Townbase

Townbase HobbyGuide Websites

Townbase Cloud offers fast, reliable and cost effective hosting of Townbase's digital services.

Features

• Fully managed cloud infrastructure
• Smart management of digital services world-wide

Benefits

• Cost
• Time
• Reliability

£8,000 to £20,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contactus@townbase.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

165959259404373

Contact

M. J. Lintunen
+447551737073
contactus@townbase.com

Service scope

• Service constraints: No
• System requirements:
  • Townbase Platform subscriber (PaaS)
  • Townbase Product subscriber (SaaS)

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Depending on agreed SLA
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Microsoft Teams
• Onsite support: No
• Support levels: SLA's depend on client requirements
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training; online training; user documentation.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Via RESTful API's
• End-of-contract process: Set of API's to transfer data.

Using the service

• Web browser interface: Yes
• Using the web interface: Setting up services using web based tools and systems.
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: Audited.
• API: Yes
• What users can and can't do using the API: Set of RESTful API's to build services on or run services
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: The solution is designed to be able to manage large user volumes. It is built on Amazon Web Services infrastructure, where the load is currently monitored and gets adjusted in case the threshold are exceeded.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Amazon Web Services

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Content
  • Source-code configurations
• Backup controls: N/A; ; Automated
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLA agreed per client. We offer multiple options for SLA's per specific use cases and service needs. ; ; Generally provided as: 99%; ; Platform level : 99,98 % (2021)
• Approach to resilience: Resilience is based on the following principles; - User data is transferred only in secured form ; - User data is stored securely and backed up into separate availability zone ; - User permissions are strongly controlled and limited and all services are built as separate with their own users and data; - Service and operations are governed based on guidelines ; - Personnel are trained to be security aware ; - Software architecture is built based on security principles ; - User and their permissions are managed and controlled 9; - All admin and data related activities can only be accesses by authenticated and authorised individuals; - External interface and scripts are forbidden unless specifically allowed 12. Secure service administration; - Main admin accounts are strongly controlled and limited ; - Audit trail is tracked and made available on need basis
• Outage reporting: Client has a dashboard to usage statistic which is a real time dashboard. Client can enable email and SMS reports per request.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to managemt interfaces and support channels are controlled and based on invitations only. The users are regularly reviewed and updated as needed.; Where possible, SSO with MFA is enabled
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through:
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: No, it is based on industry best practises and experience.
• Information security policies and processes: Following policies are put in place; - Security Policy ; - End User Devices Security Standard ; - User Identity Management Principles ; - Access Management Principles and Controls ; - Password Rules and Delivery Instructions ; - Cloud Hosting Security Standard ; - Security in Software Development Lifecycle ; - Information Classification Guidelines

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: 1. Identify the change; 2. Assess the impact; 3. Decide on introducing the change; 4. Plan the introduction of the change; 5. Implement the change; 6. Verify the impact; 7. Make corrections, if needed
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Security is an essential part of our software development process and the security needs to be built in, not just tested. We are using open source and third party tools and services to regularly scan potential vulnerabilities. Our services also get audited and tested by our clients.; If any vulnerabilities are found, the patches are made based on the severity and the patch availability. In shortest, the patches can be updated within two hours, but typical deployment time is 48 hours.; Potential threat information is collected from 3rd party suppliers, forums and from our clients.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We are using third party tools and services to regularly scan abnormalities.; If any abnormalities are found, we will analyse the severity and then plan the required actions.; ; In shortest, the changes can be made within minutes, but typical deployment time is 48 hours.
• Incident management type: Supplier-defined controls
• Incident management approach: We follow industry standard incident management processes, where certain common event workflows are partially automated.; Users can reports incidents through web form, email, chat and phone.; Incidents reports are provided as agreed in the service governance model with that particular client.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: AWS Frankfurth compliant. 100% renewable energy usage on all cloud operations by 2025; ; Currently 80% lower carbon footprint than other cloud providers:; https://sustainability.aboutamazon.com/environment/the-cloud?energyType=true

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  Tackling economic inequality is a multifaceted challenge that requires systemic changes at various levels of society. While a single business, even a Software as a Service (SaaS) company, may not be able to solve economic inequality entirely, it can still play a role in addressing it for example:; ; We offer Affordable Pricing Models: Our tiered pricing and discounted rates for organizations in lower-income areas and smaller communities. We try to make our services accessible to a broader range of users.; ; Education and Training: We offer low-cost educational resources and training programs to help customers acquire the skills needed to succeed in the digital economy. This can include online courses, tutorials and webinars.; ; Support for Nonprofits and NGOs: We offer discounted subscriptions to nonprofit organizations and NGOs working to address economic inequality and related social issues.; ; Job Creation and Fair Employment Practices: We strive to create job opportunities in communities that are marginalized or underserved. We implement fair employment practices, including diversity and inclusion initiatives, equitable pay, and opportunities for advancement.; ; Community Engagement and Investment: We Invest build free of charge services to some communities case by case basis. ; ; We have implemented environmentally sustainable practices within our business operations to minimize our environmental impact like carbon neutrality and recycling. ; ; We provide transparent and accountable services, including how we treat our employees, pay our taxes, and contribute to the communities where we operate. ; We ourself accountable for making meaningful progress in addressing economic inequality.

  Equal opportunity

  A SaaS business we promote equal opportunity by implementing diverse hiring practices, offering inclusive training programs, ensuring equal pay, providing mentorship, fostering a culture of inclusion, and engaging with underrepresented communities.; ; We are striving to create equal opportunity and implementing these strategies, as a SaaS business we can create a more inclusive and equitable workplace where all employees have the opportunity to thrive and succeed.

  Wellbeing

  A SaaS business we promote wellbeing by prioritizing work-life balance through flexible schedules and remote work options. We have implemented wellness programs, such as fitness initiatives, which support our employees' physical and mental health. We encourage taking regular breaks and our month long vacations helps prevent burnout. Additionally, we foster a supportive and inclusive work environment where employees can feel valued and respected, contributing to their overall wellbeing. We also provide opportunities for skill development and career growth enhances job satisfaction and fulfillment. Finally, we promote environmental sustainability and social responsibility initiatives as they contribute to employees' sense of purpose and wellbeing.

Pricing

• Price: £8,000 to £20,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Demo services can be used to get a good feel of the product. They represent to like to like versions of the services we sell commercially
• Link to free trial: https://harrastukset.ekarjala.fi/en-FI

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contactus@townbase.com. Tell them what format you need. It will help if you say what assistive technology you use.