Optimizely Content Cloud DXP
CDS provides end-to-end consultancy, implementation and support for Optimizely Content Cloud (formerly Episerver), a digital experience platform (DXP) and web content management platform with powerful, market-leading software and high-availability, scalable cloud hosting. Optimizely is a SaaS platform offering ease of use and connectivity with other cloud services and systems.
Features
- Elastic scaling to support traffic peaks and bursts
- Based on latest Microsoft cloud technology, Azure Web Apps
- Optimal performance via a content delivery network (CDN)
- Separate environments for integration/test, pre-production and production
- Best-of-breed services from vendors via connectors and add-ons
- 24x7x365 global operations for maintenance and support
- Online reports for website and transaction performance
- Proactive application monitoring and end-user experience monitoring
- Data back-up and retention
- DDOS mitigation
Benefits
- SLA guarantee on service availability
- Unlimited number of Optimizely websites
- Unlimited number of CMS editors and administrators
- Scaled packages available to suit your traffic and content needs
- Includes Optimizely Search & Navigation enterprise search product
- Lower total cost of ownership with a fully managed service
- Single platform including commerce, CMS and campaign
- CDS is the UK's largest Optimizely implementation partner
- Leader in Gartner Magic Quadrant (web content management and DXP)
- CDS are ISO20000-certified Optimizely Premium Solution Partners
Pricing
£116,200 an instance a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 9 8 3 0 5 3 9 4 2 8 4 2 5 9
Contact
CDS
Matt Johnson
Telephone: 0113 399 4000
Email: bidteam@cds.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
-
Deployment is on public cloud.
Please see https://docs.developers.optimizely.com/digital-experience-platform/v1.2.0-dxp-cloud-services/docs/requirements for additional considerations - System requirements
- Content editing requires modern browsers
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 9am-5pm Monday to Friday as standard; up to 24x7x365 by arrangement. SLAs vary by contract
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Optimizely DXP includes 24x7x365 platform support (up to CMS application).
We provide second- and third-line support and maintenance for deployed services via our ISO 20000-certified Service Desk, which uses an ITIL methodology to maintain the integrity and availability of business-critical, high profile and complex systems. Our Service Desk provides: •Incident and service request management •Problem management •Change management •Release and deployment management •Service level management and service reporting •Configuration management •Service management plan •Service level agreement. All CDS Service Managers and Service Desk staff are ITIL-certified. Support and maintenance contracts stipulate a minimum level of support provision per month, appropriate to the size and complexity of the service; this entitles clients to a certain number of hours of support, at standard day rate. Additional time is chargeable at the agreed contract day rate. The SLA is flexible and can be tailored to customers’ requirements; as support needs vary, provision can be reviewed every six months to ensure it continues to meet client requirements. Typical SLAs include Service Desk support Monday to Friday, 9am to 5pm; we can provide out of hours (on-call) support, up to 24x7x365. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
CDS commissions the DXP service which provides the platform and tools we need to build your website. We undertake discovery, design and development processes appropriate to your requirements, through to full system testing. The approved solution is deployed to the production environment by Optimizely.
CDS provides tutor-led, on-site training for editors and administrators, and template user guides. Optimizely also provides certified training courses and online user documentation for the application. - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
- All documentation is available at www.optimizely.com
- End-of-contract data extraction
- Through request to CDS or the Optimizely Managed Service desk, a full back-up of the Optimizely database and accompanying binary assets can be provided. CDS can provide additional Exit Planning and Management services upon request.
- End-of-contract process
- Subject to 90 days' termination notice being provided, there is no additional cost for ending the contract after the original contract period. If the termination date requested is before the end of the contracted period, the remaining period must be paid for in order to terminate. CDS can provide Exit Planning and Management services to assist in the transition.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The service is responsive and can be used on a range of screen sizes including mobile, tablet and desktop.
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- The user and administration interface for Optimizely is browser based and can be customised to meet the requirements of the user.
- Accessibility standards
- None or don’t know
- Description of accessibility
- The interface is user-friendly and intuitive
- Accessibility testing
- None known
- API
- Yes
- What users can and can't do using the API
- Optimizely's API enables all aspects of the system to be interacted with.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Optimizely can be fully customised to suit your individual website requirements, including presentation templates, authentication providers, site functionality and editing/management functionality. Customisation is through .NET languages and JavaScript, using Visual Studio. CDS is a Optimizely Premium Solution Partner that provides all customisation services, from discovery and design through to content and SEO optimisation.
Scaling
- Independence of resources
- Each DXP implementation runs as a single tenant solution with its own dedicated set of resources that scale using public cloud infrastructure.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Service level metrics
CMS activity, e.g. pages published - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Optimizely
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- No
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data can be exported directly from the database or an export can be run that downloads content as a compressed XML file.
- Data export formats
- Other
- Other data export formats
- XML as part of a standard Optimizely export.
- Data import formats
- Other
- Other data import formats
- XML
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Availability is guaranteed at 99.7%, rising to 99.9% depending on package selected. Should this service level not be met, the customer has the right to obtain a reduction on the monthly fee for the affected service(s), corresponding to 10% of the monthly fee for each interval of 1 hour that the effective availability falls below the SLA for the affected service(s). The reduction is limited to the actual month when the agreed availability level has fallen short. This compensation shall be the Customer's sole remedy for interruption or delay in Optimizely Services(s).
- Approach to resilience
- Optimizely is primarily based on Microsoft Azure services and utilises other cloud services. Full details of resiliency are available on request.
- Outage reporting
- Email alerts, public dashboard, phone notification
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Access management is enforced at different levels in the DXP-S. Optimizely's PaaS portal is used to administer and manage a client's DXP users. Only authorised Optimizely users with set permissions are allowed to manage the service, this is controlled via AzureAD; stings are also hard coded in the portal. Client developers or partners are allowed to access the DXP integration environment only; users must be requested. Customer editors can authenticate with the DXP via their own chosen federated security if they wish, Optimizely can also restrict access via set IP ranges if required.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- NQA
- ISO/IEC 27001 accreditation date
- 13/7/2021
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
CDS maintains a set of security policies aligned with our ISO27001 certification, we are also Cyber Essentials Plus certified. All staff are BPSS cleared at minimum and are briefed on the security policy at induction and ongoing compliance supported by an internal learning management system.
Optimizely maintains its own ISMS which is aligned to ISO27001, which is included in new starter training for all employees and supported by their learning management system.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Optimizely development follows an iterative development lifecycle regarding code changes. Optimizely performs web vulnerability scans that look for the OWASP Top 10 vulnerabilities and use the OWASP references as a guide during development. Optimizely has a review process for all changes/releases to the software (weekly), restricted to select publishers (who have been trained against Optimizely's ISMS). Microsoft Azure teams follow a formal Security Development Life-Cycle process for their services which Optimizely consumes.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- DXP-S uses a web application firewall (WAF) to stop attacks at the network edge, protecting your website from common threats and specialised attacks before they reach your service. Microsoft is also protected by an active Intrusion Detection/Protection system which detects threats. Microsoft regularly penetration tests the underlying infrastructure of DXP. The DXP is also subject to regular pen tests conducted by customers and partners. If a threat is detected these are given Optimzely's highest service priority and escalation. Microsoft is responsible for patch management.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- DXP-S offers centralised monitoring and analysis systems that provide continuous visibility and timely alerts to the teams who manage the service. Triggers and thresholds are set, benchmarked against typical consumption or behaviour on your website. If unanticipated performance behaviour is detected, the service desk is alerted to analyse further. Security incidents receive the highest priority and customers are notified at the earliest opportunity.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- CDS operate a mature Incident and Service Request Management process, certified to the ISO 20000 standard. The process is operated by our Service Management tool, which is interactive and can be configured to support the ticket workflow and metrics agreed with customers. Customers can report and update incidents via our interactive portal, email and telephone. Though we operate a core Incident Management policy and process, these can be tailored within customers Service Level Agreements to support common incidents and events. We operate a separate Major Incident Management process, which can provide incident reports, post-mortems etc., when criteria are triggered.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Tackling economic inequality
- Equal opportunity
Fighting climate change
CDS is committed to being an organisation that minimises its environmental impact, while establishing a sustainable environment for the benefit of staff, customers and suppliers.
CDS is certified to the internationally recognised standard BS EN ISO 14001: 2004 – Environmental Management. The standard underpins our commitment to look after the environment, prevent negative environmental impacts, manage waste and reduce our carbon footprint.
CDS is Planet Mark 3 accredited, helping us to transform society, the environment and economy by measuring our carbon and social data. We have also signed the UK SME Climate Change commitment and have pledged to halve our carbon emissions by 2030 and achieve net zero by 2050.
The Bailie Group (of which CDS is part), is also certified to ISO 50001 Energy Management System, which focuses our efforts on continually improving energy performance.
Our aims for 2024 are:
- Maintain zero to landfill
- Reduce energy consumption by 5% YOY
- Install solar panels at our head office site.Tackling economic inequality
CDS is committed to creating new businesses, new jobs and new skills within our local communities, designed to address economic inequality.
Employment opportunities and training
CDS commits to reducing the skills gap by providing apprenticeships, training opportunities and supporting ex-offenders in creating employment opportunities in our local communities.
As a national company, CDS operates from three primary offices, each run as an autonomous business unit, managed by locally based teams. This regional structure has resulted in CDS becoming a community-focussed organisation and is committed to using local suppliers and subcontractors.
Apprenticeships
CDS has an ongoing commitment to recruit and provide job opportunities in our local communities through apprenticeships. In the past two years we have provided nine apprenticeships, of which four have become full-time employees. A further four are currently taking apprenticeship degrees via Leeds Beckett University.
Supporting educational attainment and addressing skills gaps
CDS is committed to supporting educational attainment to reduce the skills and employment gaps in the local communities in which we work.
Initiatives include delivering careers talks in local schools about pursuing a digital career, career mentoring, mock interviews, CV advice and careers guidance. We also Provide work placements for school/university leavers and the unemployed: 1-6 weeks, more for internships
Volunteering in the local community
We make a valuable contribution to the community by supporting local charities and social enterprises. Each year our colleagues choose a local charity to be our charity of the year, that is aligned to our purpose and values.
In 2024, we will be working in partnership with Business In The Community (BITC) in our quest to continually improve what we do, and operate as a responsible business that makes a positive impact in our community.Equal opportunity
CDS regards its Equality and Diversity Policy as an integral part of its overall company strategy and is committed to encouraging equality, diversity and inclusion among its workforce and eliminating unlawful discrimination. It recognises the value of working with differences, and not against them. Our aim is for a workforce that is truly representative of all sections of society and our customers, and for each employee to feel respected and able to achieve their full potential and enjoy a fulfilling career with us.
CDS positively encourages applications from suitably qualified and eligible candidates regardless of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, and sexual orientation (protected characteristics as defined by the Equality Act 2010). Our recruitment process is fair, equal, and non-discriminatory and works on the premise that the best person for the role will be offered the job.
CDS is proud to be a Disability Confident Committed employer (Level 1). With access to expert knowledge and guidance, we are committed to providing an accessible and inclusive recruitment process and working environment for everybody.
In 2022 CDS invested in a new recruitment applicant tracking system (JobTrain), which includes an accessibility module to support applicants with disabilities. The system uses ReciteMe to offer a toolbar that helps neurodivergent candidates with their application.
CDS gives all staff the chance to achieve their full potential. We deal with people solely based on merit and will ensure fair and equal treatment including appraisal - access to training - career development - job allocation - promotion - grievance and disciplinary matters.
In 2024, in partnership with Business in the Community, we will be developing our Diversity & Inclusion Strategy and defining a set of key objectives to help measure progress and implement change.
Pricing
- Price
- £116,200 an instance a year
- Discount for educational organisations
- No
- Free trial available
- No