Full Service Digital Agency

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: None
System requirements: Generally available web services tailored for solutions

User support

Email or online ticketing support: Email or online ticketing
Support response times: Priority 1 = 15 mins
Priority 2 = 30 mins
Priority 3 = 1 hour
Priority 4 = 8 hours
During working week hours

24x7 support is available
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: No
Web chat support: No
Onsite support: No
Support levels: Critical - P1 
The Application stops functioning or functions so slowly as to make it unusable to multiple users.  

High - P2
The Application continues to respond but is failing one or more of its necessary business functions for multiple users.  

Medium - P3
The Application suffers a failure that can be circumvented.     

Low - P4  
The Customer or other Providers have questions, queries and or requests for advice with regards to the functions, operation or integration of the Application.  

Costs are tailored for each solution for individual clients based on their incident support requirements.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: We begin all client adoptions with a technical audit of the current site/platform. This is a critical process to help us support efficiently and to highlight any critical fixes ahead of new development.

The output of the audit will detail our findings and provide recommendations for the platform, which we will present back. This often creates a backlog of features or enhancements that are needed to bring an implementation in line with best practice.

Once the audit is completed, we can finalise the “technical onboarding” tasks including:
- Technical website onboarding.
- Ability to write code to fix incidents and develop features.
- Ability to raise Incidents with the support desk.
- Ability to deploy code through the pipelines to all architecture.

We work with your incumbent website agency to ensure a smooth transition via our tried and tested process.

Business immersion & account onboarding.

Alongside the above audit, we will facilitate business immersion sessions, so we become closely aligned with your business needs, goals and operational processes.
Service documentation: No
End-of-contract data extraction: We would work with clients to tailor an off-boarding process, extract relevant data and provide in a secure and timely manner as requested. As an ISO 27001 registered company we have processes and procedures to ensure this is done in an efficient and compliant manner.
End-of-contract process: An off-boarding process ensures that a full handover of data, work backlog and historical support tickets are provided to the nominated agency or internal resources of the client.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Experience design provided will cater for all platforms and formats required.
Service interface: No
User support accessibility: None or don’t know
API: No
Customisation available: Yes
Description of customisation: Full service digital services are tailored for individual clients.

Scaling

Independence of resources: Auto scaling is used to set the threshold at which the services will be scaled out automatically when under load. In addition to this, there is the potential to scale up the instance sizes as an additional buffer.

Analytics

Service usage metrics: Yes
Metrics types: We use a Microsoft tool called Azure DevOps as our end-to-end delivery and collaboration tool which we provide client access to.

We use DevOps extensively at all stages of our project lifecycle: code repositories and delivery pipelines for seamless development and project backlogs, User Acceptance Testing (UAT) and defect management for project delivery. We also use Project Boards for Risks, Issues and Action.
Reporting types: Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Staff screening not performed
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: European Economic Area (EEA)
User control over data storage and processing locations: Yes
Datacentre security standards: Supplier-defined controls
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with another standard

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Clients do not self-export their data, this is provided in a secure manner via the agreed handover process.
Data export formats: CSV
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)

IPsec or TLS VPN gateway
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: SLA's are negotiated on a contract by contract basis. An indicative SLA for illustration purposes may best to outlined as follows;

1 - Business Critical
Resolved within  4 hours
Response time 15 minutes
The entire platform is down for all users across all locations. Or in the case for example it is an e-commerce site the purchase path is broken,

2 - -Serious
Resolved within  24 business hours
Response time 30 minutes
One or more key functionality and/or module(s) of the platform is down (with no workaround available) or major performance issues.

3 - Degraded
Resolved within  40 business hours
Response time 1hour
Service Functionality is (i) down but a workaround exists and is operable with the workaround, or (ii) unavailable but the functionality is not business critical.

4 - Low
Resolved within  80 business hours
Response time 8 hours
The incident’s severity is low, i.e., the impact is cosmetic and does not affect the functionality of the platform, and only minor, cosmetic changes are required such as incorrect font, style or margins to fix the issue.
Approach to resilience: Information is available upon request
Outage reporting: We provide Dashboards and alerts based on client's needs.

For P1 issues that affect a customer’s live site, we produce an incident report which shows everything from the moment the issue started and the activities that took place throughout the lifecycle of dealing with the issue until it is brought to a resolution including;

Start and end times of the incident.
Summary of the issue.
Timeline of activities.
Details of staff involved as well as the customer individuals involved.
Resolution details.
Next steps / post incident actions.
Remedial actions

Once the incident report is delivered, a follow up call with the customer is arranged to discuss the report and answer any questions.

Examples of the type of reporting and meetings we currently provide our clients are:

Weekly Support Meetings – the day-to-day team will run through and provide updates on any incidents those that have been reported.

Support Performance Review – face to face monthly with senior stakeholders, normally our CTO and Head of IT/CTO from the client to address any process issues and report on any business-critical incidents.

QBR – has an agenda item to report on incidents and any improvements which is communicated to the entire project team.

Identity and authentication

User authentication needed: No
Access restrictions in management interfaces and support channels: For internal operational/support channels uses have to be authenticated.
For some website applications that require user specific features users may optionally authenticate.
For some general operational public facing websites there is regularly no requirement for authentication
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: SGS United Kingdom LTD
ISO/IEC 27001 accreditation date: 06/01/2023
What the ISO/IEC 27001 doesn’t cover: N/a
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: In line with UNRVLD’s ISO 27001 certification we maintain several Information Security Policies (ISPs) as part of our Information Security Management System (ISMS), covering a range of areas within the business, including but not limited to;

Perimeter security
Secure access (physical)
Secure access (virtual)
Device Protection
Regular auditing

In line with UNRVLD’s accredited 27001 ISMS, there are a range of measures in place to ensure compliance with UK GDPR and maintain data security. At a foundation level, all staff undertake information security awareness induction training on joining the business, followed by annual refresher training. This includes sections on data protection and the responsibilities of our staff in carrying out their day-to-day activities when handling data.

As part of our ISO 27001 certification, UNRVLD undertakes routine auditing of its ISMS throughout the year. These are carried out by independent third parties for both internal and external audits with our certification body (SGS). During the audits our systems and processes are assessed to ensure they are fit for purpose and operating correctly. Findings from these audits are fed back into the management system to be actioned and maintain on-going compliance.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Information can be supplied on request
Vulnerability management type: Undisclosed
Vulnerability management approach: UNRVLD carries out vulnerability scanning as part of its ISO 27001 commitments, this takes place annually or after any major change in networking infrastructure.

Patches and fixes are performed in accordance with pre agreed SLA policies, an example of this
Protective monitoring type: Undisclosed
Protective monitoring approach: Information available upon request
Incident management type: Supplier-defined controls
Incident management approach: UNRVLD operates a dedicated service desk for Incident Management (IM), which is governed by a strict SLA and follows ITIL best practices for the management of live applications.

We have established project controls in place with all clients. Key to our ability to continually deliver on time, meet deadlines and avoid risks, there are several key control documents and systems that we employ, which include: 

Delivery plans
Statements of work 
Change Requests
RAID log/risk management 
Resource management 
Budget management.
Change control log.
Weekly status report and calls.
Contact reports.

After incident report is delivered, a call is arranged to discuss.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Equal opportunity

Fighting climate change

UNRVLD recognises the critical significance of Environmental, Social, and Governance considerations. We are steadfast in our commitment to integrating ESG issues and fostering good business practices into every facet of UNRVLD’s operations. We believe sustainability and responsible corporate conduct are not just commendable ideals, but essential cornerstones for long-term success.

UNRVLD has conducted a materiality assessment with our key stakeholders to determine the most important issues to us as a business. Below are some examples of policies that we have implemented or improved upon as a result of feedback:

Environmental policy: Governing how we manage our office premises, including recycling waste, reducing energy/water usage, and committing to tracking our carbon emissions.

Environmentally preferable purchasing policy: With a preference for purchasing sustainable products where possible to reduce or minimise our environmental impact.

Local purchasing: While UNRVLD has multiple sites across the UK we will look to use local suppliers where practicable when purchasing goods and services for our office locations.

Virtual office stewardship: Providing guidance useful tools for staff on how they should manage their home office environment.

Equal opportunity

Our recruitment process ensures that our vacancies are advertised to a diverse section of the labour market. We take steps to ensure that any adverts outline our policy statement around equal opportunities. As part of the process all candidates are screened fairly based on skill and experience aligned to the job description and go through a double screening process. All employees are given non-bias and equal opportunities awareness training as part of their induction into the business.

We are in the process of applying for B-Corporation status as a business and as part of this process will be introducing refresher training for all staff on a more regular basis (annual), introducing more monitoring around equality & diversity for reporting purposes and to identify and remove and unnecessary obstacles and to meet the needs of disadvantaged or underrepresented groups.

Pricing

Price: £73.33 to £220.00 a unit an hour
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Full Service Digital Agency

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents