TECHNOLOGY TRANSFORMATION GROUP LTD

Website Development Services

With our website development service, we modernise your digital presence, offering personalised user experiences across all platforms, including responsive websites, dynamic web applications and e-commerce platforms.

Features

• Website assessment
• Customer journey mapping
• Creating a solution blueprint
• Website modernisation
• Content management system (CMS) selection
• e-Commerce website development
• Website analytics & reporting
• Ongoing maintenance & support
• Conversion rate optimization (CRO)
• Payment Gateway

Benefits

• Improved user experience
• Driving business growth
• Loyalty and advocacy
• Single view of a customer
• Increased brand awareness
• Enhanced online visibility
• Improved lead generation
• Boosted sales and conversions
• Cost-effective marketing
• Data-driven decision making

£850 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mehran.alborzpour@thettg.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

739118009494427

Contact

Mehran Alborzpour
07949775566
mehran.alborzpour@thettg.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Our core service focuses on developing client websites, we don't function as an "add-on" to a single software service. We leverage popular platforms like WordPress & Shopify, adding custom functionality through plugins, integrations, and bespoke coding to create a website that perfectly reflects your unique brand and business goals.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: None.
• System requirements:
  • A modern web browser
  • Stable internet connection is necessary

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide support 365 days a year. Typical First Response: 0-2 hours Typical Resolution Time: 30 mins - 4 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: We've conducted web chat testing sessions with assistive technology users to ensure our platform is accessible to all.
• Onsite support: Yes, at extra cost
• Support levels: We have first, second and third line support plans. All support plans offer access to support engineers who can assist with technical troubleshooting and problem resolution.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To assist users in seamlessly starting to use their website, we offer a multifaceted approach tailored to their needs. Our services include comprehensive user documentation accessible online, providing clear instructions and troubleshooting tips. Additionally, we offer personalised onsite training sessions for users to gain hands-on experience and address any queries in real-time. For those preferring remote learning, we provide interactive online training sessions conducted by our experienced team. These sessions cover various aspects of the website's functionality, ensuring users are equipped with the knowledge and skills needed for efficient utilisation. Furthermore, our dedicated support team is readily available to assist users with any technical issues or inquiries, offering prompt assistance via email, phone, or live chat. With our holistic support comprising documentation, training, and responsive assistance, users can quickly and confidently use the app.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The client has full access to their data for extract, or they can ask us to extract the data for them.
• End-of-contract process: The contract will terminate at end-of-contract. There is no additional cost at contract termination.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile service is optimised for smaller touchscreens, offering a streamlined interface and simplified navigation. It has been prioritised for mobility, leveraging features like GPS and camera integration, whereas the desktop version has been prioritised for multitasking capabilities and advanced features that utilise the typically greater data processing capabilities of a desktop.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: The service interface offers a user-friendly and intuitive design, with seamless navigation and interaction. It features clear and concise menus, allowing users to access various functionalities effortlessly. The interface is visually appealing, with well-organised layouts and intuitive controls for an enhanced user experience. It includes interactive elements such as buttons and forms to maximise user utilisation efficiency. Overall, the service interface prioritises simplicity, efficiency, and accessibility to ensure a productive and practical user experience.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: We've conducted testing sessions with assistive technology users to ensure our platform is accessible to all.
• API: No
• Customisation available: Yes
• Description of customisation: Buyers can customise our service to suit their specific needs. Firstly, they can tailor the scope of the project by specifying their requirements, objectives, and desired outcomes. This allows us to align our efforts accordingly and deliver a bespoke solution. Secondly, buyers can choose from a range of features and functionalities to be included in the final product, ensuring that it meets their unique preferences and business goals. In addition, buyers can provide input on design elements, branding, and user experience to ensure that the end result reflects their brand identity and resonates with their target audience. Buyers can also opt for additional services such as ongoing maintenance, support, and updates to further customise their experience and optimise the long-term performance of the website.

Scaling

• Independence of resources: If TTG manage the website, then we provide monitoring to ensure our infrastructure scales to accommodate demand variations, ensuring seamless access to the website for all users. With robust infrastructure management and proactive measures, we guarantee uninterrupted service even during the highest peak usage. Our utilisation of load balancing and redundancy further ensures continuous service availability for users at all times.

Analytics

• Service usage metrics: Yes
• Metrics types: The metrics we provide to the customer include website traffic, conversion rates, page load time, search engine rankings, user engagement, error monitoring and mobile responsiveness. By monitoring these metrics, customers can gauge the effectiveness of their website in achieving its goals, optimise user experience and address any technical issues. This allows customers to make informed decisions and continuously improve their website's performance and functionality.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data through a simple process within the website back-end. Users select the desired data sets and format preferences.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: If TTG manage the website, then we guarantee high availability for the website service, with an uptime of 99.9%. Our team employs redundant servers, robust data backup systems and proactive monitoring to minimise downtime. In the rare event that we did not meet the guaranteed availability levels, users are eligible for refunds or service credits. These refunds are provided based on the extent of the downtime and the impact on users' operations. Our commitment to reliability and accountability ensures users can trust in the consistent performance and availability of our service.
• Approach to resilience: The service is designed to be resilient from any service disruptions. Our infrastructure is built with redundancy at its core, featuring multiple layers of failover mechanisms and backup systems. We employ distributed architecture and data replication to ensure continuous operation even in the event of hardware failures or network outages. Our system is equipped with automated monitoring and recovery processes, promptly detecting and mitigating issues to minimise downtime. We conduct disaster recovery and performance tests to validate the effectiveness of our resilience and refine it as required.
• Outage reporting: In the event of any outage, automatic email alerts are sent to users and stakeholders immediately upon detection of an outage. The system is designed to report outages through the public dashboard and APIs. The public dashboard provides real-time visibility into the service status, allowing users to monitor for any disruptions.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We restrict access by the following means: Role-Based Access Control (RBAC); Least Privilege Principle; Multi-Factor Authentication (MFA) and Access Controls and Permissions.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 11/03/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO 9001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Risk Assessment and Management: We regularly perform risk assessments to identify potential threats, vulnerabilities, and risks. Access Control and User Management: We implement access control policies and processes to regulate access to systems, applications, and data based on the principle of least privilege. We utilise multi-factor authentication (MFA), and regularly review user access rights to ensure they align with business needs and security requirements. Encryption and Data Protection: We protect data both at rest and in transit by encrypting sensitive data using strong encryption algorithms. Supplier Risk Management: We regularly assess the security of third-party suppliers and service providers, conducting due diligence assessments. Security Awareness Training: We conduct security awareness training and education programs to all employees, contractors, and third-party partners Security Monitoring and Logging: We employ security monitoring tools and solutions to continuously monitor network traffic, system activities, and user behaviour for signs of suspicious or malicious activity. Continuous Improvement and Review: We regularly review and update information security policies and processes to address emerging threats, technology advancements, and organisational changes. Compliance to Regulatory Requirements: We have developed policies and processes to ensure compliance with regulations such as GDPR.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We adhere to A.12.1.1 in ISO/IEC 27001. We do this by: Policy and Procedures: We document policies, procedures, and guidelines for managing changes to information systems, including hardware, software, networks, processes, and procedures. Change Management Process: We have implemented a change management process that includes steps for requesting, assessing, authorising, implementing, and reviewing changes. Change Authorisation: We have implemented mechanisms for authorising changes based on predefined criteria, such as risk assessments, impact analysis, and approval by designated authorities. Change Review and Audits: We conduct reviews and audits of the change management process to assess its effectiveness and areas for improvement.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We adhere to A.12.1.1 in ISO/IEC 27001. We do this by: Risk Assessments: We conduct regular risk assessments to identify potential vulnerabilities in information systems, networks, and applications. Vulnerability Identification: We implement processes for identifying and cataloguing vulnerabilities within our IT infrastructure, including hardware, software, and configurations. Patch Management: We implement patch management processes to ensure that security patches and updates are promptly applied to vulnerable systems and software. Security Configuration Management: We implement security configuration management practices to reduce the attack surface and minimise the likelihood of exploitation of vulnerabilities.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We adhere to ISO/IEC 27001. We do this by: Monitoring Controls: We implement monitoring controls to detect security incidents, unauthorised activities, and anomalies in real-time or near real-time. Event Logging and Collection: We have configured systems, applications, and network devices to generate detailed logs and audit trails of security-relevant events and activities. Incident Detection and Response: We have developed procedures for detecting, analysing, and responding to security incidents identified through monitoring activities. Periodic Review and Analysis: We conduct reviews and analysis of monitoring data to identify trends, patterns, and recurring security issues.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We adhere to ISO/IEC 27001. We do this by: Incident Logging, Recording, Classification and Prioritisation: We maintain detailed records of security incidents, including incident descriptions, timestamps, affected systems or assets, and initial assessment findings. We also classify and prioritise security incidents based on their severity, impact, and urgency. Response Planning and Coordination: We have developed incident response plans and procedures that outline roles, responsibilities, and actions to be taken in response to security incidents. Root Cause Analysis: We conduct thorough investigations and root cause analysis to determine the underlying causes and contributing factors of security incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our website development services contribute to the fight against climate change. Firstly, we prioritise energy-efficient design practices, optimising code and minimising resource consumption to reduce the carbon footprint of our websites. In addition, we offer sustainable hosting options powered by renewable energy sources, minimising the environmental impact of hosting operations. Furthermore, we advocate for eco-friendly practices such as paperless communication and remote collaboration, reducing the need for travel and conserving resources. By promoting sustainable web development practices, we aim to mitigate the environmental impact of digital technologies and contribute to a greener, more sustainable future.

  Covid-19 recovery

  With respect to COVID-19 recovery efforts, our website development services facilitate digital transformation and economic resilience. We empower businesses to adapt to the new normal by creating robust online platforms for remote operations, e-commerce, and virtual communication. Through responsive and user-friendly websites, we enable companies to reach customers and clients effectively in a socially distanced world. Moreover, our services support small businesses and entrepreneurs in transitioning to online platforms, helping them sustain operations and adapt to evolving market dynamics. By leveraging digital solutions, we contribute to economic recovery and resilience in the post-pandemic landscape.

  Tackling economic inequality

  Our website development services contribute to tackling economic inequality by offering affordable and accessible website solutions, empowering individuals and organisations with limited resources to access the same digital tools and platforms as larger enterprises. By levelling the playing field and democratising access to technology, we help bridge the digital divide and create pathways for economic empowerment and social mobility. Through inclusive and sustainable web development practices, we strive to foster economic equity and reduce disparities in digital access and opportunity.

  Equal opportunity

  Our website development services champion equal opportunity by offering accessible and inclusive solutions for individuals and organisations of all backgrounds. We prioritise diversity and inclusivity in our design process, ensuring that websites are user-friendly and accessible to people with diverse abilities and backgrounds. Additionally, we provide affordable and customisable options, enabling businesses of all sizes to establish an online presence and compete in the digital marketplace. By removing barriers to entry and promoting equitable access to technology, we empower individuals and businesses to thrive and succeed, fostering a more inclusive and equitable society.

  Wellbeing

  Our website development services prioritize wellbeing by implementing features such as intuitive navigation, stress-reducing design elements, and inclusive accessibility features to promote user wellbeing. Additionally, we advocate for digital mindfulness and balance, encouraging breaks and healthy online habits. By fostering a supportive online environment, our services contribute to overall wellbeing, promoting positive mental health outcomes and creating spaces where users can thrive and connect positively with digital platforms.

Pricing

• Price: £850 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mehran.alborzpour@thettg.com. Tell them what format you need. It will help if you say what assistive technology you use.