ATOS IT SERVICES UK LIMITED

Atos Application Technical Management

Application Technical Management (ATM) provides the operational management of Customer’s application environment. This consists of daily execution of Customer's business processes by providing ongoing availability and monitoring the performance of the application technical environment.
ATM services are a combination of:
▶Web servers
▶Middleware & interface management
▶Custom-made applications

Features

• Availability management to keep systems up and running
• Monitoring of the in-scope processes
• Housekeeping of necessary tasks
• Patch management to keep systems on latest security level
• Configuration management
• Backup and restore management of the service
• Security management (initial state and run)
• Vendor management
• Keep documentation up to date
• Interface management for application interacting

Benefits

• Performance management to optimise the used configuration
• Support Customer for application specific changes
• Perform Customer application specific patch management
• Provide technical account management
• Failover testing for applications using High Availability configurations
• Release management of application releases
• License management to support customer to be compliant
• Certificate handling where SSL certificates are used
• Regulatory compliance to support compliancy requirements
• Technical consultancy to develop customer on its journey

£8.59 an instance a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@atos.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

978714571937576

Contact

Louise Carr
+447733315094
opportunities@atos.net

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Database Management
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: There are no Constraints of the service.; Application Technical Management can be provided on any underlying infrastructure platform, including all types of Cloud.; Support availability window will be mutually agreed depending on application requirements.
• System requirements:
  • Underlying Cloud (compute, storage and backup) infrastructure
  • Application software licenses (unless open source)

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: To be agreed upon request.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: For support levels please refer to section “Availability and resilience”. Related prices are in the pricing document.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: User documentation how to access the service will be provided. Furthermore, a High Level Design document tailored to customer will be created.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Word file format
  • Excel format
• End-of-contract data extraction: Users have local copies of the data already.
• End-of-contract process: A final backup can be ordered (additional costs will apply).

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems: Other
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: • File share access to change application data; • Application Programming Interface (API, see API section)
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Screen reader compatibility testing ;; ; Keyboard navigation testing ;; ; Colour contrast and visual clarity testing ;; ; Alternative text for images and icons ;; ; Input assistance and error handling ;; ; Testing with diverse assistive technology setups
• API: Yes
• What users can and can't do using the API: Application Programming Interface (API) allow users to leverage programming languages and application-specific libraries or drivers to interact with the application programmatically (e.g. JDBC for Java).
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Besides Commercial off the Shelf (COTS) technologies, also applications created by customers are supported by this service.

Scaling

• Independence of resources: Each application instance has one owner defined by the customer.

Analytics

• Service usage metrics: Yes
• Metrics types: Service availability of the application measured on the server using providers standard monitoring tool .
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Never
• Protecting data at rest: Other
• Other data at rest protection approach: Service security is based on underlying infrastructure data at rest service security.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Export will be done by Provider.
• Data export formats: Other
• Other data export formats: Files of the Application Technical Management environment
• Data import formats: Other
• Other data import formats: Files of the Application Technical Management environment

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Service security is based on underlying infrastructure service security.
• Data protection within supplier network: Other
• Other protection within supplier network: Service security is based on underlying network service security.

Availability and resilience

• Guaranteed availability: The following service availability will be provided with this service.; Bronze Set 1 - Service availability window: 5 days, 10 hours (business days), 08:00–18:00 - 98% - Maintenance window: Business days, 08:00 – 18:00;; Silver Set 2 - Service availability window: 5 days, 10 hours (business days), 08:00–18:00 - 99.5% - Maintenance window: Business days, 08:00 – 18:00;; Silver Set 3 - Service availability window: 7 days, 24 hours (all days) - 99.5% - Maintenance window: Saturdays, 08:00 – Sundays, 12:00;; Gold Set 4 - Service availability window: 5 days, 10 hours (business days), 08:00–18:00 - 99.8% - Maintenance window: Business days, 18:00 – 08:00 next day;; Gold Set 5 - Service availability window: 7 days, 24 hours (all days) - 99.8% - Maintenance window: Saturdays, 08:00 – Sundays, 12:00;; Platinum Set 6 - Service availability window: 5 days, 10 hours (business days), 08:00–18:00 - 99.9% - Maintenance window: Business days, 18:00 – 08:00 next day;; Platinum Set 7 - Service availability window: 7 days, 24 hours (all days) - 99.9% - Maintenance window: Saturdays, 08:00 – Sundays, 12:00.; The service availability mainly depends on the underlying infrastructure and used database technology configuration.
• Approach to resilience: This is based on the used application technology configuration, underlying infrastructure and datacentre layout.
• Outage reporting: This is included in the monthly service reporting.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: By username or password.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: PWC
• ISO/IEC 27001 accreditation date: 01/11/2023
• What the ISO/IEC 27001 doesn’t cover: Scope may be provided upon request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Blackfoot UK Ltd
• PCI DSS accreditation date: 11/12/2023
• What the PCI DSS doesn’t cover: No non-covered scope. Scope may be provided upon request.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Public Services Network

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Configuration management database (CMDB) is filled with configuration items (CIs). The CMDB provides up-to-date configuration information for use in the resolution of incidents.; Additions, removal, and changes of CIs are registered in the CMDB. The CMDB is populated by a combination of automated scanning products and manual processes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Atos subscribe to filtered vulnerability feeds. Received vulnerabilities are assessed for their impact upon the service and patching or other mitigations are applied in timescales dependent upon the severity of the vulnerability. High level reporting on vulnerabilities and oversight is provided by the Security Working Group. Patching compliance is tracked at the Security Working Group level.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Event logs are sent to the SIEM service, where a set of alerting rules are applied to the log streams in near real-time. The logs are analysed for any suspicious activity. Where the alerting rules identify suspicious activity, alerts are generated, and the Security Operations Centre (SOC) staff investigate the alert and report to the relevant party for resolution.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Atos has pre-defined incident management process to cover common security events and a generic security incident management process to cover the remaining types of incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: Any network and on any infrastructure.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Atos is a global leader in decarbonised digital services incorporating sustainable practices into our IT services to mitigate against the impact of climate change. This is evidenced by our EcoVadis Platinum Award. We are committed to an SBTi endorsed Science Based Target and are on track to reduce all emissions by 50% between 2019-25 and achieve Net Zero by 2039. Activities to achieve this include: IT Products and Services: We place a 20% sustainability weighting during procurement and use EcoVadis to assess supplier environmental performance. We were awarded “Platinum” status by EcoVadis for the fourth year running in October 2023. Renewable Energy Sources: Since 2018, the electricity purchased for our IT equipment, lighting and some space heating in mainland Great Britain has been from 100% renewable sources. Reduce Energy Consumption: Initiatives include the adoption of remote/hybrid working for employees, leading to a 10% drop in Atos UK&I energy usage between H1 2022 and H1 2023 through the rationalisation of 15 offices. In 2020, we signed up to a group-wide car-fleet agreement to source only electric vehicles with the aim to switch our entire fleet to electric or hybrid by 2025 (70% achievement in 2022). Minimise Electronic Waste: Atos has a circular economy approach to minimise electronic waste and extend the lifespan of its IT equipment ensuring that 100% of our obsolete IT assets are collected, reused, or recycled in a responsible way. The policy approach is based on the ISO14001 certified management system. In the UK we partner with Tier1, an SME specialising in hardware recycling. We will assess each call-off contract from G-Cloud 14 and make commitments that will drive sustainability such as: • Selecting sustainable partners and hosting joint decarbonisation workshops • Delivering environmental volunteering opportunities • Delivering training/education on sustainability

  Tackling economic inequality

  Atos recognises that the IT sector faces employment and skills shortages whilst under-represented groups still face barriers to accessing jobs. According to Prospects.ac.uk (December 2023), less than 8.5% of senior leaders in UK tech are from ethnic minority groups, only 16% of IT professionals are female and less than 9% of all IT specialists have a disability. We have implemented initiatives to tackle economic inequality: Early Career Talent Activities Atos provides work experience placements and STEM outreach to schools/universities to inspire students from different backgrounds across the UK into technology careers. Our Graduate and Apprenticeship programmes are over 18 months and provide experience in project delivery, operations and technical areas. The Atos Graduate Internship and Apprenticeship Community supports members in building up a network across the organisation and provides extra-curricular opportunities. Recruitment Activities We have embedded a fully inclusive and accessible end-to-end recruitment process. Actions include: Our Recruitment professionals to complete ‘Diversity, Equality and Inclusion (DEI) training for HR and Talent Professionals’ to attract a diverse talent pool We use Textio, a writing-enhancement service, to remove gender bias from job adverts We use video and flexible/adjusted interviews to provide support if wanted by people with disabilities including neurodiversity, such as assistive technology and schedule flexibility We organise tech career events and partner with organisations such as Bright Network to target candidates from under-represented groups. Career Development Activities All Atos employees are encouraged to set an Individual Development Plan with access to in-house learning and development resources such as Atos University. We will assess each call-off contract from G-Cloud 14 and make commitments that will tackle economic inequality such as: Creating employment opportunities Collaborating with our partners such as Next Tech Girls and SmartSTEMs to deliver training schemes/programmes to address any identified skills gaps and support skills growth.

  Equal opportunity

  Atos has been recognised as a leading employer in supporting an inclusive workplace through its inclusion in the Times Top 50 Employers for Gender Equality 2023 and our Level 3 Disability Confident Leader status. We continually review and improve our DEI initiatives to ensure we advance our goal. Inclusive/accessible recruitment activities We have embedded a fully inclusive and accessible end-to-end recruitment process. To achieve this, we engaged external partners to provide training to managers/HR to ensure fair recruitment by removing barriers and attracting diverse talent. Inclusive working conditions We create an inclusive working environment where all individuals can thrive and enable Atos to retain diverse talent: Policies: Our policies ensure we support all our employees regardless of their characteristics, enabling everyone to access and pursue opportunities available in Atos. DEI Networks: Our employee-led networks are advocates for equality and change in the workplace and wider society. Business Initiatives: We have initiatives to support under-represented groups’ progress in our workplace such as talent programmes and embedding cultural events into our calendar including International Woman’s Day and Black History Month. Fair Pay Our Diversity Pay Gap Report aligned to the Equality Act 2010 (Gender Pay Gap Information) Regulations 2017, is published annually and provides transparent reporting on our progress to create gender and ethnicity balance. Flexible Working Atos is proud to actively support remote/hybrid and flexible working to assist all employees achieve a good work life balance. Beyond this, our Flexible Working Policy outlines the support available to employees and candidates with fluctuating health conditions or care/personal responsibilities. We will assess each call-off contract from G-Cloud 14 and make commitments that will promote equal opportunity such as: Creating employment opportunities for under-represented groups by working with inclusive recruitment partners such as Bright Network Delivering training schemes and programmes for under-represented groups

  Wellbeing

  We are signatories of the Six Standards of Mental Health and invest significantly in the mental health of our employees: Prioritising mental health We provide a comprehensive Employee Assistance Programme (EAP) to all staff including an online GP service, wellbeing toolkits and a free, anonymous 24/7 helpline where employees can get counselling and advice on a wide range of topics including family, financial and legal matters. Promoting positive mental health Our senior leadership team and Mental Health First Aiders act as positive role models, endorsing initiatives like World Mental Health Week. Open culture We drive an open culture where conversations about mental health are supported. Line Managers promote employee wellbeing through monthly 1-2-1s and workload assessment. Should an employee raise a concern over their workload, their Line Manager conducts Individual Stress Risk Assessments and encourages EAP and Stronger Minds helpline use when needed. Holding regular 1-2-1s is a metric Atos Line Managers are appraised on as part of our Performance Management system, ensuring nurturing connections between our managers and employees are embedded as a culture. Increasing organisational capability We partner with third-party specialists in wellbeing and mental health, such as Genius Within, to provide training to our employees. Providing tools and support We provide annual training on subjects such as anxiety and depression, and signpost mental health tools available on our Wellbeing Hub. Tools include links to NHS Mental Health helplines, AXA PPP Wellbeing articles and a Mental Health Toolkit with 19 tips/tools breathing exercises and sleep techniques. Increasing transparency We measure wellbeing in surveys and publish action plans to address employee feedback gathered from the survey. We will assess each call-off contract from G-Cloud 14 and make commitments that will promote equal opportunity such as funding Mental Health First Aiders for the contract delivery team.

Pricing

• Price: £8.59 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@atos.net. Tell them what format you need. It will help if you say what assistive technology you use.