Skip to main content

Help us improve the Digital Marketplace - send your feedback

CDS

Optimizely Content Cloud DXP

CDS provides end-to-end consultancy, implementation and support for Optimizely Content Cloud (formerly Episerver), a digital experience platform (DXP) and web content management platform with powerful, market-leading software and high-availability, scalable cloud hosting. Optimizely is a SaaS platform offering ease of use and connectivity with other cloud services and systems.

Features

  • Elastic scaling to support traffic peaks and bursts
  • Based on latest Microsoft cloud technology, Azure Web Apps
  • Optimal performance via a content delivery network (CDN)
  • Separate environments for integration/test, pre-production and production
  • Best-of-breed services from vendors via connectors and add-ons
  • 24x7x365 global operations for maintenance and support
  • Online reports for website and transaction performance
  • Proactive application monitoring and end-user experience monitoring
  • Data back-up and retention
  • DDOS mitigation

Benefits

  • SLA guarantee on service availability
  • Unlimited number of Optimizely websites
  • Unlimited number of CMS editors and administrators
  • Scaled packages available to suit your traffic and content needs
  • Includes Optimizely Search & Navigation enterprise search product
  • Lower total cost of ownership with a fully managed service
  • Single platform including commerce, CMS and campaign
  • CDS is the UK's largest Optimizely implementation partner
  • Leader in Gartner Magic Quadrant (web content management and DXP)
  • CDS are ISO20000-certified Optimizely Premium Solution Partners

Pricing

£116,200 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@cds.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 9 8 3 0 5 3 9 4 2 8 4 2 5 9

Contact

CDS Matt Johnson
Telephone: 0113 399 4000
Email: bidteam@cds.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Deployment is on public cloud.
Please see https://docs.developers.optimizely.com/digital-experience-platform/v1.2.0-dxp-cloud-services/docs/requirements for additional considerations
System requirements
Content editing requires modern browsers

User support

Email or online ticketing support
Email or online ticketing
Support response times
9am-5pm Monday to Friday as standard; up to 24x7x365 by arrangement. SLAs vary by contract
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Optimizely DXP includes 24x7x365 platform support (up to CMS application).
We provide second- and third-line support and maintenance for deployed services via our ISO 20000-certified Service Desk, which uses an ITIL methodology to maintain the integrity and availability of business-critical, high profile and complex systems. Our Service Desk provides: •Incident and service request management •Problem management •Change management •Release and deployment management •Service level management and service reporting •Configuration management •Service management plan •Service level agreement. All CDS Service Managers and Service Desk staff are ITIL-certified. Support and maintenance contracts stipulate a minimum level of support provision per month, appropriate to the size and complexity of the service; this entitles clients to a certain number of hours of support, at standard day rate. Additional time is chargeable at the agreed contract day rate. The SLA is flexible and can be tailored to customers’ requirements; as support needs vary, provision can be reviewed every six months to ensure it continues to meet client requirements. Typical SLAs include Service Desk support Monday to Friday, 9am to 5pm; we can provide out of hours (on-call) support, up to 24x7x365.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
CDS commissions the DXP service which provides the platform and tools we need to build your website. We undertake discovery, design and development processes appropriate to your requirements, through to full system testing. The approved solution is deployed to the production environment by Optimizely.

CDS provides tutor-led, on-site training for editors and administrators, and template user guides. Optimizely also provides certified training courses and online user documentation for the application.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
All documentation is available at www.optimizely.com
End-of-contract data extraction
Through request to CDS or the Optimizely Managed Service desk, a full back-up of the Optimizely database and accompanying binary assets can be provided. CDS can provide additional Exit Planning and Management services upon request.
End-of-contract process
Subject to 90 days' termination notice being provided, there is no additional cost for ending the contract after the original contract period. If the termination date requested is before the end of the contracted period, the remaining period must be paid for in order to terminate. CDS can provide Exit Planning and Management services to assist in the transition.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service is responsive and can be used on a range of screen sizes including mobile, tablet and desktop.
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
The user and administration interface for Optimizely is browser based and can be customised to meet the requirements of the user.
Accessibility standards
None or don’t know
Description of accessibility
The interface is user-friendly and intuitive
Accessibility testing
None known
API
Yes
What users can and can't do using the API
Optimizely's API enables all aspects of the system to be interacted with.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Optimizely can be fully customised to suit your individual website requirements, including presentation templates, authentication providers, site functionality and editing/management functionality. Customisation is through .NET languages and JavaScript, using Visual Studio. CDS is a Optimizely Premium Solution Partner that provides all customisation services, from discovery and design through to content and SEO optimisation.

Scaling

Independence of resources
Each DXP implementation runs as a single tenant solution with its own dedicated set of resources that scale using public cloud infrastructure.

Analytics

Service usage metrics
Yes
Metrics types
Service level metrics
CMS activity, e.g. pages published
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Optimizely

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported directly from the database or an export can be run that downloads content as a compressed XML file.
Data export formats
Other
Other data export formats
XML as part of a standard Optimizely export.
Data import formats
Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Availability is guaranteed at 99.7%, rising to 99.9% depending on package selected. Should this service level not be met, the customer has the right to obtain a reduction on the monthly fee for the affected service(s), corresponding to 10% of the monthly fee for each interval of 1 hour that the effective availability falls below the SLA for the affected service(s). The reduction is limited to the actual month when the agreed availability level has fallen short. This compensation shall be the Customer's sole remedy for interruption or delay in Optimizely Services(s).
Approach to resilience
Optimizely is primarily based on Microsoft Azure services and utilises other cloud services. Full details of resiliency are available on request.
Outage reporting
Email alerts, public dashboard, phone notification

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access management is enforced at different levels in the DXP-S. Optimizely's PaaS portal is used to administer and manage a client's DXP users. Only authorised Optimizely users with set permissions are allowed to manage the service, this is controlled via AzureAD; stings are also hard coded in the portal. Client developers or partners are allowed to access the DXP integration environment only; users must be requested. Customer editors can authenticate with the DXP via their own chosen federated security if they wish, Optimizely can also restrict access via set IP ranges if required.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
NQA
ISO/IEC 27001 accreditation date
13/7/2021
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
CDS maintains a set of security policies aligned with our ISO27001 certification, we are also Cyber Essentials Plus certified. All staff are BPSS cleared at minimum and are briefed on the security policy at induction and ongoing compliance supported by an internal learning management system.

Optimizely maintains its own ISMS which is aligned to ISO27001, which is included in new starter training for all employees and supported by their learning management system.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Optimizely development follows an iterative development lifecycle regarding code changes. Optimizely performs web vulnerability scans that look for the OWASP Top 10 vulnerabilities and use the OWASP references as a guide during development. Optimizely has a review process for all changes/releases to the software (weekly), restricted to select publishers (who have been trained against Optimizely's ISMS). Microsoft Azure teams follow a formal Security Development Life-Cycle process for their services which Optimizely consumes.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
DXP-S uses a web application firewall (WAF) to stop attacks at the network edge, protecting your website from common threats and specialised attacks before they reach your service. Microsoft is also protected by an active Intrusion Detection/Protection system which detects threats. Microsoft regularly penetration tests the underlying infrastructure of DXP. The DXP is also subject to regular pen tests conducted by customers and partners. If a threat is detected these are given Optimzely's highest service priority and escalation. Microsoft is responsible for patch management.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
DXP-S offers centralised monitoring and analysis systems that provide continuous visibility and timely alerts to the teams who manage the service. Triggers and thresholds are set, benchmarked against typical consumption or behaviour on your website. If unanticipated performance behaviour is detected, the service desk is alerted to analyse further. Security incidents receive the highest priority and customers are notified at the earliest opportunity.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
CDS operate a mature Incident and Service Request Management process, certified to the ISO 20000 standard. The process is operated by our Service Management tool, which is interactive and can be configured to support the ticket workflow and metrics agreed with customers. Customers can report and update incidents via our interactive portal, email and telephone. Though we operate a core Incident Management policy and process, these can be tailored within customers Service Level Agreements to support common incidents and events. We operate a separate Major Incident Management process, which can provide incident reports, post-mortems etc., when criteria are triggered.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

Fighting climate change

CDS is committed to being an organisation that minimises its environmental impact, while establishing a sustainable environment for the benefit of staff, customers and suppliers.    

CDS is certified to the internationally recognised standard BS EN ISO 14001: 2004 – Environmental Management. The standard underpins our commitment to look after the environment, prevent negative environmental impacts, manage waste and reduce our carbon footprint. 

CDS is Planet Mark 3 accredited, helping us to transform society, the environment and economy by measuring our carbon and social data. We have also signed the UK SME Climate Change commitment and have pledged to halve our carbon emissions by 2030 and achieve net zero by 2050.

The Bailie Group (of which CDS is part), is also certified to ISO 50001 Energy Management System, which focuses our efforts on continually improving energy performance.

Our aims for 2024 are:   

- Maintain zero to landfill   
- Reduce energy consumption by 5% YOY
- Install solar panels at our head office site.

Tackling economic inequality

CDS is committed to creating new businesses, new jobs and new skills within our local communities, designed to address economic inequality.

Employment opportunities and training
CDS commits to reducing the skills gap by providing apprenticeships, training opportunities and supporting ex-offenders in creating employment opportunities in our local communities.

As a national company, CDS operates from three primary offices, each run as an autonomous business unit, managed by locally based teams. This regional structure has resulted in CDS becoming a community-focussed organisation and is committed to using local suppliers and subcontractors.

Apprenticeships
CDS has an ongoing commitment to recruit and provide job opportunities in our local communities through apprenticeships. In the past two years we have provided nine apprenticeships, of which four have become full-time employees. A further four are currently taking apprenticeship degrees via Leeds Beckett University.

Supporting educational attainment and addressing skills gaps
CDS is committed to supporting educational attainment to reduce the skills and employment gaps in the local communities in which we work.

Initiatives include delivering careers talks in local schools about pursuing a digital career, career mentoring, mock interviews, CV advice and careers guidance. We also Provide work placements for school/university leavers and the unemployed: 1-6 weeks, more for internships

Volunteering in the local community
We make a valuable contribution to the community by supporting local charities and social enterprises. Each year our colleagues choose a local charity to be our charity of the year, that is aligned to our purpose and values.

In 2024, we will be working in partnership with Business In The Community (BITC) in our quest to continually improve what we do, and operate as a responsible business that makes a positive impact in our community.

Equal opportunity

CDS regards its Equality and Diversity Policy as an integral part of its overall company strategy and is committed to encouraging equality, diversity and inclusion among its workforce and eliminating unlawful discrimination. It recognises the value of working with differences, and not against them.  Our aim is for a workforce that is truly representative of all sections of society and our customers, and for each employee to feel respected and able to achieve their full potential and enjoy a fulfilling career with us. 

CDS positively encourages applications from suitably qualified and eligible candidates regardless of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, and sexual orientation (protected characteristics as defined by the Equality Act 2010). Our recruitment process is fair, equal, and non-discriminatory and works on the premise that the best person for the role will be offered the job.  

CDS is proud to be a Disability Confident Committed employer (Level 1). With access to expert knowledge and guidance, we are committed to providing an accessible and inclusive recruitment process and working environment for everybody.

In 2022 CDS invested in a new recruitment applicant tracking system (JobTrain), which includes an accessibility module to support applicants with disabilities. The system uses ReciteMe to offer a toolbar that helps neurodivergent candidates with their application.

CDS gives all staff the chance to achieve their full potential. We deal with people solely based on merit and will ensure fair and equal treatment including appraisal - access to training - career development - job allocation - promotion - grievance and disciplinary matters.  

In 2024, in partnership with Business in the Community, we will be developing our Diversity & Inclusion Strategy and defining a set of key objectives to help measure progress and implement change.

Pricing

Price
£116,200 an instance a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@cds.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.