Emrys Technology

Application Lifecycle Management

Emrys capability comes from strong background in Application Lifecycle implementation and management. Service is performed by consultants experienced in enterprise development (tech stack: Java, Spring Boot, C#, .NET, Python, Node.js, Angular, React.js, AWS and Azure) and strong experience in methodologies (eXtreme Programing, Pair Programming, Agile and Scrum)

Features

• Requirements Management
• Project Management
• Code Management and CI/CD pipelines
• Build and Deployment Automation
• Testing and Quality Assurance
• Implementation and development
• Documentation
• Reporting and Analytics
• Compliance and Security Management

Benefits

• Improved Quality and Efficiency
• Enhanced Collaboration
• Faster Time to Market and faster Deployment
• Better Project Visibility
• Risk Management
• Scalability
• Regulatory Compliance
• Cost Reduction

£450 to £1,500 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@emrys.group. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

894936296131669

Contact

Zana S Aston
07737381358
info@emrys.group

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Implementation and Development as well as Integration, depending on the software products that client already has in place and need to update/innovate or integrating our software services with the clients 3rd party suppliers software solutions
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No
• System requirements:
  • Software Requirements
  • Business and Functional requirements
  • Security Requirements
  • Licenses
  • Backup and Disaster Recovery

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: As per the SOW/Master Contract agreement
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: "Priority Level 1" means Incidents where Circuit in its entirety, is not available to all of your Circuit Users.; "Priority Level 2" means Incidents where relevant parts or functionalities of Circuit, such as the search function, storage access, content sharing, etc., are not available.; "Priority Level 3" means incidents that are not assigned to priority levels 1 and 2.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: On-line training and User Documentation are available on the request and as per the contractual agreement
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: All data and IP that are used/created for the client needs belong to the client; Relevant accesses will be granted and passed over to the dedicated people/places as per the contract agreement with the client
• End-of-contract process: Managing the end of a contract for an Application Lifecycle Management (ALM) service, several processes and considerations are made which ensure that the transition, whether to another service provider, the renewal of the contract, or the cessation of the service, is smooth and does not disrupt the operational capabilities of the organization.; ; End-of-Contract Process:; - Notification Period; This period is crucial for both parties to prepare for the transition.; - Data Management; - Data Retrieval: Customers will need to consider how to handle the data stored within the ALM system. This might include migrating data to a new system or downloading it for archival purposes.; - Data Format; as agreed per contact; - Data Deletion: Complying with privacy laws and policies; - Transition Support ; We offer transition support services, such as assistance with data migration, training on data extraction tools, or integration support with a new ALM system.; Final Billing and Closure:; Any outstanding charges, such as overages or additional services not included in the contract, will be billed in the final invoice.; The contract documents and financial accounts related to the service will be closed once all obligations have been fulfilled.; Review and Feedback:

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Difference in User Interface (UI) and User Experience (UX); Difference in Functionality and Features; Performance and Capacity; Connectivity; Security
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Yes, Application Lifecycle Management (ALM) systems typically have service interfaces that allow users to interact with the software effectively. These interfaces can vary significantly depending on the platform, deployment style, and specific ALM solution, but generally, they can be categorized into the following types: Graphical User Interface (GUI), Web and Mobile App Interface, Command Line Interface (CLI), API, Integration Interfaces
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: As per the client requirement
• API: Yes
• What users can and can't do using the API: Depending on the contractual agreement and obligation with the client as per SOW/Master Agreement
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We provide customised solutions for our clients based on their requirements, objectives and company vision

Scaling

• Independence of resources: By insuring that the performance for one user or group of users is not adversely affected by others is crucial what is often referred to as "isolation" or "resource independence" such as:; Scalable Architecture; Resource Allocation; Microservices Architecture; Quality of Service (QoS) Controls; Data Center Management; Performance Monitoring and Analytics; Regular Updates and Maintenance

Analytics

• Service usage metrics: Yes
• Metrics types: As per the client requirement
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Exporting data is a critical functionality in Application Lifecycle Management (A; LM) systems, enabling users to maintain control over their data, fulfill compliance requirements, and facilitate transitions between systems. The approach to data export can vary based on the ALM solution; some common methods and considerations:; Built-in Export Features; APIs; Database Access; Third-party Tools and Integrations (ETL (Extract, Transform, Load) Tools, Integration Platforms); Screenshots and Reports; Data Reporting and Security
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 1 – Critical, response time 2 hours, start resolving 4 hours; valid time frame 8/5 2 – Medium, response time 4 hours, start resolving In consultation with the client 8/5 3 - Low 8 hours, start resolving, In consultation with the client 8/5 All refunds will be met as per the SOW/Master agreement between Emrys and the client
• Approach to resilience: This is available on the request and its the specific for each project
• Outage reporting: As per the agreement with the client

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is strictly controlled through role-based access controls (RBAC), ensuring that only authorized personnel with verified credentials can access sensitive functions and data. We implement multi-factor authentication (MFA) to enhance security, particularly for administrative access. Our systems are configured to enforce the principle of least privilege, limiting users to the minimum level of access necessary for their roles. Audit trails are maintained for all activities within these interfaces to monitor access patterns and detect unauthorized attempts. Regular reviews and updates to access permissions ensure compliance with evolving security policies and organizational changes.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • GDPR Certification _ employee
  • SC clearance _ employee
  • NPPV3 _ employee

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: No
• Security governance approach: Other security clearance
• Information security policies and processes: Having robust information security policies and processes is critical to protect both the integrity and confidentiality of data. These policies ensure that all stakeholders understand their roles and responsibilities regarding information security and help in maintaining a secure operating environment. ; Some of the policies include: Data protection, Access Control, Incident Response, Change Management, Regular Audits.; Security Processes and the Reporting Structure; Escalation Tree; Level 1 (Initial Detection): Any security incident or potential breach detected by an employee or automated system is first reported to the IT Help Desk or directly to the IT Security Team.; Level 2 (Assessment): The IT Security Team assesses the incident to determine its severity. If the incident is minor, it can be resolved at this level; otherwise, it is escalated.; Level 3 (CISO): Severe incidents are escalated to the CISO, who evaluates the impact and coordinates an appropriate response across multiple teams.; Level 4 (Executive Team): For the significant business impact or legal implications, the executive team, is informed and involved in decision-making.; Level 5 (External Stakeholders): Depending on the nature of the incident (e.g., data breaches involving personal data), it may be necessary to inform external stakeholders, such as regulatory authorities

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: An effective configuration and change management process is put in place through the lifecycle that ensures changes are made in a controlled manner, minimizing potential disruptions and security risks; Configuration Process: Identification - Configuration Control -Configuration Database - Verification and Audit; and the Change management process: Change Initiation - Assessment - Approval - Change Implementation - Documentation
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: By employing a robust vulnerability management process that includes comprehensive assessment techniques, prompt deployment of patches, and leveraging diverse sources for threat information, Emrys's ALM services can maintain a strong defense against potential security threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Emrys's approach is through the ; 1.Continuous Monitoring and Logging, such System and Network Monitoring, Log Management, Security Information and Event Management (SIEM), Real-Time Analysis, Anomaly Detection, Establish baseline profiles for user activities and network traffic. Any deviation from these baselines that cannot be readily explained may be flagged for further investigation.; Machine Learning and AI: Implement advanced machine learning algorithms and artificial intelligence to enhance detection capabilities, allowing for quicker identification of complex threats that deviate from known patterns.; 2. Response to Potential Compromises; Incident Response Plan, Pre-defined Protocols, Incident Response Team: Escalation Procedures and other SLA's
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management process is structured around pre-defined protocols for common events to ensure swift and effective responses. Users can report incidents via a dedicated support portal, email, or phone, ensuring accessibility and ease of use. Each reported incident is logged, categorized according to severity, and assigned to the appropriate team for resolution. We prioritize incidents based on their impact and urgency, and track them through to resolution. Post-resolution, we provide detailed incident reports through our support portal, outlining the nature of the incident, steps taken to resolve it, and measures implemented to prevent recurrence, maintaining transparency and continuous improvement.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Public Services Network (PSN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At Emrys, we are dedicated to minimizing our environmental footprint. We strive to reduce waste by reusing and recycling products whenever possible; use energy and water efficiently; cut vehicle emissions by promoting sustainable transportation and limiting travel to meetings unless they provide significant value; offer guidance and keep our team informed on best practices for environmental stewardship; and ensure full compliance with environmental laws. All team members at Emrys are encouraged to print only when necessary, utilize print preview and double-sided printing to decrease paper consumption; recycle empty cans, bottles, glass, and cardboard in designated bins available throughout our offices; dispose of food waste in the kitchen caddies; choose recycled paper products and eco-friendly hygiene products when available. Whenever feasible, use public transport, walk, cycle, or carpool to and from meetings. Prefer video conferencing to avoid travel altogether. Efficiently manage the use of energy resources such as water, lighting, and heating. Ensure that electrical appliances, air conditioning, and lights are turned off or set to power-saving mode when not in use, particularly when leaving the building. Manage heating thoughtfully: open windows before turning to air conditioning and close them before heating; promptly report any water leaks or dripping faucets.

  Covid-19 recovery

  Emrys encourages hybrid and remote work, promoting a better lifestyle balance and providing flexibility in working hours. This allows employees the opportunity to schedule necessary health checks when needed. Emrys transitioned to remote working in mid-March, ahead of government lockdowns, without furloughing any staff members. We continue to support remote or hybrid working arrangements for all employees. Our offices were reopened when restrictions were lifted, creating a safe space for those who face challenges working from home due to physical or psychological reasons. Rigorous risk assessments have been conducted to ensure the safety of these workspaces. Additionally, our cycle-to-work scheme offers a healthy alternative to public transport, contributing positively to the local community. The presence of our employees has notably benefited three independent businesses located near our offices. Moreover, as part of our COVID-19 management strategy, we have increased our cleaning contracts, providing more hours to local workers. As an employer accredited for paying a real living wage, we are committed to ensuring fair compensation for all our workers.

  Tackling economic inequality

  Raising culture awareness within the company, implementing various policies and organising on-line workshops by subject matter experts for underdeveloped areas in order to empower the workforce. Collaborating with universities offering various mentorship and advisory for start-ups, as well as taking speaking engagements encouraging women to open their own business and how can Emrys support them. Emrys employees often participate in the various charity runs and events.

  Equal opportunity

  Emrys is dedicated to enhancing cultural awareness within our company through the implementation of diverse policies and by hosting workshops with subject matter experts to empower employees in underdeveloped areas. We also collaborate with universities to offer mentorship and advisory services for startups. Additionally, Emrys supports small businesses by providing lower costs and flexible payment terms. We actively encourage graduates to join our team, offering them opportunities to learn from experienced professionals and grow within our dynamic environment. As the female lead company we support Women in Tech and promotion of women to Executive and Board positions.

  Wellbeing

  At Emrys, we offer flexible start and finish times, part-time working options for the majority of roles, mentoring support, work station assessments, and remote working opportunities, all tailored to agreements with employees. We also maintain absence processes that identify staff members who may require additional support and encourage open discussions about mental health. This proactive approach helps us provide necessary assistance and aims to prevent the escalation of mental health concerns.

Pricing

• Price: £450 to £1,500 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@emrys.group. Tell them what format you need. It will help if you say what assistive technology you use.