Agile Software Development - 3SL Cradle
Agile software development environment supports capture, analysis and engineering of needs, requirements, enterprise, MBSE, UML, SysML, architecture and design models, traceability to test and acceptance, and publishing into contract ready documents. Risk, compliance, governance and contract management across project lifecycle with configuration management, baselines and formal change control.
Features
- User-defined goals, needs, objectives, requirements, models, verifications and acceptance
- Bi-directional many-many traceability across entire project lifecycle
- Applicable to all agile, phase, application and business processes
- Integrated UML, SysML, BPMN, process, architecture modelling
- Integrated risk management, test management, compliance, governance and configuration management
- Change history, baselines, review, formal change control and workflows
- Collaboration through discussions, alerts, mail, comments and automated notifications
- Data analysis from pivot tables, metrics, dashboards, KPIs
- Automated data load from documents, spreadsheets, XML, ReqIF
- Publishes user-defined, production-quality, documentation
Benefits
- Single point of truth for all project information and stakeholders
- Can replace multiple tools, improves efficiency and reduces cost
- Gives stakeholders controlled access to project infromation
- Eliminates quality problems using automated, user-defined, conformance consistency checks
- Eliminate omissions, duplications, contradictions with bi-directional indirect traceability
- Automatically generate consistent, production-quality, documentation in any format
- Reuse and share information between projects and teams
- Unlimited volumes of information of any types and traceability links
- Automatically generate management information, metrics, KPIs and dashboards
- Automate release management from sprints, iterations, phases and quality reviews
Pricing
£103 to £126.50 a user a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
8 4 6 6 9 4 3 1 9 2 4 9 2 1 0
Contact
Structured Software Systems Ltd
Mark Walker
Telephone: 01229 838867
Email: mark.walker@threesl.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
- None
- System requirements
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Technical support is available between 9am and 5pm UK time weekdays excluding UK national and public holidays. We acknowledge questions within 1 hour, respond within 2 hours and aim to resolve within 4 hours. All questions are categorised and prioritised. An escalation mechanism is available.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- We provide one level of support for all users. A technical account manager will be provided at the start of on-boarding. All 3SL support engineers are equally able to support Cradle systems deployed as SaaS or in-house. Cloud support is included in the per user per month SaaS charges. On site support is charged at the rates in our SFIA labour categories.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
"On-boarding services are discussed and agreed with each customer and include some or all of:
- A ConOps to define an overall scope
- Configure Cradle to create an appropriate schema, information lifecycles and workflows, review, CM, formal change, baseline, and QA/QC requirements
- Appropriate user environment of queries, views, forms, hierarchies, navigations, capture formats, document and report templates
- Documentation of the schema and environment in a Project Handbook
- Training of lead users
- Creation and delivery of end user training
- Data pre-processing, validation, loading and post-load confirmation
- Ongoing project involvement, as project engineers, team leaders and/or IV&V" - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
- Flare
- End-of-contract data extraction
- Either export the data into user's preferred tool-independent data format or publish reports and documents in user-defined formats, or both.
- End-of-contract process
- Support services continue to contract end, which includes guidance to export data. Any other services required can be provided as Cloud Support services.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- No differences for Windows and Linux mobile devices. For Android and iOS mobile devices, service is only available through a web browser.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 A
- Description of service interface
- A RESTful Web Services Interface (WSI) is available as a separately-licensed and costed option. The WSI provides a full range of data and control capabilities, all subject to the same authentication and access control model used in all other access vectors to information stored in Cradle.
- Accessibility standards
- WCAG 2.1 A
- Accessibility testing
- Behaviour has been verified with people of limited vision using standard Windows assistive technology and third party tools such as Chrome Speak and FoxVox. The software is confirmed Section 508 compliant by its use in a wide range of US Government departments and agencies.
- API
- Yes
- What users can and can't do using the API
- An application programming interface (API) and web services interface (WSI) are available. Both are separately-licensed options. The API and WSI both provide a full range of data and control capabilities, all subject to the same authentication and access control model used in all other access vectors to information stored in Cradle.
- API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Database schema (items, attributes, links, properties), queries, views, forms, graphs, reports, documents, metrics, KPIs/dashboards, process, CM system, workflows, UI layout and content, authentication and access control. In essence, everything can be customised. Who can customise and what they can customise is defined by you. Cradle can can support any part(s) of process, whether small or large, whether phased or agile, whether based on EIA632, P1220, PRINCE2, ISO15288, ISO26262 or other. Can be fully customised for Do178B and C. Every aspect of the product's process support can be customised. Every aspect of the product's operation can be customised. Every aspect of the product's UI can be customised.
Scaling
- Independence of resources
-
Each user community is in a separate/silo'd virtual private cloud (VPC) or equivalent.
Adequate host hardware is provided for this user community as it expands.
Dynamic balancing of load across servers (transparent to users) as necessary and determined by appropriate KPIs in an agreed SLA.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Numerical and/or graphical, daily, weekly or monthly reports. Reports contain details of logins, users, source hosts/Ips, failed logins disabled logins, licence grants, licence denials, concurrent licence use.
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Other
- Other data at rest protection approach
- 3SL uses whichever PaaS / hosting provider is appropriate to, or required by, the customer. 3SL will only use UK resident providers. This includes FCDO Services, UK Cloud, UK Fast, OVH, Microsoft. 3SL may use only UK sovereign providers. All providers operate data centres with physical controls to SSAE-16 / ISAE 3402. Some providers operate to higher controls. Existing, deployed, Cradle services accredited to OFFICIAL-SENSITIVE (IL3).
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
"From the Export button in the tool's UI or from a command line. Note ""export formats"" can be defined with users' preferred options so exports are performed consistently.
Data can be exported as 'reports' and 'documents' with user-defined formats, layouts and contents." - Data export formats
-
- CSV
- Other
- Other data export formats
-
- TSV
- Cradle
- HTML
- SVG
- XML
- ReqIF
- RTF
- Word .docx/.doc
- Excel .xlsx/.xls
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- TSV
- Cradle
- HTML
- SVG
- XML
- ReqIF
- RTF
- Word .docx/.doc
- Excel .xlsx/.xls
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- 99.9%. Refund available on request as a proportion of the time between 8am and 6pm Monday to Friday for all working days that the service is not available.
- Approach to resilience
- All SaaS services are implemented as a set of VMs, each an instance of one of 3SL's standard templates. Snapshots of these VMs are taken with a frequency agreed with the customer, typically daily. Additional data backups are taken and available with an agreed RPO and RTO. Server snapshots can be restored within 1 hour. Failure of host hardware causes an automated switch to alternative hardware transparently to the end user. Failure of a data centre causes a switch to an alternate data centre in 2-8 hours depending on the hosting/PaaS provider being used (noting that 3SL deals with many such providers, including FCOS, UK Cloud, UK Fast, AWS, OVH, Microsoft).
- Outage reporting
- As required by the service user. We can provide a telephone call, e-mail, tweet or any other preferred communication method. Public noticeboard is an option, but this would mean that we would be advertising the use of this service by the HMG group, department or agency.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Public key authentication (including by TLS client certificate)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
-
Our service provides user-defined databases. Each database has a set of login accounts defined by the users. Each user has a set of rights. Only users with appropriate rights can perform admin functions, and only within that database. So all management and support access to each database is controlled by the users of that database and separate from all other service users.
3SL has no access inside Cradle databases. All login accounts for each Cradle database are the responsibility of the user. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Public key authentication (including by TLS client certificate)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Other
- Description of management access authentication
- User authentication is as above. Management authentication is as above plus certificate-only validation of access - ppk files.
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Trustwave
- PCI DSS accreditation date
- 04/10/2021
- What the PCI DSS doesn’t cover
- We are assured by Trustwave that they cover ALL our PCI DSS needs. Everything that needs to be covered, is. Anything that is not covered falls into the category of not relevant
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- IASME
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- We apply ISMS / ISO27001 principles to the integrity of the SaaS services with regular automated and manual checks. Our processes have been reviewed by HMG and found to be acceptable.
- Information security policies and processes
-
Security vetting of all personnel. Partitioning of access rights by subject, by person, by role. Principle of "need to know" applies to all InfoSec decisions. Periodic IS1/IS2 analyses of threats and attack vectors. InfoSec policies for internal IT, including CIA analyses, password policies, AV, multi-level filtering of incoming and outgoing communications, multiple layer firewalls (DMZs).
Overall responsibility for all security policies and procdures rests with 3SL's Director - Mark Gerald Walker.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
All changes to SaaS services are planned with the customer. Each has agreed success and failure criteria and an agreed back-out/restoration plan. Each change is reviewed against the agreed criteria during implementation and on completion. Any failure triggers the agreed back-out/restoration plan.
All Cradle software components built in house. Source code is managed by a SCCS with full change tracking. All service component builds are automated from the SCCS with no opportunity for external interference. All built components are digitally signed. SHA512 checksums for all components. All components on the SaaS hosting are verified monthly to ensure they are unchanged. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Quarterly threat reviews. Annual IT Health Check, threat analyses and RMADS for the OFFICIAL/IL3 services. 3SL receives security alert feeds from O/S vendors, PaaS providers, AV companies, security forums. Critical vulnerabilities affecting the SaaS implemented in 4-8 hours, high priority fixes applied within a week, others applied within a month of release - all subject to agreement from user community to outage. Otherwise deployed during a regular outage as agreed with user community.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Automated 3 hourly review of all service components' digital signatures and SHA512 checksums. Discrepancy automatically raises an alert and suspends users' access. Automated rectification by unpacking replacement, original, component from secure area, validating its checksum and installing it
- Incident management type
- Supplier-defined controls
- Incident management approach
-
Incidents / support calls are logged, characterised, prioritised and acknowledged. Calls are progressed to closure, or confirmed bug or accepted enhancement. Escalation process available. Customer can get report of their support calls from us or from our website. KPIs for P1-P5 calls are defined in an agreed SLA.
Security incidents are handled as P1 or P2 support calls.
3SL runs daily scans on all server and firewall logs to detect attacks.
Automated attack detection alerts generate e-mails - eg penetration attempts violating firewall rules or authentication failures. Inicident reports provided to customer with frequency defined in SLA.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Public Services Network (PSN)
Social Value
- Fighting climate change
-
Fighting climate change
We deliver services remotely wherever possible, use electronic documents wherever possible, and provide software from green-offset data centres wherever possible. - Covid-19 recovery
-
Covid-19 recovery
We are a SME. We are the UK's only developer of these types of software tools. We recruit locally and support local schools and colleges. We do not outsource any software or data processing work and resist continual opportunities to send work outside the UK. - Tackling economic inequality
-
Tackling economic inequality
We recruit locally and support local schools and colleges. We do not outsource any software or data processing work and resist continual opportunities to send work outside the UK. Our area - Barrow-in-Furness - is a coastal area and in the most 10% of deprived areas in the UK. - Equal opportunity
-
Equal opportunity
Obviously. To be anything other than an equal opporunity employer is illegal. Why is this question even asked? - Wellbeing
-
Wellbeing
We offer flexible working patterns and hours, including home working. We offer paid health services. Most of our staff have been with us for 10+ years. We are like a family.
Pricing
- Price
- £103 to £126.50 a user a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Full version of service available for one month
- Link to free trial
- https://cradle.threesl.com/