Zoocha Limited

Drupal 10 Cloud CMS

This is a cloud CMS built using Drupal, and enables Drupal integrations with third party systems like single sign-on and CRM. Drupal 10 is the current support version of Drupal. Drupal 11 is set for release in mid 2024, though Drupal 10 will continue to be supported until September 2026.

Features

• Drupal 10 best practice implementation
• Expert Drupal 10 module evaluation based on requirements
• Remote access to your Drupal 10 Cloud CMS
• Customisable responsive Drupal 10 template design
• Drupal 10 Multi-lingual Capability
• Drupal 10 publishing workflows and content versioning
• Cyber Essentials Plus Certified
• ISO 27001 Certified
• ISO 9001 Certified
• Drupal Association Gold Certified Partner

Benefits

• Drupal security compliant for peace of mind
• Fully managed Drupal hosting on AWS
• Choose from thousands of Drupal Association approved modules
• Work with UK based expert Drupal Development team
• Rely on over 25 Certified Drupal Developers
• Access to 12 Triple Certified Drupal Experts
• Integrate with other 3rd Party Systems
• Accessible Interface for easy content publishing
• Customisable publishing workflows tailored to each team
• Flexible pricing for maximum return on investment

£2,000 an instance a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@zoocha.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

192632948914585

Contact

William Huggins
441992256700
info@zoocha.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Drupal is primarily a standalone CMS but can also be used as a software component within a microservices architecture, as a headless CMS or as part of a wider digital marketing communications stack.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: N/A
• System requirements:
  • Drupal
  • PHP

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 15 minutes for critical support (24/7/365).; ; Our standard support hours are 9am to 5.30pm Monday to Friday, exluding bank holidays. Zoocha also offers extended support hours from 7am to 9pm Monday to Friday, exluding bank holidays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Zoocha provide a multi tier support service which is contracted as 'support days per month' @ £700 per day and utilisation against contracted support time is reported monthly. Contracted support time can be increased or decreased (to a minimum of 1 day per month) at any time during the contract, by providing 30 days notice.; ; Our standard support hours are 9am to 5.30pm Monday to Friday, exluding bank holidays. Zoocha also offers extended support hours from 7am to 9pm Monday to Friday, exluding bank holidays. ; ; Critical support can be provided on a 24/7/365 basis at an additional cost of £250 per month, which guarentees a 15 minute response and 2 hour resolution of all critical issues.; ; Service level agreements (SLA's) cover uptime, incident response and incident resolution.; ; Each client will have a named Client Services Manager, who will be their main point of contact and will be responsible for the monthly service reviews.; ; Zoocha's support service is ISO certified to a UKAS rated standard for 9001:2015, 14001:2015, 22301:2019, 27001:2022.; ; Note: Overages (support time used above the contracted amount) is charged at £150 per hour.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The onboarding process starts with a kick off meeting to introduce the team and familiarise the key stakeholders with Drupal and the support interface/ processes. These meetings are typically conducted online, although face to face meetings and training can be offered if required.; ; User documentation is provided via the online knowledge base (using Confluence).; ; Additional Drupal CMS training is provided as a separate service. Zoocha also provide agile training for Product Owners.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data may be copied out using OS-level tools (such as xopy or rsync).
• End-of-contract process: Zoocha will provide an off-boarding plan as part of the contract, including secure transfer of all data. Zoocha will not erase customer data for 30 days following an account termination. After 30 days, all customer data will be securely and permanently deleted from all Zoocha systems.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Fully responsive web inteface.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Drupal 10 CMS with a user friendly editor interface, including help text. An online knowledge base (using Confluence) is also provided as well as a service desk portal to raise questions or issues to the support team.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: N/a
• API: Yes
• What users can and can't do using the API: All content and functionality can be exposed via an API.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: All of the following can be customised by the customer (assigned admin permissions): Content Types; Taxonomies; Role Types; User Permissions; Workflows; Menus/ Navigation

Scaling

• Independence of resources: Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them. Services which provide virtualized operational environments to customers (i.e. EC2) ensure that customers are segregated via security management processes/controls at the network and hypervisor level.; ; AWS continuously monitors service usage to project infrastructure needs to support availability commitments/requirements. AWS maintains a capacity planning model to assess infrastructure usage and demands at least monthly, and usually more frequently.; ; In addition, the AWS capacity planning model supports the planning of future demands to acquire and implement additional resources based upon current resources and forecasted requirements.

Analytics

• Service usage metrics: Yes
• Metrics types: Zoocha provide a monthly service report including uptime metrics, support SLA performance and any other metrics agreed within the scope of the contract.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Zoocha use AWS, which adheres to independently validated privacy, data protection, security protections and control processes. (Listed under “certifications”). AWS is responsible for the security of the cloud; customers are responsible for security in the cloud. AWS enables customers to control their content (where it will be stored, how it will be secured in transit or at rest, how access to their AWS environment will be managed). Wherever appropriate, AWS offers customers options to add additional security layers to data at rest, via scalable and efficient encryption features. AWS offers flexible key management options and dedicated hardware-based cryptographic key storage.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users with administrative access to the Drupal Cloud CMS are able to export data directly from the admin interface.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: Other
• Other protection within supplier network: Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them. AWS enables ownership and control over their data/ content by design through simple, but powerful tools that allow customers to determine how their content will be secured in transit. AWS enables customers to open a secure, encrypted channel to AWS services using TLS/SSL, and/or IPsec or TLS VPN (if applicable), or other means of protection the customer wish to use. API calls can be encrypted with TLS/SSL to maintain confidentiality; the AWS Console connection is encrypted with TLS.

Availability and resilience

• Guaranteed availability: Availability SLA is 99.95%. Failure to meet agreed level of availability will result in service credits awarded to to the customer.
• Approach to resilience: Zoocha is certified to ISO 22301:2019 for Business Continuity to a UKAS rated standard. The scope of this certification covers all Zoocha services.; ; Zoocha cloud infrastructure is build on AWS. The AWS Business Continuity plan details the process, in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that system recovery and reconstitution efforts are performed in a methodical sequence, minimizing system outage time due to errors and omissions. Zoocha have implemented a robust continuity plan, including the utilization of frequent server instance back-ups, data redundancy replication, and distribution of instances/ data stores within multiple geographic regions across multiple Availability Zones.
• Outage reporting: A key component of Zoocha’s service is real-time monitoring and proactive alerting (emails) and intervention across both the infrastructure and application stack.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: IAM provides user access control to Zoocha services, APIs and specific resources. Other controls include time, originating IP address, SSL use, and whether users authenticated via MFA devices.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SOCOTEC
• ISO/IEC 27001 accreditation date: 08/11/2023
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials Plus
  • ISO 27001
  • ISO 22301

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials PLUS
• Information security policies and processes: Zoocha is certified to ISO 27001:2022 for Information Security Management to a UKAS rated standard. The scope of this certification covers all Zoocha services.; ; Zoocha implement formal, documented policies and procedures that provide guidance for operations and information security within the organisation. Policies address purpose, scope, roles, responsibilities and management commitment. Employees maintain policies in a centralised and accessible location. Leadership involvement provides clear direction and visible support for security initiatives. The output of Leadership reviews include any decisions or actions related to:; • Improvement of the effectiveness of the ISMS.; • Update of the risk assessment and treatment plan.; • Modification of procedures and controls that affect information security to respond to internal or external events that may impact the ISMS.; • Resource needs.; • Improvement in how the effectiveness of controls is measured. Policies are approved by Zoocha leadership at least annually or following a significant change to the infrastructure.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to Zoocha services and features follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is via explicit access system requests, subject to owner review and authorisation. Teams set bespoke change management standards per service, underpinned by standard Zoocha guidelines. All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), final approval by authorised party. Emergency changes follow Zoocha incident response procedures. Exceptions to change management processes are documented and escalated to Zoocha management.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Zoocha perform vulnerability scans on the host operating system, web applications, and databases in the AWS environments. Approved 3rd party suppliers conduct external assessments (minimum frequency: annually). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities. Zoocha monitor newsfeeds/vendor sites for patches. Zoocha are responsible for all scanning, penetration testing, file integrity monitoring and intrusion detection for customers instances/ applications.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Zoocha use monitoring devices to collect information on unauthorized intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor:; • Port scanning attacks; • Usage (CPU, processes, disk-utilization, swap rates, software-error generated losses); • Application metrics; • Unauthorized connection attempts Near real-time alerts flag potential compromise incidents, based on set thresholds.
• Incident management type: Supplier-defined controls
• Incident management approach: Zoocha Drupal Cloud CMS incident management process is:; Logging (creating a story for the incident in the dashboard and assigning severity level);; Validation (review and clarification by the support team);; Assignment (assigning story to relevant team member);; Analysis (estimate of time required to resolve); Resolution (completion of the story ready for acceptance by the Client);; Tracking (assignment of unique reference number and ability for Client to follow each ticket in order to receive notifications of any changes to the ticket);; Escalation (recorded method of escalating to Directors);; Acceptance (closure of the ticket via ‘one click’ acceptance by the Client).

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Zoocha are proud to be certificated to the ISO 14001 standard (by a UKAS rated accreditation body) since early 2023. This internationally recognized standard for Environmental Management Systems (EMS) helps organisations such as Zoocha in identifying, managing, and continually improving their environmental performance. ; ; While ISO 14001 doesn't explicitly target carbon emissions, it supports the reduction of a variety of practices, such as Zoocha’s environmental policy which outlines our commitment to reducing environmental impacts, including carbon emissions.; ; Zoocha's services are also 'Green Mark' certified.; ; Zoocha has an established EMS, which includes plans, procedures, and practices to achieve our objectives and targets. This included the development of strategies to reduce energy consumption, improving process efficiency (such as in hosting environments), and switching to low-carbon energy sources.

  Tackling economic inequality

  At Zoocha, we understand the profound impact that economic inequality can have on communities and industries alike. Our approach to tackling this issue is multi-faceted, rooted in our core values of People, Trust, Value, Quality, and Success. We strive to create opportunities and foster an inclusive environment where everyone has the chance to thrive.; ; Firstly, we ensure that our hiring practices are fair and inclusive, offering equal opportunities for people from diverse backgrounds. This is crucial in the tech industry, where diversity can drive innovation and creativity. By building a team that reflects a wide range of experiences and perspectives, we not only enhance our own services but also contribute to reducing the skills gap in the technology sector.; ; We also extend our commitment to economic equality through our work with clients in the higher education, public sector, health, and Charity/NGO sectors. By delivering high-quality digital solutions that improve accessibility, efficiency, and engagement, we help these organisations serve their communities more effectively, indirectly combating economic inequality by providing better access to essential services.; ; Finally, our contributions to the Drupal Open Source project reflect our belief in the power of technology as a force for good. By supporting the Drupal community through financial support, code contributions, and knowledge sharing, we help ensure that cutting-edge technology is available and accessible to all, democratizing access to digital tools that can empower individuals and organizations worldwide.; ; In these ways, Zoocha actively works towards a more equitable world, leveraging our expertise and resources to make a difference in the communities we serve and beyond.

  Equal opportunity

  The Zoocha culture, policies and processes explicitly ban any discrimination including (but not limited to) on the grounds of age, disability, gender reassignment, marriage/civil partnership, pregnancy/maternity, race, religion or belief, sex or sexual orientation. Zoocha aspires to provide a diverse workforce, a composition of which reflects that of the broader community.; ; In accordance with our policy, Zoocha is totally committed to the principles and practice of equal opportunities as an employer. Our directors and members of senior management are empowered to recruit and manage employees, advocate our policies and make every effort to ensure that all actions and decisions have equity at their core.

  Wellbeing

  At Zoocha, our employee wellbeing is our top priority and we offer a number of services to accommodate this. Our benefits scheme includes birthdays off, 25 days of annual leave per year, gym memberships, mental health support and private health care. These are offered to our employees to ensure that we are able to provide a comfortable, secure work space that everybody can enjoy. ; ; We also offer all of our employees the opportunity to take advantage of a flexible working schedule which allows them to work from any location and attend to any needs throughout the day. While we encourage the onboarding of local employees to support employment opportunities, we are more than happy to accommodate our remote employees, supplying any equipment needed in order to create a comforting home office space, as well as booking hotel stays if they want to visit the office for a more sociable atmosphere.

Pricing

• Price: £2,000 an instance a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@zoocha.com. Tell them what format you need. It will help if you say what assistive technology you use.