Reply Limited

Cloud Security Operations Management

Google Cloud Security Operations Management involves the implementation and maintenance of security measures to protect data, applications, and infrastructure hosted on the Google Cloud Platform (GCP). This includes monitoring, detection, response, and mitigation of security threats, as well as ensuring compliance with regulations/standards to safeguard assets and maintain environment integrity.

Features

• Real-time surveillance of cloud environments for security threats.
• Advanced algorithms to identify and alert on potential security risks.
• Quick and efficient response to security incidents to minimize impact.
• Implementing strategies to prevent future threats and vulnerabilities.
• Ensures adherence to industry regulations and standards in the cloud.
• Tools and practices to secure data from unauthorized access.
• Safeguards applications against attacks and vulnerabilities.
• Protects the underlying cloud infrastructure from threats.
• Analyses security data for insights and improvement of defenses.
• Manages user access to resources, ensuring least privilege principles.

Benefits

• Strengthens overall cloud security against evolving threats.
• Identifies and addresses threats before they cause harm.
• Meets regulatory requirements, avoiding fines and legal implications.
• Ensures data remains secure, accurate, and accessible when needed.
• Increases application robustness against cyber attacks.
• Maintains the security and reliability of cloud infrastructure.
• Offers actionable insights for continuous security improvement.
• Prevents unauthorized access, protecting sensitive resources.
• Minimizes the consequences of security breaches.
• Provides confidence in cloud security operations and management.

£350 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at glue.frameworks@reply.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

896941506851275

Contact

Chris Wright
0207 730 6000
glue.frameworks@reply.com

Service scope

• Service constraints: N/A
• System requirements:
  • Active AWS account to access and manage AWS PaaS resources.
  • Internet connectivity with sufficient bandwidth for cloud interactions.
  • Modern web browser for accessing AWS management console and dashboards.
  • Compatible development environments for preferred programming languages.
  • API access enabled for integration with existing business applications.
  • Compliance with minimum security standards for encryption and authentication.
  • System capability for multi-factor authentication setup and management.
  • Pre-existing CI/CD tools integration or readiness for deployment automation.
  • Organizational readiness for adopting blue-green deployment strategies.
  • GDPR compliance infrastructure for data protection and privacy audits.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 - 1 business hour response time; P2 - 2 business hours response time; P3 - 8 business hours response time; P4 - 2 business days response time; ; Subject to agreed contract.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Please refer to the chat app provider's website.
• Onsite support: Yes, at extra cost
• Support levels: 1st, 2nd and 3rd line support is provided by cloud support engineers and in some cases a technical account manager is assigned. Calls are processed and managed based on standard P1, P2, P3, P4 classifications with defined SLAs. Support channels provided include web, phone and email.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: CTS are a Google Premier Partner with a proven track record of deploying Google into Central & Local Government, Education, 3rd Sector and Private sector. CTS Provide on-site user training, VIP training, Admin Training, Change Management, Technical & Strategic consultancy, Project Management.; ; Google Documentation, training, worked examples, best practices, and a free usage tier are available to assist users with getting started on Google Cloud Platform.; ; Getting Started: https://cloud.google.com/getting-started/; Online Documentation: https://cloud.google.com/docs/; Training Sessions: https://cloud.google.com/training/; Google Developers Codelabs provide a guided, tutorial, hands-on coding experience:; https://codelabs.developers.google.com/; Best practices: https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Google Docs
• End-of-contract data extraction: Google's adoption of open APIs and open source technology allows users to move their data easily between cloud environments and prevent vendor lock-in (https://cloudplatform.googleblog.com/2016/07/how-to-escape-lock-in-with-a-multi-cloud-stack26.html). We offer third party solutions for offline data import/export (https://cloud.google.com/storage/docs/offline-media-import-export), and VM migration through recommended partners (https://cloud.google.com/migrate/). Further to this Articles 7 and 8 of Google Data Processing and Security Terms (https://cloud.google.com/terms/data-processing-terms) states that Google will provide the ability to correct, block, export and delete the Customer Data during the terms of the agreement. To the extent the customer does not have the ability migrate Customer Data to another system, Google will, at Customer’s reasonable expense, comply with any reasonable requests to assist in this.
• End-of-contract process: On the expiry or termination of the Agreement, after a recovery period of up to 30 days following such expiry or termination, Google will delete the Customer-Deleted Data within a maximum period of 180 days, unless applicable legislation or legal process prevents it from doing so.

Using the service

• Web browser interface: Yes
• Using the web interface: Google Cloud Platform (GCP) offers a web interface known as the Google Cloud Console https://console.cloud.google.com/. This console acts as a central hub for users to manage various aspects of their cloud resources. ; ; What Users Can Do:; ; Manage Projects and Resources; Monitor and Analyze; Control Access and Security; Billing Management; ; What Users Cannot Do:; ; Direct Resource Manipulation; Coding and Development; Advanced Administration Tasks
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: We are working towards improving the testing of our products and services with assistive technology users.
• API: Yes
• What users can and can't do using the API: You can automate your workflows in your language by accessing the Google Cloud Platform products from your code. Cloud APIs provide similar functionality to Cloud SDK and Cloud Console, and allow you to automate your workflows by using your favorite language. https://cloud.google.com/apis/ ; Additionally, users can make changes to their setup and configuration dynamically through the API. They have the flexibility to update user profiles, adjust access permissions, and modify service configurations in real-time.; However, there are some limitations to the actions users can perform through the API. Certain administrative tasks or sensitive operations may be restricted to prevent unauthorized access or unintended modifications.
• API automation tools:
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Puppet
  • Other
• Other API automation tools:
  • Jenkins
  • Packer
  • Kubernetes
  • Spinnaker
  • Google Cloud Deployment Manager
  • Pivotal
  • Openshift
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: The CLI can be used to access products and services on GCP from the command-line. You can run these tools interactively or in your automated scripts.; https://cloud.google.com/sdk/Moreover, users can make changes to their setup and configuration seamlessly through the CLI. They can update user profiles, adjust access permissions, and modify service configurations in real-time by executing appropriate CLI commands.; However, there may be some limitations to the actions users can perform through the CLI. Certain administrative tasks or sensitive operations might be restricted to prevent unauthorized access or unintended modifications.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: GCP runs on top of Google's infrastructure which serves billions of users across many products and services, the integrity and scale of those services ensures that user demand is handled appropriately.; Customer data is logically segregated by domain to allow data to be produced for a single tenant only.; The authorization to provision additional processing capacity is obtained through budget approvals and; managed through internal SLAs as part of an effective resource economy.; Further details - https://cloud.google.com/files/Google-Cloud-CSA-CAIQ-January2017-CSA-CAIQ-v3.0.1.pdf (Section AAC-03.1 and IVS-04.3)
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS
  • Other
• Other usage reporting: Monitoring/operations/BI dashboards

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics: See documentation for further metrics https://cloud.google.com/products/management/
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Google Cloud

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Any file type of any size, virtual machines, databases
• Backup controls: This varies between services, users can control what backups are performed via the web interface, CLI or APIs.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: SLAs are service specific:; https://cloud.google.com/terms/sla/
• Approach to resilience: Google operates a global network of data centers to reduce risks from geographical disruptions. The link; below includes the locations of our data centers:; http://www.google.com/about/datacenters/inside/locations/; Google does not depend on failover to other providers and builds redundancy and failover into its own; global infrastructure.; Google performs annual testing of its business continuity plans to simulate disaster scenarios that; simulate catastrophic events that may disrupt Google operations.; https://cloud.google.com/files/Google-Cloud-CSA-CAIQ-January2017-CSA-CAIQ-v3.0.1.pdf (section BCR-01)
• Outage reporting: Google maintains a dashboard with service availability and service issues here:; https://status.cloud.google.com/

Identity and authentication

• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: When users access our service, we employ a robust authentication mechanism to ensure security. Firstly, we implement Single Sign-On (SSO) solutions, allowing users to authenticate once and gain access to multiple systems and applications within our service ecosystem. This not only streamlines the login process but also reduces the risk associated with managing multiple passwords. Furthermore, we enforce Multi-Factor Authentication (MFA) to add an extra layer of security. Users are required to provide additional forms of verification beyond just a password, such as a one-time code sent to their registered mobile device or email.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Identity federation with existing provider (for example Google Apps)
• Devices users manage the service through: Dedicated device on a government network (for example PSN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 23/06/2017
• What the ISO/IEC 27001 doesn’t cover: Covers: IT & Business Consultancy
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: We adhere to a comprehensive set of information security policies and processes to ensure the confidentiality, integrity, and availability of our systems and data. Our policies cover areas such as data protection, access control, incident response, and compliance with relevant regulations and standards. Our reporting structure includes designated information security officers responsible for overseeing the implementation and enforcement of these policies. We ensure policies are followed through regular audits, assessments, and compliance reviews conducted by internal and external auditors. Additionally, we provide ongoing training and awareness programs to educate employees about their responsibilities regarding information security and reinforce compliance with our policies. Incident response procedures are in place to address any security incidents promptly, with post-incident reviews conducted to identify lessons learned and areas for improvement. Overall, our robust information security framework ensures that policies are effectively implemented, monitored, and enforced to safeguard our systems and data.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: When changes are proposed, they undergo stringent assessment for potential security impact before implementation. Our change management board, comprising security experts and stakeholders, meticulously reviews proposed changes. These changes are evaluated based on their potential to introduce security vulnerabilities or impact our services' overall security posture. Additionally, we conduct risk assessments to identify and mitigate any potential security risks associated with the proposed changes. Only after these assessments and necessary mitigations are completed do we approve changes for implementation. This diligent approach guarantees that our services remain secure and resilient in the face of evolving threats and changing requirements.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process, aligned with CSA CCM v3.0.1, involves ongoing threat assessment through internal scans, external tests, and monitoring industry threat intelligence. Prioritising vulnerabilities by severity, we deploy patches promptly after rigorous testing. Our information sources include vendor advisories, industry feeds, and collaborative initiatives, ensuring proactive threat mitigation and service security.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our protective monitoring processes swiftly identify potential compromises through automated tools and real-time analysis of system logs and user behavior. When a compromise is detected, our incident response team immediately initiates predefined procedures, including isolating affected systems and escalating the incident as needed. We prioritize rapid response to incidents, guided by predefined service level agreements (SLAs) to minimize impact and ensure the security of our systems and data.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have pre-defined processes in place for common events, which are documented in our incident management framework. Users can report incidents through various channels, including dedicated incident reporting forms on our platform, email, or through our customer support channels. Once an incident is reported, our incident response team assesses the severity and initiates the appropriate response procedures based on predefined criteria, such as impact on service availability or data integrity. Throughout, we provide regular updates to affected users, keeping them informed of progress and resolution times. After resolution, we conduct post-incident analysis to identify root causes and implement preventive measures.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: KVM hypervisor
• How shared infrastructure is kept separate: N/A

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Our data centers strictly adhere to the EU Code of Conduct for Energy Efficient Data Centres, ensuring optimal energy efficiency and sustainability practices. We employ advanced energy efficiency measures such as optimized cooling systems, server configurations, and renewable energy integration to minimize our environmental impact. Additionally, we prioritize waste heat recovery and provide comprehensive employee training to promote energy-saving initiatives. Regular reporting and benchmarking against industry standards help us track our progress and identify areas for improvement.; ; For further details on our commitment to energy efficiency in the cloud, please visit Amazon's Sustainability page.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our commitment to social value is integral to our values as a business built on an ethical approach demonstrating Glue Reply’s reliability, transparency and honesty.; We can support the buyer to deliver against the Social Value Model Theme of Fighting Climate Change through delivering additional environmental benefits enabling effective stewardship of the environment.; We are ISO14001:2015 certified and since 2012 we have reported our environmental credentials to the Carbon Disclosure Project (CDP.net). We have achieved Carbon Neutral as a whole business since 2023 and aim to produce Net Zero GHG emissions by 2030. We have a clear set of policies and action plan towards these targets.; Our certified environmental sustainability programme includes annual measurement and reporting of document printing, materials recycling, energy saving, energy efficiency, transport and energy consumption. Our KWH consumption per employee is calculated and our transition to renewables including percentage of renewables as a proportion of our total kWH consumption is reported. We complete an annual environmental policy and assessment for our supply chain partners. All our core systems are run in green cloud environments managed by certified providers.; Our cloud services are provided in a carbon-neutral manner including our direct supply chain. A proportion of this is achieved through carbon offsetting and we provide measurements on emissions that demonstrate offsetting ensures our contracts are carbon positive. Our preferred scheme is Forest Carbon (https://www.forestcarbon.co.uk).; At the start of the engagement we will agree the initiatives to implement, incorporate the agreed social value milestones into the wider programme and manage them alongside all other deliverables. A detailed project plan will be prepared and key performance measurements agreed to monitor the progress of the social value initiatives. We incorporate social value implementation and monitoring into the role of the Client Director.

  Covid-19 recovery

  Our commitment to social value is integral to our values as a business built on an ethical approach demonstrating Glue Reply’s reliability, transparency and honesty.; We can support the buyer to deliver against the Social Value Model Theme of COVID-19 recovery through provision of employment opportunities and implementation of people health initiatives to help local communities manage and recover from COVID-19.; We have implemented initiatives to promote opportunities for those who face barriers to employment;; - Enrolled into the Nuffield Research Placement scheme (funded by Nuffield Foundation) to provide placements to disadvantaged and deprived year 12 students providing research opportunities. Individuals who perform well are offered a Degree Apprenticeship place.; - Run a Degree Apprenticeship scheme where we use Generation (a not-for-profit) to cross-train individuals from deprived backgrounds, without necessarily STEM backgrounds in technology. We partnered with Google who commit to provide engineering engagements and training and development on Google Cloud Platform related technologies.; As a responsible employer we have implemented the 6 standards of the Mental Health at Work Commitment, we support our employees no matter what situation they face and have appropriate structures for them to speak to neutral experts 24x7. Both employees and managers are trained on mental health. Post-COVID we actively promote physical activities and have revised working practices to inspire each employee to make their own choices to find their ideal work-life balance.; At the start of the engagement we will agree the initiatives to implement, incorporate the agreed social value milestones into the wider programme and manage them alongside all other deliverables. A detailed project plan will be prepared and key performance measurements agreed to monitor the progress of the social value initiatives. We incorporate social value implementation and monitoring into the role of the Client Director.

  Tackling economic inequality

  Our commitment to social value is integral to our values as a business built on an ethical approach demonstrating Glue Reply’s reliability, transparency and honesty.; We can support the buyer to deliver against the Social Value Model Theme of Tackling Economic Inequality through provision of new business, new jobs and skills and incresaing supply chain resilience and capacity.; We have implemented initiatives to promote opportunities for those who face barriers to employment;; - Enrolled into the Nuffield Research Placement scheme (funded by Nuffield Foundation) to provide placements to disadvantaged and deprived year 12 students providing research opportunities. Individuals who perform well are offered a Degree Apprenticeship place.; - Run a Degree Apprenticeship scheme where we use Generation (a not-for-profit) to cross-train individuals from deprived backgrounds, without necessarily STEM backgrounds in technology. We partnered with Google who commit to provide engineering engagements and training and development on Google Cloud Platform related technologies.; - Run a Code for Kids initiative where we work with schools to teach over 3,000 children across a broad range of schools how to program.; We have a Supplier Code of Conduct and all our suppliers must comply in the areas of labour law and human rights, worker safety and environmental sustainability. Reply operates as set of SME type companies and we understand the benefits that this these organisations can bring and we often select SME’s as part of our supply chain; At the start of the engagement we will agree the initiatives to implement, incorporate the agreed social value milestones into the wider programme and manage them alongside all other deliverables. A detailed project plan will be prepared and key performance measurements agreed to monitor the progress of the social value initiatives. We incorporate social value implementation and monitoring into the role of the Client Director.

  Equal opportunity

  Our commitment to social value is integral to our values as a business built on an ethical approach demonstrating Glue Reply’s reliability, transparency and honesty.; We can support the buyer to deliver against the Social Value Model Theme of Equal Opportunity through tackling workforce inequality, identifying and managing the risks of modern slavery and increasing representation of disabled people.; Glue Reply is committed to promoting equality and diversity and promoting a culture where we actively value difference and recognise people from different backgrounds and experiences bring valuable workplace insights and enhance the way we work. Making everyone feel equally involved and supported results in rewarding work experiences and fuels innovation.; We make employment decisions based on merit, qualifications and competence. Our workforce has high cultural diversity, above industry standards, and has higher levels of gender diversity than industry averages. We have a strong equality ethos and run a genuine meritocracy where individuals are assessed solely on their performance and how their contribution has helped further the organisation.; We are committed to preventing modern slavery in our corporate activities and supply chains.; We have implemented initiatives to promote opportunities to identify and tackle inequality in employment, skills and pay in the workforce.;; • Founding signatory of the Tech Talent Charter; • Women in Technology social network organises events and has an active community.; • Donated some of our BCS Corporate Membership places to Coding Black Females; At the start of the engagement we will agree the initiatives to implement, incorporate the agreed social value milestones into the wider programme and manage them alongside all other deliverables. A detailed project plan will be prepared and key performance measurements agreed to monitor the progress of the social value initiatives. We incorporate social value implementation and monitoring into the role of the Client Director.

  Wellbeing

  Our commitment to social value is integral to our values as a business built on an ethical approach demonstrating Glue Reply’s reliability, transparency and honesty.; We can support the buyer to deliver against the Social Value Model Theme of Wellbeing through supporting the physical and mental health of the rowkforce and community.; As a responsible employer we have implemented the 6 standards of the Mental Health at Work Commitment, we support our employees no matter what situation they face and have appropriate structures for them to speak to neutral experts 24x7. Both employees and managers are trained on mental health.; We perform assessments on wellbeing regularly and our significant annual report on this covers a wide range of dimensions across the business. We present the findings to all employees whilst keeping individual information 100% confidential. We then have our focus group working on these results to drive a culture of continuous improvement; Post-COVID we actively promote physical activities and have revised working practices to inspire each employee to make their own choices to find their ideal work-life balance.; • Our active challenge on Strava rewards employees for taking breaks. For every mile they walk or run we give £1 to charity, with an extra £5 every time during work hours. #WorkLifeBalance has driven an active work-life balance culture with >70% peak uptake.; • Our staff also have access to on-line yoga and fitness programmes.; At the start of the engagement we will agree the initiatives to implement, incorporate the agreed social value milestones into the wider programme and manage them alongside all other deliverables. A detailed project plan will be prepared and key performance measurements agreed to monitor the progress of the social value initiatives. We incorporate social value implementation and monitoring into the role of the Client Director.

Pricing

• Price: £350 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at glue.frameworks@reply.com. Tell them what format you need. It will help if you say what assistive technology you use.