfilling Social Value Theme 4 and the relevant PPN 06/20 Model Award Criteria Our strategy, aligned with WSP’s 2022-24 Inclusion & Diversity Strategy, encompasses the following initiatives: Skill Development for Underrepresented Groups We are committed to supporting the development of new skills that lead to recognised qualifications for underrepresented groups. Addressing Inequality in Employment, Skills, and Pay We will demonstrate a clear commitment to identifying and addressing inequality in employment, skills, and pay within the contract workforce. This includes implementing time-bound action plans to monitor the inclusion and progression of full-time equivalent (FTE) employees from underrepresented groups. Supporting In-Work Progression Our approach includes support for in-work progression, aiming to assist individuals from disadvantaged or minority groups in transitioning into higher-paid roles by developing new skills relevant to the contract. Real-World Equal Opportunity When recruiting, Cirro has a policy to ensure that all names, ages, race or gender details are removed from CVs, so we focus on interviewing and employing the most suitable person for the role.

  Wellbeing

  Wellbeing Initiatives In our commitment to prioritising the well-being of our teams, we are dedicated to supporting the health and well-being of our employees, contractors, suppliers and customers. Flexible Working Support We offer flexible working conditions to our staff. They have a clearly defined job description, they know what needs to be done and they have the flexibility they need to be able to do that whilst balancing home life, physical and mental health. Internal Support Cirro’s works typically in virtual teams, it’s important that we have ‘virtual’ tea breaks and have regular discussions. Cirro also keeps an eye on the level of output expectations and workloads of employees to ensure the right resourcing levels and workloads. During periods of high-intensity working, such as working on tenders, delivering projects or whatever it might be, Cirro ensure employees take time out once this is more practically possible to ensure employees can refresh and relax.

Pricing

• Price: £500 to £750 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michaelo@cirro-solutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.