Bespoke Software Development
Delivery of Bespoke software development services, including Application Modernisation, Legacy system support and modernisation services, legacy system integration, API development, native serverless cloud development services. Azure and AWS development and managed services. UX, CX, Service design specialists. Mobile App and web development services.
Features
- Bespoke Web and Mobile development
- Application Modernisation services
- Data Migration services
- Full stack development
- Native cloud development
- Legacy system support and modernisation and migration
- API development and API integration services
- Machine Learning
- Data Science
- Design, UX, CX, EX, Service design
Benefits
- Digital Innovation
- Improved Customer Service (CX)
- Improved User Experience (UX)
- Business Efficiency
- Legacy system decommissioning
- Removal of technical debt
- Data cleansing and data management
- Insights and analytics
Pricing
£0.80 a transaction a second
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
8 1 6 2 0 6 4 4 9 1 9 4 5 4 1
Contact
DAVIES GROUP LIMITED
Gill Gange
Telephone: 01554 700371
Email: bids@davies-group.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- None
- System requirements
- Hosting environments
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 24/7/365, 1 hour response time
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 A
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Office based support through to 24/7/365.
1 hour response times and custom SLA's available - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- On and off site training is available with full documentation. We also provide hands on pair-programming with our industry experts
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Data is fully accessible to the client via the solutions developed
- End-of-contract process
- Each contract is tailored to customers needs but is generally based on length of contract and the scope of the requirements. Professional services are estimated and billed for on a T&M basis
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- No difference other than UX
- Service interface
- No
- User support accessibility
- WCAG 2.1 A
- API
- No
- Customisation available
- Yes
- Description of customisation
- This is a bespoke service enabling customers to fully customise and design their solution prior to development
Scaling
- Independence of resources
- We utilise cloud technology where resources are separated per client. We provide a 99% service uptime and performance SLA for the services.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Real time usage reports, transaction insights, exception/error reports.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data can be exported via the software in a chosen format
- Data export formats
-
- CSV
- Other
- Other data export formats
- XML
- Data import formats
-
- CSV
- Other
- Other data import formats
- XML
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- We operate on the Cloud SLA's which provide a 99% SLA uptime guarantee. Service credits are provided per minute at a percentage of the total contract value for any degradation in service below these set parameters
- Approach to resilience
- We utilise Cloud technology (AWS and Azure) for our SaaS products. We provide SLA's to all our end clients and compensate users for any degradation of service on set parameters. We can also provide reassurance to clients with a history of service levels across 900 bespoke development projects undertaken.
- Outage reporting
-
Outages are automated and alerted via email, SMS, API as separated alerts services.
We also provide a staffed DR team who work with clients in response to any DR situations.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Access restrictions in management interfaces and support channels
- The platform is connected via dedicated Site to Site VPN or installed on a local network. Applications access are via MFA, or can be linked to clients SSO.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Perry Johnson Registars, Inc.
- ISO/IEC 27001 accreditation date
- 20/03/2023
- What the ISO/IEC 27001 doesn’t cover
- All controls are included in the scope of the certification.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 12/04/2023
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- Not applicable
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- We are a regulated business by the FCA and operates to ISO27001 standards. All policies are managed by an internal InfoSec and Governance team under our CISO. Staff training is conducted bi-annually or in the event of policy change. Training is delivered via online courses and assessments and is mandatory for every employee as a part of their employment contracts.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Change management follows the ITIL process. All changes are logged & tracked in service desk application. Changes follow the fully documented procedure and the Change Advisory Board meets once a week to review submitted change requests
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- All patching follows internet policies and processes. Standard Maintenance Process: - Updates will be applied within one-month cycles in line with vendor advisory releases Priority Maintenance Process: - Taking into change management and business impact updates will be applied within 10 business days / two weeks. Immediate Mitigation Process: - Within 72 business hours.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We identify potential compromises, network attacks and/or breaches via manual checks as well as software and supplier alerts. If a compromise is detected we raise issues with senior management and instigate detailed investigations and associated threat assessments immediately. If any deployments are required to resolve compromises these are done immediately as a hot fix.
- Incident management type
- Supplier-defined controls
- Incident management approach
- All cyber security incidents are reported via IT service desk by alerts from our detection systems. They follow a standard ITIL incident management process. All security events are logged to a central SIEM system. Our SIEM system is used for monitoring the use of information processing facilities and the results of the monitoring activities are reviewed regularly.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- Health and Social Care Network (HSCN)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
As a Group, we have committed to cut our carbon emissions in half by 2030 and to reach carbon net-zero by 2050. This target is aligned with the Science-Based Targets initiative (SBTi) - a globally-recognised framework that provides companies with a clear pathway to support the Paris Agreement’s goal of limiting global warming to 1.5°C above pre-industrial levels. Our targets are due to be verified by SBTi in 2024. Our environmental impact does not stop at GHG emissions. From the raw materials used in our services, equipment and technology, to the water consumption in our offices and the lifecycle of operational waste, we are taking steps to reduce our impact. This year, we implemented a new global procurement system with a focus on building sustainability into the supply chain, with improved tracking and the capability for sustainability reviews of products and suppliers. Our fully-digitised claims management system has reduced printing by 90%, and we already recycle the vast majority of our operational waste. Legal Solutions uses local and ethical suppliers for office equipment with full traceability, and we promote “green parts” within our auto claims. We are aiming to develop and launch Davies’ global waste strategy in the coming year. Several of our offices have already moved to 100% renewable energy. Our goal is for all the energy used in our offices to come from renewable sources.Tackling economic inequality
Our people are at the heart of our business. They are critical to our business success and an integral part of our sustainability ambitions. The variety of skills and perspectives within our workforce drives innovation. We provide a nurturing environment where every employee can develop their professional experience and reach their career ambitions, helping Davies to grow its capabilities from within and retain our brilliant talent. During the year, 345 people were promoted internally. We believe in lifelong learning and are proud to align with UN SDGs 4 and 8: Quality Education and Decent Work. Positive contributions made by employees are recognised through frequent performance reviews and rewarded through the Davies Incentive Plan. These reviews also explore areas for career and skill growth, with our training opportunities delivered by the Thrive at Davies L&D platform, as well as leadership development programmes and even funding for professional qualifications and memberships. also offers technical apprenticeships, and our Legal Solutions unit was one of the first UK law firms to place aspiring solicitors on the Graduate Solicitor Apprenticeship. In FY23, we offered 169 apprenticeships within Davies Group, and our Learning Solutions unit placed a further 1760 apprentices across the UK. Our Targets: Undertake regular performance and career development reviews with all our colleagues. Offer career- or skills related training to all colleagues. Advertise all job vacancies internally, where possible. Continue to ensure fair pay across the business. A quarter of Davies’ job vacancies were filled internally in 2023.Equal opportunity
As a group we believe in lifelong learning and are proud to align with UN SDGs 4 and 8: Quality Education and Decent Work. Positive contributions made by employees are recognised through frequent performance reviews and rewarded through the Davies Incentive Plan. These reviews also explore areas for career and skill growth, with our training opportunities delivered by the Thrive at Davies L&D platform, as well as leadership development programmes and even funding for professional qualifications and memberships. We offer professional training to all our colleagues. Davies also offers technical apprenticeships, and our Legal Solutions unit was one of the first UK law firms to place aspiring solicitors on the Graduate Solicitor Apprenticeship. In FY23, we offered 169 apprenticeships within Davies Group, and our Learning Solutions unit placed a further 1760 apprentices across the UK. At Davies, we welcome different perspectives, support each other’s ambitions, and grow together to create a welcoming and inclusive environment that reflects the diversity of our local communities. In 2023, we continued to develop our Diversity, Equity and Inclusion (DEI) strategy and add to our progressive policies. Working with expert partners, we have delivered webinars on anti-racism and domestic abuse, grown our employee action groups and introduced enhanced inclusive hiring practices, such as the mandatory inclusion of multiple gender candidates in talent selection for senior leadership hires, and using Multiverse and Reach Out to source apprenticeship candidates from diverse backgrounds.
https://davies-group.com/wp-content/uploads/2024/01/Davies-ESG-Report-2023-Full-Resolution.pdfWellbeing
Inspire, develop, and value colleagues through meaningful employee engagement, role development and learning opportunities. Davies is a place where everyone can thrive. We want to advance social mobility and equality for all, through education, learning and development opportunities within our business and throughout our communities. The safety and wellbeing of our colleagues is paramount. Our leading policies and support services around working practices were recognised as a major strength by the EcoVadis ESG framework. In the year, we launched our Global Guiding Principles with progressive new local policies around supporting colleagues and their families. Davies offers both global and local benefits to improve physical, mental, and financial wellbeing. For example, employee assistance programs (EAP), life assurance, enhanced maternity, adoption, paternity, and baby loss leave and support, cycle-to-work and electric car salary sacrifice schemes, generous holiday allowances, the Davies Incentive Plan, and access to My Choices at Davies, our wellbeing and discount platform. Our Health and Wellbeing Action Group continues to ensure we’re meeting and exceeding the needs of our people. We monitor employee perceptions and seek feedback throughout the year. We also maintain stringent health and safety standards and ensure ongoing mandatory training.
Our Targets:
• Undertake regular performance and career development reviews with all our colleagues.
• Offer career or skills related training to all colleagues.
• Advertise all job vacancies internally, where possible.
• Continue to ensure fair pay across the business.
A quarter of Davies’ job vacancies were filled internally in 2023. 38 scores of ‘outstanding’ or ‘advanced’ across Labour & Human Rights policies, actions, and reporting - 2023 Bronze Award.
Pricing
- Price
- £0.80 a transaction a second
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Technical POC of code conversion tools evaluated on a per basis opportunity