npm - ccs-digitalmarketplace-frameworks - Versions diffs - 4.11.3 → 4.11.4 - Mend

ccs-digitalmarketplace-frameworks 4.11.3 → 4.11.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/frameworks/g-cloud-15/manifests/edit_service_as_admin.yml CHANGED Viewed

@@ -60,3 +60,34 @@
   editable: True
   questions:
     - multiqUsageNotifications
+- name: Data-in-transit protection
+  editable: True
+  questions:
+    - multiqDataProtectionBetweenNetworks
+    - multiqDataProtectionWithinNetwork
+- name: Asset protection
+  editable: True
+  questions:
+    - multiqDataStorageAndProcessing
+    - multiqPenetrationTesting
+    - multiqProtectionOfDataAtRest
+    - multiqDataSanitisation
+- name: Availability and resilience
+  editable: True
+  questions:
+    - guaranteedAvailability
+    - approachToResilience
+    - outageReporting
+- name: Separation between users
+  editable: True
+  questions:
+    - multiqVirtualisation
+- name: Governance
+  editable: True
+  questions:
+    - boardLevelServiceSecurity

package/frameworks/g-cloud-15/manifests/edit_submission.yml CHANGED Viewed

@@ -75,3 +75,39 @@
   edit_questions: True
   questions:
     - multiqUsageNotifications
+- name: Data-in-transit protection
+  editable: False
+  edit_questions: True
+  questions:
+    - multiqDataProtectionBetweenNetworks
+    - multiqDataProtectionWithinNetwork
+- name: Asset protection
+  editable: False
+  edit_questions: True
+  questions:
+    - multiqDataStorageAndProcessing
+    - multiqPenetrationTesting
+    - multiqProtectionOfDataAtRest
+    - multiqDataSanitisation
+- name: Availability and resilience
+  editable: False
+  edit_questions: True
+  questions:
+    - guaranteedAvailability
+    - approachToResilience
+    - outageReporting
+- name: Separation between users
+  editable: False
+  edit_questions: True
+  questions:
+    - multiqVirtualisation
+- name: Governance
+  editable: False
+  edit_questions: True
+  questions:
+    - boardLevelServiceSecurity

package/frameworks/g-cloud-15/metadata/copy_services.yml CHANGED Viewed

@@ -7,12 +7,10 @@ questions_to_exclude:
   - accessRestrictionTesting
   - accreditationsOther
   - accreditationsOtherList
-  - approachToResilience
   - auditBuyersActions
   - auditBuyersActionsStorage
   - auditSuppliersActions
   - auditSuppliersActionsStorage
-  - boardLevelServiceSecurity
   - browsersAccess
   - browsersSupported
   - cloudDeploymentModel
@@ -26,17 +24,6 @@ questions_to_exclude:
   - dataExportHow
   - dataImportFormats
   - dataImportFormatsOther
-  - dataProtectionBetweenNetworks
-  - dataProtectionBetweenNetworksOther
-  - dataProtectionWithinNetwork
-  - dataProtectionWithinNetworkOther
-  - dataSanitisation
-  - dataSanitisationType
-  - dataSanitisationTypeHosting
-  - dataSanitisationTypeSoftware
-  - dataStorageAndProcessing
-  - dataStorageAndProcessingLocations
-  - dataStorageAndProcessingUserControl
   - datacentreSecurityStandards
   - devicesUsersManageTheServiceThrough
   - educationPricing
@@ -54,7 +41,6 @@ questions_to_exclude:
   - freeVersionTrialOption
   - governmentSecurityClearances
   - governmentSecurityClearancesFilter
-  - guaranteedAvailability
   - howLongSystemLogsStored
   - incidentManagementApproach
   - incidentManagementType
@@ -78,9 +64,6 @@ questions_to_exclude:
   - ongoingSupportDescription
   - ongoingSupportServices
   - onsiteSupport
-  - outageReporting
-  - penetrationTesting
-  - penetrationTestingApproach
   - phoneSupport
   - phoneSupportAvailability
   - planningService
@@ -93,8 +76,6 @@ questions_to_exclude:
   - priceMin
   - priceUnit
   - pricingDocumentURL
-  - protectionOfDataAtRest
-  - protectionOfDataAtRestOther
   - protectiveMonitoringApproach
   - protectiveMonitoringType
   - publicSectorNetworks
@@ -172,12 +153,6 @@ questions_to_exclude:
   - userAuthenticationNeeded
   - userAuthenticationSoftware
   - userSupportAccessibility
-  - virtualisation
-  - virtualisationImplementedBy
-  - virtualisationSeparation
-  - virtualisationTechnologiesUsed
-  - virtualisationTechnologiesUsedOther
-  - virtualisationThirdPartyProvider
   - vulnerabilityManagementApproach
   - vulnerabilityManagementType
   - webChatSupport

package/frameworks/g-cloud-15/questions/services/approachToResilience.yml ADDED Viewed

@@ -0,0 +1,27 @@
+name: Approach to resilience
+question: Describe how your service is designed to be resilient.
+question_advice: >
+  Include how your datacentre setup is resilient. If you don’t want to make this information public, you can say that
+  it’s available on request.
+  Read about the government’s <a
+  href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-2-asset-protection-and-resilience#resilience"
+  target="_blank" rel="noopener noreferrer">2nd cloud security principle: ‘Asset protection and resilience’ (link opens
+  in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 200
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_200_words
+    message: Description must be 200 words or fewer.
+  - name: under_character_limit
+    message: Description must be 2000 characters or fewer.

package/frameworks/g-cloud-15/questions/services/boardLevelServiceSecurity.yml ADDED Viewed

@@ -0,0 +1,19 @@
+name: Named board-level person responsible for service security
+question: Does your organisation have a named person with board-level (or equivalent) authorisation who’s responsible for the
+  security of all of your services?
+question_advice: >
+  Read about the government’s <a href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-4-governance-framework"
+  target="_blank" rel="noopener noreferrer">4th cloud security principle: ‘Governance framework’ (link opens in a new
+  tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if your organisation has a board-level person responsible for service security.

package/frameworks/g-cloud-15/questions/services/dataProtectionBetweenNetworks.yml ADDED Viewed

@@ -0,0 +1,40 @@
+name: Data protection between buyer and supplier networks
+question: How do you protect data between the buyer’s network and your network?
+question_advice: >
+  Read about the government’s <a
+  href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-1-data-transit-protection" target="_blank"
+  rel="noopener noreferrer">1st cloud security principle: ’Data-in-transit protection’ (link opens in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  dataProtectionBetweenNetworksOther:
+    - other
+type: checkboxes
+options:
+  - label: Private network or public sector network
+    value: private_or_psn
+    filter_label: private network or public sector network
+  - label: TLS (Version 1.2 or above)
+    value: tls
+    filter_label: TLS (version 1.2 or above)
+  - label: IPsec or TLS VPN gateway
+    value: ipsec_or_vpn
+  - label: Bonded fibre optic connections
+    value: bonded_fibre
+    filter_label: bonded fibre optic connections
+  - label: Legacy SSL and TLS (under 1.2)
+    value: legacy_ssl
+    filter_ignore: true
+    filter_label: legacy SSL and TLS (under version 1.2)
+  - label: Other
+    value: other
+    filter_ignore: true
+validations:
+  - name: answer_required
+    message: Select a data protection method.

package/frameworks/g-cloud-15/questions/services/dataProtectionBetweenNetworksOther.yml ADDED Viewed

@@ -0,0 +1,20 @@
+name: Other protection between networks
+question: Describe how else you protect data between the buyer’s network and your network.
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 100
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_100_words
+    message: Description must be 100 words or fewer.
+  - name: under_character_limit
+    message: Description must be 1000 characters or fewer.

package/frameworks/g-cloud-15/questions/services/dataProtectionWithinNetwork.yml ADDED Viewed

@@ -0,0 +1,34 @@
+name: Data protection within supplier network
+question: How do you protect data within your network?
+question_advice: >
+  Read about the government’s <a
+  href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-1-data-transit-protection" target="_blank"
+  rel="noopener noreferrer">1st cloud security principle: ’Data-in-transit protection’ (link opens in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  dataProtectionWithinNetworkOther:
+    - other
+type: checkboxes
+options:
+  - label: TLS (Version 1.2 or above)
+    value: tls
+    filter_label: TLS (version 1.2 or above)
+  - label: IPsec or TLS VPN gateway
+    value: ipsec_or_vpn
+  - label: Legacy SSL and TLS (under 1.2)
+    value: ssl
+    filter_ignore: true
+    filter_label: legacy SSL and TLS (under version 1.2)
+  - label: Other
+    value: other
+    filter_ignore: true
+validations:
+  - name: answer_required
+    message: Select a data protection method.

package/frameworks/g-cloud-15/questions/services/dataProtectionWithinNetworkOther.yml ADDED Viewed

@@ -0,0 +1,21 @@
+name: Other protection within supplier network
+question: Describe how else you protect data within your network.
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 100
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_100_words
+    message: Description must be 100 words or fewer.
+  - name: under_character_limit
+    message: Description must be 1000 characters or fewer.

package/frameworks/g-cloud-15/questions/services/dataSanitisation.yml ADDED Viewed

@@ -0,0 +1,22 @@
+name: Data sanitisation process
+question: Do you have a data sanitisation process?
+question_advice: >
+   Read about the government’s <a
+   href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-2-asset-protection-and-resilience#sanitisation"
+   target="_blank" rel="noopener noreferrer">2nd cloud security principle: ‘Asset protection and resilience’ (link opens
+   in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  dataSanitisationType:
+    - true
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if you have a data sanitisation process.

package/frameworks/g-cloud-15/questions/services/dataSanitisationTypeHosting.yml ADDED Viewed

@@ -0,0 +1,23 @@
+id: dataSanitisationType
+name: Data sanitisation type
+question: What type of data sanitisation process do you have?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: checkboxes
+options:
+  - label: Explicit overwriting of storage before reallocation
+    value: overwriting
+  - label: Deleted data can’t be directly accessed
+    value: no_access
+  - label: Hardware containing data is completely destroyed
+    value: hardware_destroyed
+validations:
+  - name: answer_required
+    message: Select a data sanitisation process.

package/frameworks/g-cloud-15/questions/services/dataSanitisationTypeSoftware.yml ADDED Viewed

@@ -0,0 +1,21 @@
+id: dataSanitisationType
+name: Data sanitisation type
+question: What type of data sanitisation process do you have?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: checkboxes
+options:
+  - label: Explicit overwriting of storage before reallocation
+    value: overwriting
+  - label: Deleted data can’t be directly accessed
+    value: no_access
+validations:
+  - name: answer_required
+    message: Select a data sanitisation process.

package/frameworks/g-cloud-15/questions/services/dataStorageAndProcessing.yml ADDED Viewed

@@ -0,0 +1,24 @@
+name: Knowledge of data storage and processing locations
+question: Do you know where your data is stored and processed?
+question_advice: >
+  Read the government’s <a
+  href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-2-asset-protection-and-resilience#physical"
+  target="_blank" rel="noopener noreferrer">cloud security guidance for data storage (link opens
+  in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  dataStorageAndProcessingLocations:
+    - true
+  dataStorageAndProcessingUserControl:
+    - true
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if you know where your data is stored and processed.

package/frameworks/g-cloud-15/questions/services/dataStorageAndProcessingLocations.yml ADDED Viewed

@@ -0,0 +1,28 @@
+name: Data storage and processing locations
+question: Where is data stored and processed?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: checkboxes
+options:
+  - label: United Kingdom
+    value: uk
+  - label: European Economic Area (EEA)
+    value: eea
+    derived_from:
+      question: dataStorageAndProcessingLocations
+      any_of:
+        - uk
+  - label: Other locations
+    value: other
+    filter_ignore: true
+validations:
+  - name: answer_required
+    message: Select a location.

package/frameworks/g-cloud-15/questions/services/dataStorageAndProcessingUserControl.yml ADDED Viewed

@@ -0,0 +1,15 @@
+name: User control over data storage and processing locations
+question: Can users specify where data is stored and processed?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if users can specify where data is stored and processed.

package/frameworks/g-cloud-15/questions/services/guaranteedAvailability.yml ADDED Viewed

@@ -0,0 +1,22 @@
+name: Guaranteed availability
+question: Describe the level of availability you guarantee.
+question_advice: >
+  Include any service level agreements (SLAs) you have for availability and how users are refunded if you don’t meet
+  guaranteed levels of availability.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 200
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_200_words
+    message: Your answer must be no longer than 200 words.
+  - name: under_character_limit
+    message: Your answer must be no longer than 2000 characters.

package/frameworks/g-cloud-15/questions/services/multiqDataProtectionBetweenNetworks.yml ADDED Viewed

@@ -0,0 +1,13 @@
+name: Protection between networks
+question: Protection between networks
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: multiquestion
+questions:
+  - dataProtectionBetweenNetworks
+  - dataProtectionBetweenNetworksOther

package/frameworks/g-cloud-15/questions/services/multiqDataProtectionWithinNetwork.yml ADDED Viewed

@@ -0,0 +1,13 @@
+name: Protection within your network
+question: Protection within your network
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: multiquestion
+questions:
+  - dataProtectionWithinNetwork
+  - dataProtectionWithinNetworkOther

package/frameworks/g-cloud-15/questions/services/multiqDataSanitisation.yml ADDED Viewed

@@ -0,0 +1,14 @@
+name: Data sanitisation process
+question: Data sanitisation process
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: multiquestion
+questions:
+  - dataSanitisation
+  - dataSanitisationTypeHosting
+  - dataSanitisationTypeSoftware

package/frameworks/g-cloud-15/questions/services/multiqDataStorageAndProcessing.yml ADDED Viewed

@@ -0,0 +1,14 @@
+name: Data storage and processing locations
+question: Data storage and processing locations
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: multiquestion
+questions:
+  - dataStorageAndProcessing
+  - dataStorageAndProcessingLocations
+  - dataStorageAndProcessingUserControl

package/frameworks/g-cloud-15/questions/services/multiqPenetrationTesting.yml ADDED Viewed

@@ -0,0 +1,13 @@
+name: Penetration testing
+question: Penetration testing
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: multiquestion
+questions:
+  - penetrationTesting
+  - penetrationTestingApproach

package/frameworks/g-cloud-15/questions/services/multiqProtectionOfDataAtRest.yml ADDED Viewed

@@ -0,0 +1,13 @@
+name: Protection of data at rest
+question: Protection of data at rest
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: multiquestion
+questions:
+  - protectionOfDataAtRest
+  - protectionOfDataAtRestOther

package/frameworks/g-cloud-15/questions/services/multiqVirtualisation.yml ADDED Viewed

@@ -0,0 +1,17 @@
+name: Virtualisation
+question: Virtualisation
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: multiquestion
+questions:
+  - virtualisation
+  - virtualisationImplementedBy
+  - virtualisationTechnologiesUsed
+  - virtualisationTechnologiesUsedOther
+  - virtualisationThirdPartyProvider
+  - virtualisationSeparation

package/frameworks/g-cloud-15/questions/services/outageReporting.yml ADDED Viewed

@@ -0,0 +1,25 @@
+name: Outage reporting
+question: How does your service report any outages?
+question_advice: >
+    Include if there’s:
+      - a public dashboard
+      - an API
+      - email alerts
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 200
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_200_words
+    message: Your answer must be no longer than 200 words.
+  - name: under_character_limit
+    message: Your answer must be no longer than 2000 characters.

package/frameworks/g-cloud-15/questions/services/penetrationTesting.yml ADDED Viewed

@@ -0,0 +1,34 @@
+name: Penetration testing frequency
+question: How often do you do penetration testing?
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  penetrationTestingApproach:
+    - at_least_every_6_months
+    - at_least_once_a_year
+    - less_than_once_a_year
+type: radios
+options:
+    - label: At least every 6 months
+      value: at_least_every_6_months
+    - label: At least once a year
+      value: at_least_once_a_year
+      derived_from:
+        question: penetrationTesting
+        any_of:
+          - at_least_every_6_months
+    - label: Less than once a year
+      value: less_than_once_a_year
+      filter_ignore: true
+    - label: Never
+      value: never
+      filter_ignore: true
+validations:
+  - name: answer_required
+    message: Select how often you do penentration testing.

package/frameworks/g-cloud-15/questions/services/penetrationTestingApproach.yml ADDED Viewed

@@ -0,0 +1,34 @@
+name: Penetration testing approach
+question: What is your approach to penetration testing?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: radios
+options:
+  - label: ‘IT Health Check’ performed by a CHECK service provider
+    value: it_health_check_check_provider
+  - label: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
+    value: it_health_check_tigerscheme_or_crest_provider
+    derived_from:
+      question: penetrationTestingApproach
+      any_of:
+        - it_health_check_check_provider
+  - label: Another external penetration testing organisation
+    value: other_penetration_testing_organisation
+    derived_from:
+      question: penetrationTestingApproach
+      any_of:
+        - it_health_check_check_provider
+        - it_health_check_tigerscheme_or_crest_provider
+  - label: In-house
+    value: in_house
+    filter_ignore: true
+validations:
+  - name: answer_required
+    message: Select the type of penetration testing your organisation carries out.

package/frameworks/g-cloud-15/questions/services/protectionOfDataAtRest.yml ADDED Viewed

@@ -0,0 +1,35 @@
+name: Protecting data at rest
+question: How do you protect data at rest?
+question_advice: >
+  Read about the government’s <a
+  href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-2-asset-protection-and-resilience#rest"
+  target="_blank" rel="noopener noreferrer">2nd cloud security principle: ‘Asset protection and resilience’ (link opens
+  in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  protectionOfDataAtRestOther:
+    - other
+type: checkboxes
+options:
+  - label: Physical access control, complying with CSA CCM v3.0
+    value: csa_ccm
+  - label: Physical access control, complying with SSAE-16 / ISAE 3402
+    value: ssae_isae
+  - label: Physical access control, complying with another standard
+    value: other_standard
+  - label: Encryption of all physical media
+    value: encrypted_media
+  - label: Scale, obfuscating techniques, or data storage sharding
+    value: scale_obfuscation_sharding
+  - label: Other
+    value: other
+validations:
+  - name: answer_required
+    message: Select a data protection method.

package/frameworks/g-cloud-15/questions/services/protectionOfDataAtRestOther.yml ADDED Viewed

@@ -0,0 +1,20 @@
+name: Other data at rest protection approach
+question: Describe how else you protect data at rest.
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 100
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_100_words
+    message: Description must be 100 words or fewer.
+  - name: under_character_limit
+    message: Description must be 1000 characters or fewer.

package/frameworks/g-cloud-15/questions/services/virtualisation.yml ADDED Viewed

@@ -0,0 +1,23 @@
+name: Virtualisation technology used to keep applications and users sharing the same infrastructure apart
+question: Do you rely on virtualisation technology to keep applications and users sharing the same infrastructure apart?
+question_advice: >
+  Read about the government’s <a
+  href="https://www.ncsc.gov.uk/guidance/cloud-security-principle-3-separation-between-users" target="_blank"
+  rel="noopener noreferrer">3rd cloud security principle: ‘Separation between users’ (link opens in a new tab)</a>.
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  virtualisationImplementedBy:
+    - true
+  virtualisationSeparation:
+    - true
+type: boolean
+validations:
+  - name: answer_required
+    message: Select yes if you rely on virtualisation technology for shared infrastructure.

package/frameworks/g-cloud-15/questions/services/virtualisationImplementedBy.yml ADDED Viewed

@@ -0,0 +1,25 @@
+name: Who implements virtualisation
+question: Who implements the virtualisation technology?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  virtualisationTechnologiesUsed:
+    - supplier
+  virtualisationThirdPartyProvider:
+    - third_party
+type: radios
+options:
+  - label: Supplier
+    value: supplier
+  - label: Third-party
+    value: third_party
+validations:
+  - name: answer_required
+    message: Select if virtualisation technology is implemented by you or a third party.

package/frameworks/g-cloud-15/questions/services/virtualisationSeparation.yml ADDED Viewed

@@ -0,0 +1,20 @@
+name: How shared infrastructure is kept separate
+question: Describe how different organisations sharing the same infrastructure are kept apart.
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 100
+validations:
+  - name: answer_required
+    message: Enter description.
+  - name: under_100_words
+    message: Description must be 100 words or fewer.
+  - name: under_character_limit
+    message: Description must be 1000 characters or fewer.

package/frameworks/g-cloud-15/questions/services/virtualisationTechnologiesUsed.yml ADDED Viewed

@@ -0,0 +1,39 @@
+name: Virtualisation technologies used
+question: What virtualisation technologies are used?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+followup:
+  virtualisationTechnologiesUsedOther:
+    - other
+type: radios
+options:
+  - label: VMware
+    value: vmware
+  - label: Hyper-V
+    value: hyperv
+  - label: Citrix XenServer
+    value: citrix
+  - label: Oracle VM
+    value: oracle
+  - label: Red Hat Virtualisation
+    value: redhat
+  - label: KVM hypervisor
+    value: kvm
+  - label: Other
+    value: other
+validations:
+  - name: answer_required
+    message: Select what virtualisation technologies are used.
+  - name: under_10_words
+    message: Each virtualisation technology must be 10 words or fewer.
+  - name: max_items_limit
+    message: You must have 10 or fewer virtualisation technology.
+  - name: under_character_limit
+    message: Each virtualisation technology must be 100 characters or fewer.

package/frameworks/g-cloud-15/questions/services/virtualisationTechnologiesUsedOther.yml ADDED Viewed

@@ -0,0 +1,20 @@
+name: Other virtualisation technology used
+question: Which other virtualisation technology do you use?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: textbox_large
+max_length_in_words: 100
+validations:
+  - name: answer_required
+    message: Enter details of the other virtualisation technology you use.
+  - name: under_100_words
+    message: Description must be 100 words or fewer.
+  - name: under_character_limit
+    message: Description must be 1000 characters or fewer.

package/frameworks/g-cloud-15/questions/services/virtualisationThirdPartyProvider.yml ADDED Viewed

@@ -0,0 +1,19 @@
+name: Third-party virtualisation provider
+question: Which third-party service provider are you using for virtualisation?
+hidden: true
+depends:
+  - "on": lot
+    being:
+      - iaas-and-paas
+      - iaas-and-paas-above-official
+type: text
+validations:
+  - name: answer_required
+    message: Enter the provider name.
+  - name: under_10_words
+    message: Provider name must be 10 words or fewer.
+  - name: under_character_limit
+    message: Provider name must be 100 characters or fewer.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ccs-digitalmarketplace-frameworks",
-  "version": "4.11.3",
+  "version": "4.11.4",
   "description": "Data files for Digital Marketplace’s procurement frameworks",
   "repository": {
     "type": "git",