Umbraco Cloud
Umbraco Cloud CMS SaaS / UaaS is a fully managed service for the design, build and support of Umbraco CMS (including Heartcore for headless CMS). Underpinned by Microsoft Azure, Umbraco Cloud delivers a highly resilient, secure, and scalable environment.
Features
- Enterprise publishing framework
- Fully accessible and compliant
- Multi-lingual capabilities
- Cross-browser administrator access
- Content versioning
- Umbraco workflow
- ISO/IEC 27001:2013 security certified
- Responsive mobile friendly design
- Agile and iterative digital service design methodology
- Best practice user centred digital service design methodology
Benefits
- Resilient, scalable and cost effective fully managed hosting service
- Highly extensible publishing framework supporting integration of bespoke transactional services
- Supported by award winning strategic digital service development
- Extensive Microsoft .NET digital services development capability
- Best practice digital service design methodologies
- Increase performance and flexibility of your network
- Reduced total cost of owning an IT solution
- Remove the risks of hosting on your own hardware
- Microsoft Gold Partner
- Improved IT security
Pricing
£50,000 to £250,000 a unit
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
1 3 1 8 0 3 7 3 7 8 6 0 2 6 5
Contact
Storm ID
Business Development
Telephone: 0131 561 1250
Email: tenders@stormid.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
-
There are limits and constraints associated with our hosted Umbraco service. The number of Umbraco sites, number of envrionments per site and number of users are determined based on the subscription package purchased.
Default quotas are flexible and can be configured by the Storm ID Service Account Manager. - System requirements
- All system requirements are supported
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
-
Response times are categorised by service request priority: Urgent: 1 hour; High: 4 hours; Medium: 8 hours; Low: 16 hours.
Response times at weekends, public and bank holidays are negotiated separately. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Response times are categorised by service request priority: Urgent: 1 hour; High: 4 hours; Medium: 8 hours; Low: 16 hours.
P1 - Urgent: Complete loss of an entire service for all users or severe degradation resulting in inability to function;
P2 - High: Service functioning improperly resulting in some loss of service/system failure removing service from a number of users;
P3 - Medium: Service functioning at less than optimal performance/system problem impacting but not removing service, resolve minor bugs/site errors;
P4 - Low: Change requests.
Support services are tailored to each client and charges reflect the level of service required to support the service. Standard hourly rate is £105. A discounted rate of £95 can be had for bank of hours bought in advance.
Storm ID provide a Technical Account Manager backed up by a WebOps Team. Support can be accessed via an online ticketing system, email or phone. Enhanced support (outside office hours and at peak service use) is available optionally. Monitoring systems and alerts will be implemented with regular reports provided on service performance and support used. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- To support customers we offer tailored training for the Umbraco Cloud CMS which can be delivered remotely or on premise.
- Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- Approach can be designed to suit customer requirements.
- End-of-contract process
- Approach can be designed to suit customer requirements. There may be additional costs.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Mobile experience is fully featured but interfaces are optimised for smaller form factor.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- .
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Manual and automated interface accessibility testing has been undertaken but not specifically for users of assistive technologies.
- API
- Yes
- What users can and can't do using the API
-
Users can make full use of REST API's in Storm ID's hosted Umbraco service.
Customers can create there own API's REST APIs for Umbraco by utilizing ASP.Net's WebApi in conjunction with Umbraco's UmbracoApiController's.
Alternatively customers can use an existing REST API service which will support working with content, media, members & relations.
Set-up and access to the API's can be arranged by the Storm ID Service Manager. - API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Almost any element of the Umbraco Cloud CMS can be customised to meet specific customer needs. Customisation is available to support the need to scale, to support specific security standards, monitoring and reporting or to provide extended help desk cover.
Customisation requirements are typically informed through early stage work in determining user needs and organisational goals. For a live service, further customisations can be considered in response to analytics, user feedback and product enhancements.
Scaling
- Independence of resources
- Virtualisation technology is used to ensure applications and users sharing the same infrastructure are kept apart.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Using tools such as web analytics and other data sources we monitor service usage and performance and recommend where service improvements could be made.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Approach can be designed to suit customer requirements.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
-
Storm ID guarantee that hosted services will be available 99.95% of the time. If service levels fall below the quality we commit to then penalties will be incurred to compensate customers and drive service improvement.
Financial penalties, service credits and their calculation will be agreed as part of the call-off agreement with the customer together with the terms and conditions and KPIs for the service. - Approach to resilience
- Microsoft Azure provides failover capability. More information available on request.
- Outage reporting
- Public dashboard, API and email alerts.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Limited access network (for example PSN)
- Access restrictions in management interfaces and support channels
- Available on request
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- 2-factor authentication
Audit information for users
- Access to user activity audit information
- Users receive audit information on a regular basis
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- Storm ID is working towards ISO/IEC 27001:2013 (ISO 27001).
- Information security policies and processes
-
Information is an asset that Storm ID has a duty and responsibility to protect.
Our information security management system (ISMS) sets our approach to managing information security and is approved by top management and communicated to employees, contractual third parties and agents.
Top management are committed to protecting the information that we store and process though good information security practices. To achieve this, and comply with regulations, we have established:
an information security policy
a commitment to customer focus and applicable regulatory requirements
information security objectives that are measurable and consistent with the information security policy
an ISMS describing our approach to information security
responsibilities, authorities and communication processes
a management review process
a process to ensure availability of resources
data access and security processes
a business continuity / incident management procedure
Top management believe that a commitment to information security is important in order to:
encourage information and cyber security awareness amongst employees, to develop and a ‘secure by design’ mindset
increase customer confidence, which helps build relationships with and retain customers
reduce our exposure to risk
effectively utilise our resources
Storm ID have Cyber Essentials Plus accreditation and are in the process of achieving compliance with ISO27001.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Change management is employed to evaluate, control and minimise risk and cost, and maintain the established standards and quality criteria. Our change management process is incorporated into our ITIL-based continual improvement process, that encompasses business objectives, creates baselines, defines measurements, and plans and implements improvements. Our change controls:
establish the purpose, category and nature changes
determine the potential consequences of changes
assess resource requirements for the changes
We use configuration management to establish and maintain consistency in our software’s performance. This includes configuration management for:
Project/work management
Source control
Build/release pipelines
Packages and artefacts
Azure CSP tenancies, subscriptions and Infrastructure - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Storm ID apply our ISO13485 accredited Quality Management System processes, and Cyber Essentials Plus backed security best practices to the information and IT assets we handle, reducing risk associated with vulnerabilities by being able to identify, classify, prioritise, remediate and mitigate vulnerabilities. Vulnerability scans are run regularly to identify weaknesses in the configuration of systems and to determine if any are missing important patches or software. Remediation or mitigation is undertaken on any vulnerabilities identified according to the class and priority of the vulnerability.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
We use ‘always-on’ proactive and protective monitoring to:
monitor the software performance
systematically identify risks
detect software faults when they occur
quickly initiate necessary corrective actions
Our proactive monitoring involves collecting meaningful and practical information. To do this we use tools such as:
Azure App Insights
Azure Log Analytics
StatusCake
Performance analytics
Service reports
Helpdesk calls and tickets
Customer complaints and positive feedback - Incident management type
- Supplier-defined controls
- Incident management approach
-
Storm ID’s incident management process requires that all events and suspect events that could result in the actual or potential loss of data, breaches of confidentiality, unauthorised access or changes to systems, must be reported immediately to top management by email, telephone or in person.
Incidents are centrally recorded, and appropriate management measures, including escalation and notification procedures are in place.
Incident reporting procedures are included in employee training.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Storm ID is committed to achieving Net Zero greenhouse gas emissions by 2045, in line with Scottish Government policy, contributing to UK Government policy of Net Zero emissions by 2050.
Our Carbon Reduction Plan has been completed in accordance with PPN 06/21 and associated guidance and reporting standards for Carbon Reduction Plans. As such, we use the appropriate UK Government emission conversion factors for greenhouse gas company reporting. Our Scope 1 and Scope 2 emissions have been reported in accordance with SECR requirements, and the required subset of Scope 3 emissions have been reported in accordance with the published reporting standard for Carbon Reduction Plans and the Corporate Value Chain (Scope 3) Standard.
Our business strategy includes specific OKRs (Objectives and Key Results) on Environmental Sustainability, including our work on Net Zero.
Our strategy states that ‘We want to reduce our impact on the environment and contribute to tackling the climate and biodiversity crisis. We hope to implement the changes necessary to reduce our impact on the environment, and to also consider and plan for the impact of climate change on our organisation, our stakeholders, our customers, and suppliers’.
Carbon reduction projects include:
Service offering: Supporting clients with green ICT consultancy to deliver reduced carbon digital services.
Flexible working principles: Catalysed by the pandemic, we have seen a reduction in employee commutes to our office, less energy (gas/electricity) consumption, and fewer consumables being consumed resulting in a reduction in deliveries and transportation, resulting in 61% reduction in overall CO2 emissions.
Migrating internal IT infrastructure to cloud based services: Decommission old infrastructure and migrating to cloud-based services, reducing on-premise IT infrastructure cooling requirements.
Supply chain audit: Due diligence regarding environmental sustainability and carbon reduction performed on our suppliers, looking to support local businesses and businesses actively reducing their carbon emissions. - Covid-19 recovery
-
Covid-19 recovery
Storm ID operated continuously throughout the pandemic, growing the business, including through provision of essential services to the NHS (software for the NHS Scotland National Notifications and Contact Tracing Service, and a long COVID study), as well as for other key public sector organisations.
Storm ID recognises the impact the pandemic has had on individuals and communities and is therefore committed to creating employment opportunities to assist those looking to retrain. In addition, Storm ID is continuing to develop it’s graduate recruitment offering for students entering the workforce, following a period of disrupted further and higher education.
Aligned with our focus on wellbeing, Storm ID is supportive in enabling workers to work from wherever they would like to work; from home, from the office, or from elsewhere, subject to project constraints that may be in place e.g., security considerations etc. and their levels of comfort in being in and around other people, should they be shielding, either for themselves, or because they live with or care for family members who are vulnerable.
Measures have been implemented to support our approach to the new future of work. In the office environment, work has been done to support effective social distancing. While the office is used less frequently than pre-pandemic, there is more considered use of the facility, either for individual or team based working. We now recruit from further afield and because we have embraced full remote and hybrid working, this has assisted us in recruiting the best possible talent while also positively improving work life balance.
Many projects undertaken are also aligned in helping organisations and their service users to manage and recover from the impact of COVID-19. Undertaking projects that make a difference to people and wider society has a positive impact on health and wellbeing of workers. - Tackling economic inequality
-
Tackling economic inequality
Storm ID is an accredited Living Wage employer. All workers benefit from contracts with competitive remuneration, together with a package of benefits which are designed to both attract and retain talent. For example, the annual salary review policy means that all workers can expect their salary to be increased automatically, in line with increases in cost of living, without having to request it. In addition, the company operates a Profit Related Reward (PRR) scheme. Whenever the company is in profit, a proportion of the profits are shared among all workers in the form of a bonus.
The annual budgeting process ensures provision for investment in workforce development. Costs are covered for continuous professional development activities, access to online learning resources and attendance at events. Opportunities for development to address skills gaps and achieve recognised qualifications are discussed regularly, including during monthly one-to-one check-in meetings between workers and line managers.
The intranet carries detailed role descriptions for all jobs currently filled, new jobs being created and therefore requiring to be filled in the future. This open sharing of job descriptions assists workers in identifying pathways for career progression, both within their existing team and across other teams in the business too.
Our Storm Labs initiative provides employees 12 days a year to work on their own ideas,. This stimulates intrapreneurship, on issues important to employees including environmental sustainability and equal access to STEM. Our team regularly volunteer to run CoderDojo sessions in our offices to encourage young people, especially girls and young women, into STEM.
Storm ID has also supported employees in developing IP and the spin out of new businesses.
From a supply chain perspective, we have a number of partnerships with several cyber security companies to improve security measures within the services we develop for public sector clients. - Equal opportunity
-
Equal opportunity
Storm ID is committed to providing a workplace where diversity, equality and inclusion are actively promoted and supported through training to tackle any real or perceived workforce inequality. We operate a Diversity, Equality and Inclusion Committee whose aim is to contribute to the creation and maintenance of a working environment in which all individuals can make best use of their skills, free from discrimination (direct and indirect), victimisation, harassment and bullying, and in which all decisions are based on merit.
Storm ID’s HR practices include:
1. Conducting recruitment based on merit, against objective criteria that avoids discrimination. Shortlisting is always undertaken by more than one person and with the involvement of Human Resources.
2. Advertising to a diverse section of the labour market. Advertisements will seek to avoid stereotyping or using wording that may discourage particular groups from expressing interest or applying.
3. Not asking job applicants about health or disability before a job offer is made.
4. Providing equal access to training, with needs identified through appraisals. Employees are given appropriate access to training to enable them to progress within Storm ID and all promotion decisions are made based on merit.
The Storm ID HR Team maintains an overview of workforce profile which provides and overview of how diverse, equitable and inclusive our workforce is. This information is used, together with the worker-driven Diversity, Equality and Inclusion Committee, the Senior Management Team and the Board, to determine what actions, including individual and company-wide training, should be taken to tackle any real or perceived inequalities. In addition, the Diversity, Equality and Inclusion Committee run surveys to gather qualitative feedback from workers across the business, covering topics including equal pay, gender equality, women in STEM, career progression and workers’ benefits. - Wellbeing
-
Wellbeing
Storm ID places strong importance on health and wellbeing, job fulfilment and the balance between work and family life. Storm ID is supportive in enabling workers to work from wherever they would like to work; from home, from the office, or from elsewhere, subject to project constraints that may be in place e.g., security considerations etc.
In addition, reminders are provided to workers about the importance of using all annual leave allowance. Content is regularly shared on mental health and wellbeing through internal communication channels and this is heightened during Mental Health Awareness Week when a number of activities take place every day.
Storm ID pays competitive salaries for all staff and the company is committed to fair and equal pay. Salaries are regularly benchmarked against industry standards and are often higher. Staff are eligible for annual performance related bonuses and automatic increases in line with cost of living. In addition, staff receive a wider benefits package including pension contributions, childcare vouchers, eye care and private health cover.
Storm ID wants its workers to do their best work, feel proud about their work and know that they have the support to enable them to feel professionally fulfilled. As such, fulfilment is a component of job design which contributes to health and wellbeing, a dimension when interviewing candidates and a point-of-discussion between workers and line managers during monthly one-to-one check-in meetings and annual progress reviews.
Exit interviews for employees who leave also provide an opportunity for us to identify what we’re doing well and where further improvements can be made to ensure that support for health and wellbeing is sustained. Exit interviews regularly highlight the positive support that employees know is in place, or from which they have benefited.
Pricing
- Price
- £50,000 to £250,000 a unit
- Discount for educational organisations
- No
- Free trial available
- No