Spindogs Ltd

Umbraco consultancy

Consultancy for Umbraco CMS mobile optimised, accessible websites. Spindogs' Umbraco CMS platform provides bespoke templates for content editors. GDPR compliant Umbraco CMS forms and tagging are out-of-the-box. Umbraco CMS offers version control, integrations, SSO, and multilingualism. Umbraco content management system is open-source, user friendly, and fully customisable.

Features

• Provision of Umbraco CMS development and consultancy
• Umbraco CMS has powerful search functions
• Mobile optimised Umbraco CMS templates
• Umbraco CMS multilingual capabilities and is Welsh Language Standards compliant
• Umbraco CMS version control
• Umbraco CMS onboarding and upgrades
• Ongoing support of Umbraco CMS websites
• Development of accessibility standards compliant Umbraco CMS websites
• Umbraco CMS secure managed EEA & UK cloud hosting
• In-house Umbraco CMS certified development team and Umbraco MVP developer

Benefits

• Umbraco CMS has no license fees as it's open source
• Umbraco CMS's robust, intuitive content tree for content editors
• Umbraco CMS is fully customisable for your organisation
• Umbraco CMS can be made WCAG 2.1 AAA
• Cyber Essentials certified Umbraco CMS agency
• UK based Umbraco CMS developers and agency
• Umbraco CMS gold partner agency
• Umbraco CMS supports varying access and control levels
• Umbraco CMS allows for flexible content development
• Umbraco CMS azure cloud hosting is ISO27001 compliant

£600 to £900 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lgiles@spindogs.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

119312190949638

Contact

Liam Giles
02920480720
lgiles@spindogs.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: For any onboarding of existing Umbraco CMS websites not built by our Umbraco agency, we will need to undergo a review of your source code in order to confirm we can support and build upon this.
• System requirements: None

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times:  Phone Calls answered within 22 seconds 90%  Answer Phone messages given update within 90 minutes 90%  Emails sent to support@spindogs.com given update within 120 minutes 90% Weekends are considered out of hours and have different response times. Out of hours services come at a separate cost to a standard support package.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support is available 9-5.30 Mon-Fri and charged in 15 minute increments. All bugs are fixed free of charge as long as there is a support contract in place. Support bundles are available to be purchased in hourly increments. Hosting is monitored 24/7/365 using Azure alerting and external uptime.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As part of any web project, whether we have built the site using Umbraco CMS, Wordpress CMS or Kentico CMS, we provide a content management training session for any members of your organisation that will be responsible for content management and editing. This can be held in our offices, at your site, or online. Additionally, as Umbraco CMS is a widely used platform there is a vast amount of documentation online.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: Video Walkthroughs
• End-of-contract data extraction: Users inform our support team (or account manager if relevant) that they will no longer be continuing with our service provision. On being informed of this, after any notice period has passed, the support and development teams can arrange: the transfer of source code, transfer of website content/database, deletion of your data post completion of transfer, co-hosting overlap, freeze on development and freeze on content.
• End-of-contract process: If we have arranged hosting for you, you can continue with the existing hosting provision or move your hosting to an alternative solution. We will arrange: the transfer of source code, transfer of website content/database, deletion of your data post completion of transfer, co-hosting overlap, freeze on development and freeze on content.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Umbraco CMS websites are optimised for all mobile, tablet and desktop devices. Umbraco CMS has the ability to view your pages in the screen ratios for different devices so a CMS user can always know what their page will look like on their website.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Umbraco CMS service administration screens are browser based and can be customised almost without limit.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: In order to ensure that the site is technically suitable for every user, we work to strict accessibility standards as a given. Accessibility is not only a legal requirement but an important part of our design and development culture as an organisation and as such we adhere to W3C AA standards. Our designers are trained how to check colour contrasts and our developers ensure that our code ticks all the technical requirements. We develop all our websites to meet single A requirements as a minimum. We can absolutely develop your new site to AA standards or AAA as we have done so for many clients in our 15 year history. As part of our project process we do a technical accessibility check e.g. semantic markup, colour contrasts. We are very familiar with accessibility plugins such as browsealoud and have a strong relationship with Shaw Trust, with whom we can outsource accessibility testing if necessary. AA sites we’ve developed: • https://www.digitalcommunities.gov.wales/ • https://www.welshgymnastics.org/ • https://www.bcs.org/ Some examples of sites we have made accessible are: • https://www.bronafon.org.uk/ - uses browsealoud • https://www.traveline.cymru/ - uses contrasts, text size change, and browsealoud • https://www.disabilitysportwales.com/ - uses contrasts and text size change
• API: Yes
• What users can and can't do using the API: Umbraco CMS is capable of integrating with numerous open-source API's. Full details can be found at https://our.umbraco.org/documentation/reference/
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The CMS's public-facing front end and administration screens can be customised almost without limit. Depending on your CMS implementation, customisation can be achieved through: • CMS software settings • Coding using HTML and CSS (and CMS dependent configurations) • Modules and Plug-ins CMS software settings customisation would need to be undertaken by a trained user. Coding and module customisation would need to be undertaken by competent web developer familiar with the CMS platform.

Scaling

• Independence of resources: For all of our projects we work to an agreed project schedule which is outlined in the project plan with key milestones and quality reviews identified. We also ensure that our project plan has a sensible amount time allocated transparently to contingency, so that if one element slightly overruns it does not immediately push back the completion date. Where project pressure points arise, the Spindogs project manager will bring in additional Spindogs resource into our project team to ensure increased operational output. Additionally, Hosting is provided independently for each client.

Analytics

• Service usage metrics: Yes
• Metrics types: We use: • Google Analytics 360 Suite • Google Analytics • Google Tag Manager • Google Optimize • Google Data Studio We can also provide custom dashboards for your organisation.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Back ups are encrypted
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Dependent on what data is required, we can provide backups/exports as part of support or include an automated export as part of the site functionality.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • PDF
  • JSON
  • XML
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • PDF
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.95% uptime for sites hosted on Azure
• Approach to resilience: Available on request
• Outage reporting: Email alerts sent to designated contacts.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We set roles/permission levels for access
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Cyber Security Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: We have developed a set of policies and standard operating procedures covering various aspects of Information security: • Information Security Policy • Hosting procedures & checks • Business Continuity • Solution Monitoring and Support • Project Quality Management • Risk Assessment • Risk Management Policy • Customer Complaints process • Data protection (GDPR) Policy • Project Delivery process • Social Media Policy • Cyber Essentials certification We have defined roles and responsibilities for information security, with overall responsibility being held by a Director.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We use internal systems to manage change throughout a project life cycle. This shows a clear line of accountability and allows us to "track and trace" the impact of amendments to original requirements. Changes are notified to relevant stakeholders automatically (where possible) via emails/IM to ensure all parties are up to date.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We monitor blogs and security announcements of the platforms we support (Umbraco, Wordpress, Kentico and Sitecore). Any critical / security vulnerabilities are assessed immediately and deployed if applicable. Timescales for deployment are dependent on the risk, with exploitable security issues taking highest priority. Our automated deployment processes ensures we can get patches onto live sites within hours or even minutes of any disclosure, if appropriate. We would always encourage clients to perform an independent penetration test of our solutions.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We set up external uptime monitoring of sites we host to ensure that they are working as expected. In addition alerts for excessive CPU/memory/high response times are configured – any anomalies are investigated to ensure there has been no system compromise. Notifications are emailed to a group email address immediately and the support team will investigate if required.
• Incident management type: Supplier-defined controls
• Incident management approach: We categorise an incident in 5 levels: critical, urgent, priority, bug and support. Each level has differing response times and methods of reporting. Critical incidents must be reported over the phone, any other incident category can be reported over the phone or via email. Details of our SLA can be found in our Service definition document. Incident reports can be received on request from our support team.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We have the expertise to deliver environmental benefits during our contracts supporting organisations that are working towards net zero greenhouse gas emissions. We have expertise in auditing, consulting, and delivering digital cloud-based solutions that will support a carbon natural strategy. As a company, we are working towards our own net zero strategy that will allow us to support organisations that would like a net zero supply chain.
• Covid-19 recovery:

  Covid-19 recovery

  Our service delivery can support organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services. We have experience and expertise in delivering a range of cloud based solutions that can streamline workflows and reduce the requirement for people to meet in person to complete a wide range of tasks.
• Tackling economic inequality:

  Tackling economic inequality

  Our services can support innovation and disruptive technologies to deliver lower cost and/or higher quality services.

Pricing

• Price: £600 to £900 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lgiles@spindogs.com. Tell them what format you need. It will help if you say what assistive technology you use.