Rowden Technologies Ltd

Self-serve Portal

Rowden's AWS-based Self Serve Portal allows any authorised users to deploy scalable, secure cloud applications effortlessly. Authorised users can tailor configurations, available services, and security via their team or ours. Manage, monitor, and scale with ease, benefiting from transparent, itemised billing and comprehensive yet intuitive administrative tools.

Features

• Pre-configurable: Pre-configure secure cloud applications, ready to deploy
• Scalability Built In: From 10s to 1000s of users automatically
• Managed Security: Customisable by user or Rowden experts
• Persistent Monitoring: Offers round-the-clock logging and monitoring with archive options
• Dashboards: Comprehensive user and administrator reporting
• Observability: Real-time monitoring and metrics
• FinOps: Transparent itemised billing system, per user or per service

Benefits

• Usable: Simplifies cloud application deployment, direct with the end user
• Secure: Enhances security with expert or in-house configurations
• Scalable: Grows with organisational needs, no limitations
• Reduces need for specialised cloud skills
• Observable: Provides detailed oversight and operational control
• FinOps: Streamlines financial operations and billing transparency
• Effective resource and budget management
• Improved administrative efficiency and resource allocation
• Flexible: Offers robust scalability and optionality for all users

£550 to £1,450 a unit a day

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@rowdentech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

905731207358517

Contact

Sales Team
+44 (0) 117 4285759
sales@rowdentech.com

Service scope

• Service constraints: There are limited constraints associated with this service. Redeployments can cause downtime but measures can be put in place to limit this as required.
• System requirements:
  • Modern Operating System (Linux, Mac or Windows)
  • Android 8 and above

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are dependent on service level agreements as agreed with the buyer. Flexible response times can be provided allowing users to ensure support is available when needed, including for operational purposes.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All support is co-ordinated by each dedicated customer technical account manager and levels are agreed on a customer-by-customer basis.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will conduct a detailed and thorough assessment of the client’s requirements, including Key Performance Indictors (KPIs) enabling us to customise a tailored solution. The assessment phase will be continuous throughout the life of the service and an agile response to any client changes in requirements will be adopted. An initial bedding-in period will be provided to ensure that users are able to exploit the services in full and as intended. Any changes will be made if required followed by a tailored onboarding process. This can include BYOD / CYOD or a mixture. Current IT/mobile infrastructure maybe incorporated into the implementation of the system.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Rowden respects that your data is your data. It can be removed by you at any time. All data at the termination of the service will be destroyed unless alternative prior arrangements have been agreed. Depending on the nature of the service, the offboarding process will be tailored to the situation. In most cases, the cloud-based infrastructure will be deactivated, and data and cluster resources removed and/or destroyed in line with NCSC guidance.
• End-of-contract process: At the end of the contract period the cloud hosted environment will be suspended for a period of 10 working days before all instances and data are deleted in line with NCSC guidance. If the users whish to extract any data they must request this prior to the 10 day notice period.

Using the service

• Web browser interface: Yes
• Using the web interface: A web page designed to provide access to an AWS self-serve portal features a clean, user-friendly interface, enabling efficient management of AWS resources. Upon entering, users are greeted with a login section to authenticate using their AWS credentials. Once logged in, the dashboard offers a structured layout, categorising services like EC2, S3, RDS, and Lambda for easy navigation.; ; Users can interact with dropdown menus, buttons, sliders, and form inputs to adjust settings, launch instances, and monitor resources. Visual indicators such as graphs and status icons provide real-time feedback on the performance and health of their resources.; ; The design ensures accessibility, with high contrast text, a responsive layout, and compatibility with screen readers, adhering to web accessibility standards.
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: In our WCAG 2.1 Level A compliance test, we; ensured keyboard accessibility, provided alternative text for images, offered accessible audio/video alternatives, met contrast ratio requirements, labelled form inputs, organised page structure logically, ensured link text conveyed purpose, maintained a logical focus order, adjusted timeouts for user interaction, and ensured status messages were visually apparent.
• API: Yes
• What users can and can't do using the API: An API integrated with a self-serve portal enables efficient deployment of AWS cloud compute resources, streamlining user management processes. This functionality allows users to configure and manage AWS services like EC2 instances, Lambda functions, and Elastic Beanstalk environments through a user-friendly interface.; ; Behind the scenes, the portal utilises AWS APIs to transform user selections and configurations into API requests, directly provisioning and managing resources with AWS.; ; The API automates tasks such as scaling, backups, and recovery, while orchestrating seamless functionality across multiple services. It also delivers real-time updates and feedback to enhance user transparency and confidence.; ; Furthermore, the API ensures adherence to AWS’s strict security protocols, including authentication and encryption. Users can manage permissions and roles via the portal, ensuring that only authorised personnel can deploy or modify resources.; ; This integration not only boosts operational efficiency but also simplifies complex cloud management tasks, maintaining high security standards.
• API automation tools: Terraform
• API documentation: Yes
• API documentation formats: PDF
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: By offering a cloud based solution in multiple UK datacentres and working with users to understand the capacity and load baseline requirements we are able to scale independently of other users. Once in production, our expert network and hosting architecture staff will monitor and manage all service supporting components to ensure the service is maintained.
• Usage notifications: Yes
• Usage reporting: Other
• Other usage reporting: Realtime information is available via the dashboard. Regular updates are also provided.

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Number of active instances
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: WireGuard® VPN utilising state-of-the-art cryptography.; AWS global accelerator
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We will provide the user with compensation in the form of a service extension if, through the fault of the supplier, the service has been degraded to such a level as to prevent the user from gaining access. All UK datacentres used have a 99.9% uptime. As part of the on boarding process specific business critical SLAs can be requested including the ability to specify critical events that will require additional support or resource.
• Approach to resilience: We build our public cloud solutions to utilise the redundant and fault tolerance features of the cloud. Servers can be distributed across multiple availability zones and regions and duplicated where appropriate to provide fault tolerance across all disaster scenarios. Using the latest clustering techniques we are able to provide elastic scaling on demand ensuring high performance is maintained across all traffic demands. We utilise the latest DevOps and Infrastructure-As-Code practices to create dynamic, scalable and resilient applications that are easy to maintain, cost efficient and reliable.
• Outage reporting: In the event of an outage, the Service Delivery Manager contacts the the user to inform them. The user also has full access to a management dashboard with configurable email alerts. Further updates are then communicated using a combination of methods, including the dashboard, phone, or email in accordance with the severity of the outage as documented in our Incident Management process.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Access control is based on individual permissions applied to a human or machine identity. This is role-based access control (RBAC). Rowden use a single access control process and mechanism to provide a coherent approach.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Rowden follow industry best practice to deliver Information Security Policies which is governed at board level and tailored to support individual projects.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to component configuration are submitted to a Minor or Major change management process with the aim of maintaining operational service whilst incorporating the change as quickly as possible. All changes are technically reviewed, risk-assessed, scheduled and then re-reviewed post-implementation.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Security reviews are performed every quarter and discussed at service review meetings. We also offer automated security testing throughout the life of the service and specific security testing after any system level change has be implemented. An annual independent 3rd party vulnerability and security testing audit is available sure the user request, this will be conducted using an independent ISO27001 security testing company. Critical issues found are raised immediately via the service desk to be fixed by the support team under SLA.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Events can be configured both by the users and the Service Delivery Team to trigger alerts. If an attack is detected, alerts will be raised and outputs from the logging platform used to create a mitigation response. These alerts are integrated into our support service. All incidents and security events are resolved under SLA.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: All incidents are reported into a central monitoring dashboard, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution. Rowden Technologies operates to a robust Incident Management process that can be tailored to the users requirements.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: We use a variety of virtualisation technology to bring the benefit of cloud computing to the end users. Kubernetes Clusters as well as traditional VM are used depending on the user requirements.
• How shared infrastructure is kept separate: A Virtual Private Cloud provides complete network layer separation from any other portion of the environment. A VPC acts as a container for any resources in a given region, including virtual machines, storage, security rules, database instances, Cloud Formation stacks etc. Authentication and DNS, span all VPCs – allowing, e.g. global user access control policies.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: AWS and Azure adhere to the EU Code of Conduct for Energy-Efficient Data Centres, focusing on reducing energy consumption efficiently. AWS enhances energy efficiency through innovative cooling methods such as direct evaporative cooling and high server utilisation, minimising physical servers and maximising virtual operations. This not only adheres to the Code’s guidelines but also leverages renewable energy sources wherever possible. On the other hand, Azure utilises artificial intelligence to optimise cooling systems and deploys energy monitoring and smart grid technologies. This helps align energy usage with the availability of renewable energy. Azure also utilises highly efficient server configurations and modular data centres that adapt to demand, optimising energy use. Additionally, Microsoft commits to renewable energy, aiming for zero-carbon operations. Both AWS and Azure not only comply with the EU Code by integrating advanced technologies and sustainable practices but also actively seek new methods to enhance data centre energy efficiency, underscoring their commitment to environmental sustainability. This approach demonstrates a proactive stance in exceeding the basic requirements of the Code, showing leadership in energy-efficient data centre management.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a forward-looking company delivering next-generation technical solutions, we have a responsibility to lead the way in addressing climate change. To achieve this, we embed climate change initiatives into the delivery of all our contracts, creating a link between revenue generation and positive ecological change. During call-off, we will agree with the Buyer a specific plan, timescales and reporting (via our Social Values Dashboard) to demonstrate how our services will; positively impact climate change. This plan will introduce new initiatives (together with the necessary budget) and build on existing efforts. We offset the emissions of our workforce, contractors and external project team members to drive long lasting positive behaviours. This is via Ecologi Ltd, Bristol-based social enterprise. We offer employee benefits that encourage and influence positive environmental behaviours including free onsite EV charging, a competitive EV rental salary sacrifice scheme, and access to advanced technology solutions that support effective remote working. We engage and involve our people in our sustainability efforts via an internal working group that leads on climate change initiatives (recent examples being a switch to recycled paper and a scheme under which we donate our unwanted technology to a local children’s charity). We track the emissions generated by our business and wider supply chain using a carbon accounting module which is integrated into our accounting software. This enables us to identify actionable methods of reducing emissions in line with our target to reduce per head emissions by 25% by 2030, which we have set out in our Carbon Reduction Plan. We ask our supply chain to adhere to sustainability commitments as part of our Supplier Code of Conduct, thus encouraging positive environmental action in our wider ecosystem. We plan to establish a working group involving a range of suppliers to feed into broader environmental initiatives.

  Covid-19 recovery

  Rowden recognises that local communities and individuals within them are still recovering from the effects of COVID-19. As part of our sustainable growth, we support the local community in ongoing recovery efforts. During call-off, we will agree with the Buyer a specific plan, timescales and reporting (via our Social Values Dashboard) to demonstrate how our services will support COVID-19 recovery. This plan will introduce new initiatives and build on these existing efforts. Recognising employees may still be subject to physical and psychological consequences of COVID-19, we provide a comprehensive employee benefits package including private medical insurance, a health cash plan and 24/7 access to counselling via the LifeWorks Employee Assistance Programme. Trained mental health first aiders support our dedication to ensure the mental health of our people. Financial support and advice is available via Bippit. The evolution of home working arrangements that were necessary during the pandemic into permanent flexible working policies that both support employees with a diverse range of caring needs or health concerns and underpin our talent attraction strategies. A dedicated sustainability budget, used for initiatives across three pillars of Rowden’s sustainability programme (economic, social, environmental). Employees can suggest uses for funds, including charitable donations and event sponsorship. We engage in a range of community/charitable initiatives, from homeless collections, volunteering at STEM events, through to sustainable travel initiatives run by the local authority. Strategies to create new work opportunities and maintain job security for existing employees through development of new products and services. Sourcing local suppliers of goods and services wherever possible (taking into account customer requirements), thus stimulating the local economy. Extensive L&D budgets to support employees with training and development opportunities, including those that are relevant in the post-pandemic economy (e.g. using modern delivery approaches to adapt to changing market demands).

  Tackling economic inequality

  As a regional SME, we understand the barriers to entry that exist in the sector and are committed to tackling economic inequality. During call-off, we will agree with the Buyer a specific plan, timescales and reporting (via our Social Values Dashboard) to demonstrate how our services will tackle economic inequality. This plan will introduce new initiatives and will build on the following existing efforts. Measures to improve EDI in our hiring processes and employment (see equal opportunities response). Investment in an L&D budget of £600 per head available for courses and qualifications to upskill people in areas relevant to our contracts. This complements a tailored internal training programme, mentoring schemes and other external programmes. We have just recruited our 2024 intake for our graduate engineering scheme. We would consider funding additional places linked to a specific call-off. Partnerships with a range of organisations to tackle inequality in our sector and a dedicated STEM budget for community outreach, engagement, and sponsorship (see equal opportunities response). We endeavour to achieve the optimum balance of employees and contractors, considering what will provide the best customer outcomes. We consider how to increase opportunities for diverse businesses and proactively seek out local SMEs for support, e.g. via teaming and partnership structures. We provide informal mentorship and technical assistance to such businesses to help them deliver their strategies. We actively seek to reduce barriers to entry for new market entrants/SMEs by championing modularity principles to guide procurement, maintaining an independent, vendor-agnostic delivery approach. We track information about the types of suppliers we work with as a key metric. Our Supplier Code of Conduct clarifies what we expect from our supply chain. We manage cyber risks across delivery and are Cyber Essentials Plus certified. We assess and mitigate cyber security risks in our supply chain.

  Equal opportunity

  Rowden's commitment to tackling workplace inequality is a core company value and strategic imperative. During call-off, we will agree with the Buyer a specific plan, timescales and reporting (via our Social Values Dashboard) to demonstrate how our services will deliver equal opportunities. This plan will introduce new initiatives and build on existing efforts. Recognising that gender imbalance is an issue in our sector, we are signatories to the Women in Defence Charter. 30% of our workforce is female; we aim to reach at least 35% by 2030. We are a Disability Confident Employer, collaborating with the Business Disability Forum for advice which helps us understand the issues affecting the disabled community. Working with Evenbreak, we publicise opportunities to disabled candidates. We are an Armed Forces Covenant signatory, planning to become a Gold Armed Forces Covenant Award member by 2030. This continues a longstanding practice - 30% of our workforce constitutes service leavers. Pay equity is maintained through biannual reviews. Our holistic benefits package offers flexible working for a diverse range of employees. 96% of employees reported a positive work-life balance in our 2024 engagement survey. Employees undertake mandatory EDI training. Hiring managers receive additional training to reduce the risk of bias in recruitment. Monthly EDI L&D sessions (via our partnership with Powered By Diversity) cover protected characteristics. We use recruitment agencies committed to targeting under-represented groups. Our interviews include skills-based tasks to remove subjective judgements/improve diversity. We proactively discuss reasonable adjustments in hiring to set the foundations for success. We participate in Tech Talent’s diversity survey and partner with Coding Black Females. Our dedicated STEM budget supports community outreach. We sponsor initiatives that champion equality (mentoring schemes - Women Like Me, events - CynNam EmPower Girls). We pledge to sign up to the MotherBoard and Bristol Women in Business charters.

  Wellbeing

  Our workplace culture prioritises employee health and wellbeing from the top down. During call-off, we will agree with the Buyer a specific plan, timescales and reporting (via our Social Values Dashboard) to demonstrate our commitment to wellbeing. This plan will introduce new initiatives and build on our existing efforts. We offer hybrid working and flexible working policies support our workforce. 96% of employees reported a positive work-life balance in our 2024 engagement survey. Our comprehensive employee benefits package includes private medical insurance, a health cash plan and access to counselling (LifeWorks Employee Assistance Programme). We offer financial support and advice via Bippit, and a cycle-to-work scheme. We provide good physical workplace conditions, including an on-site gym, ‘wellness room’ and free lunch and healthy snacks. We actively promote wellbeing resources, e.g. ‘wellness action plans’, and signpost local/national services. Trained mental health first aiders are on hand to support our people. Managers undertake workplace mental health training to support mental health conversations during 121s and signposting to resources. Our people policies align to the 6 standards of the ‘Mental Health at Work’ framework. We run a bi-annual engagement survey to gather employee feedback. We have a strong focus on cooperative team behaviours and encourage conflict to be dealt with maturely and respectfully. We collaborate with our customer teams throughout contract design and delivery. Prioritising engagement, we ensure contracts align with customer needs and values. We frequently provide our customers with access to co-working spaces onsite. This increases the unplanned interactions that are vital to reduce project risk, builds long-term trust, and facilitates faster organisational learning, thereby creating greater productivity. We communicate with customers about our dedication to community wellbeing and actively engage ensuring alignment with their needs. These efforts aim to foster strong, integrated communities where everyone feels valued and supported.

Pricing

• Price: £550 to £1,450 a unit a day
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A full stack free trial is provided. This will be limited to an initial 3 week period but can be extended on request

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@rowdentech.com. Tell them what format you need. It will help if you say what assistive technology you use.