SteadyGo Ltd

Website Development and Hosting

Website development of new and existing websites, with a specialism in Umbraco CMS. We also provide Azure or Umbraco cloud hosting as a service to deploy and host website applications and databases.

Features

• Website Development
• Website UX
• Website Design
• Website Hosting
• Website SEO
• Website Testing
• Website Deployments
• Website Support
• Website Maintenance

Benefits

• Faster websites
• Websites with more features
• Efficient websites
• Improved user journeys
• Better conversions
• Websites built with CMS editors in mind

£95 to £95 a unit an hour

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jarrod.hollingdrake@steadygo.digital. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

234919100285414

Contact

Jarrod Hollingdrake
0113 320 1302
jarrod.hollingdrake@steadygo.digital

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: There are no constraints
• System requirements:
  • Three environments to deploy to
  • Azure or Umbraco Cloud hosting
  • Google account

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday-Friday; Priority 1 2 hours ; Priority 2 4 hours ; Priority 3 Same business day; Priority 4 Same business day; Saturday-Sunday; Priority 1 2 hours; Priority 2 Next business day ; Priority 3 Next business day; Priority 4 Next business day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: All clients receive the same level of support on our support contracts and requests are dealt with dependant on priority/severity.; We respond to priority 1 issues within 2 hours. All support requests are responded to by the next working day,
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We run requirements gathering sessions as part of a wider discovery phase at the beginning of every project to understand the project requirements, user requirements and technical requirements.; Help guides and training sessions are run to assist users and get them used to their new website.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Files can be handed over securely and then deleted at source or more typically the hosted environments are handed over to the client and then access rights removed for us
• End-of-contract process: The website and databases will be handed over to the client or their new provider. However, most clients remain after a project has completed as a support client.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our websites are design to work equally well on mobiles as on desktops
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Clients can request an entirely bespoke website build

Scaling

• Independence of resources: We operate a totally scalable approach and have an extended team of sub-contractors we can call upon during periods of high demand.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Azure and Umbraco Cloud Hosting

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Through CSV files directly out of their website
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our support services are offered from Monday - Friday 9:00am - 5:00pm; Priority 1 issues are responded to within 2 hours, with an aim to be resolved within 6 hours.; Priority 2 issues are responded to within 4 hours, with an aim to be resolved within 10 hours.; Priority 3 issues are responded to within the same business day, with an aim to be resolved within 15 business days; Priority 4 issues are responded to within the same business day, without a commitment to resolution
• Approach to resilience: All data is stored within Azure or Umbraco Cloud.
• Outage reporting: Email alerts using Azure Monitor Alert or Freshping

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Passwords and IP restrictions are in place; In some cases 2-factor authentication is also used
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Clear desk policy; All work laptops locked when not in use; All printed documentation shredded and disposed of by third-party
• Information security policies and processes: Security issues are escalated to the Technical Director.; All passwords are stored securely in our KeePass file and password security software; All sensitive documentation is secured on our server, only Directors have access to.; Sensitive printed documentation is stored in our safe

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: DevOps or Github repositories are used to deal with version control and change management of our website code and deployments
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Our cloud services are protected by third-party systems supplied by either Azure or Umbraco Cloud; Both systems alert us to potential threats but they are responsible for the patches required.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Luckily all of our the sites we host are either on Azure or Umbraco cloud and security issues are dealt with quickly at the source.; For potential compromises with our source code we act immediately to ascertain the threat level and isolate the issue or area of the site compromised.
• Incident management type: Supplier-defined controls
• Incident management approach: Clients can report incidents or issues via our project management tool Asana. For serious issues we expect clients to follow up with an email or phone call to our office.; Incident reports are supplied to clients via email and stored securely in client folders on our server.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  Our equal opportunity policy is available for all clients and staff to view

Pricing

• Price: £95 to £95 a unit an hour
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jarrod.hollingdrake@steadygo.digital. Tell them what format you need. It will help if you say what assistive technology you use.