PRODO SOCIAL SOFTWARE LTD

Prodo Website - Umbraco CMS Web Design and Development

Prodo, a Umbraco Gold Partner, specialises in delivering optimised websites for housing associations, local authorities, and subsidiaries for over 20 years. Leveraging Umbraco CMS, we offer fast website replacements and fully custom solutions tailored to your needs. Our expertise ensures industry-standard websites, prioritising accessibility, usability, and engaging tenants and stakeholders.

Features

• Open source .Net CMS platform
• Range of multi-purpose, flexible content modules
• Flexible, custom form builder
• Customisable form workflows
• Fully responsive design and configuration
• Application of branding
• Accessibility optimised WCAG
• SEO optimisation
• Integration capabilities e.g. CRM
• Support, maintenance, CMS version updates and hosting included

Benefits

• High levels of flexibility and security
• Versatile CMS providing full control over content management
• Simple creation of tailored forms for various specific requirements
• Form submission data to specific mailboxes or systems, reducing admin
• Seamless user experience across all devices
• Reinforces brand identity for cohesive online presence.
• Enables accessibility compliance for broader audience reach
• Enhanced online visibility and search engine ranking
• CRM integration ensures data integrity and reduces admin
• Comprehensive support and maintenance for stability, availability and security.

£1,500 to £2,500 a unit a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jacob.howell@prodo.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

239598996074488

Contact

Jacob Howell
0844 871 7272
jacob.howell@prodo.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The Prodo Portal for social housing providers offers a self-service platform via web and app. Residents manage accounts, payments, repairs diagnosis and scheduling with voice and image recognition AI, receive push notifications for updates and log service requests. API integrations ensure seamless data transfer, unlocking capacity and transforming customer experience.
• Cloud deployment model: Public cloud
• Service constraints: As a SaaS provider, Prodo manages hosting, support, and maintenance, with control over new feature releases. However, client consultation ensures their priorities shape our roadmap. Additionally, our service comes with its own SLA which is offered Mon-Fri office hours.
• System requirements:
  • Domain name
  • Brand guidelines
  • Web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The SLA is offered Mon-Fri during office hours by default.; ; Severity: P1; Initial Response: Immediately, or within 15 minutes; Client Update: Every 1 hour; Target Resolution: Within 4 hours; ; Severity: P2; Initial Response: Within 2 hours; Client Update: Every 4 hours; Target Resolution: Within 2-3 working days (unless problem is escalated); ; Severity: P3; Initial Response: Within 4 hours; Client Update: Once per day; Target Resolution: Within 5 working days (unless problem is escalated)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: All support and maintenance is included within the subscription. ; An Account Manager is assigned to each client to manage the relationship and liaise with the wider team.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Included is online guidance, setup and training on the setup of the website and full Umbraco CMS training.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Any data captured through Umbraco Forms may be exported from the CMS.
• End-of-contract process: The end of the contract will cover an offboarding process including the provision of any data required before it is deleted, then the website will become inaccessible.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The user interface (UI) is fully responsive itself, including appropriate breakpoints to ensure the user experience (UX) is optimised regardless of device.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Clients have access to an Umbraco CMS admin area to manage content. Such as creating and editing pages, forms, managing CMS users, and more.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Accessibility testing of the service interface is handled by Umbraco.
• API: Yes
• What users can and can't do using the API: Prodo handles all API integrations between Umbraco CMS and our clients' internal systems.
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Upon onboarding, Prodo implement our clients organisation logo and core brand colours to apply to the frontend. Our client then has full control over elements of the content displayed to the frontend.

Scaling

• Independence of resources: We ensure that all users can access our service reliably, regardless of the demand placed on our systems by others. Firstly, we use robust infrastructure and scalable cloud-based resources to adjust our system capacity dynamically in response to user demand.; ; We continuously monitor system performance and usage metrics in real-time, allowing us to proactively identify and address potential bottlenecks or performance issues before they impact users.; ; In the event of unexpected spikes in demand, we have automated scaling policies in place to rapidly increase resources to accommodate increased load, ensuring that all users receive a consistent and responsive experience.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide Google Analytics (GA) setup as part of the configuration.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Form submission data can be exported in CSV format from Umbraco CMS.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • User data supplied in CSV format and uploaded
  • All other data via the API integration

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The SLA is offered Mon-Fri during office hours by default. Severity: P1 Initial Response: Immediately, or within 15 minutes Client Update: Every 1 hour Target Resolution: Within 4 hours Severity: P2 Initial Response: Within 2 hours Client Update: Every 4 hours Target Resolution: Within 2-3 working days (unless problem is escalated) Severity: P3 Initial Response: Within 4 hours Client Update: Once per day Target Resolution: Within 5 working days (unless problem is escalated); ; Not meeting the SLA is rare but addressed on a case-by-case basis.
• Approach to resilience: Our service is architected for resilience, ensuring consistent availability and performance. We utilise redundant infrastructure and automated failover to maintain operations during outages. Our data centres are strategically located and equipped with redundant power as well as multi-path network connectivity to prevent single points of failure.; ; In case of a data centre incident, we have disaster recovery plans in place, including data replication and quick failover to secondary sites. We continuously monitor our systems to detect and mitigate issues promptly. For detailed insights into our data centre resilience, we can provide information upon request, highlighting our commitment to maintaining a robust and reliable service
• Outage reporting: Our service reports outages through a dedicated Jira support portal where tickets can be raised for enhancements, advice, and repairs. Outages are communicated in monthly support reports and addressed in line with our strong contracted SLA, which defines response and resolution targets. Additionally, regular reports are provided by email to stakeholders, including an updated RAG status, summary of progress, and details of the current and next stages. Our automated uptime monitor alerts the Prodo team to any outages, which are then reported and addressed via a Priority 1 ticket, ensuring adherence to our SLA.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is restricted through a combination of background verifications, technical controls, and monitoring. We employ the principle of least privilege, ensuring only necessary personnel have access to critical systems. Access is logged and monitored, with privileged access being closely scrutinised. Technical measures like firewalls, intrusion detection systems, and automatic patch deployment further secure our infrastructure. Additionally, we suggest services like Cloudflare to obscure server locations and continuously monitor for security compliance.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: C.O.M.S
• ISO/IEC 27001 accreditation date: 13/03/2025
• What the ISO/IEC 27001 doesn’t cover: NA
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: At Prodo we have a comprehensive set of information security policies and processes in place to safeguard our systems, data, and operations. These policies cover areas such as data protection, access control, incident response, and compliance with relevant regulations and standards.; ; Our reporting structure for information security begins with our designated Information Security Officer (ISO), who oversees the implementation and enforcement of our security policies. The ISO reports directly to CEO, ensuring that information security remains a priority at the executive level.; ; To ensure that policies are followed, we employ a combination of measures, including regular security awareness training for employees, access controls and permissions, regular security audits and assessments, and incident monitoring and response procedures. We also conduct periodic reviews and updates of our policies to address emerging threats and changes in regulatory requirements.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management processes are designed to ensure that all changes to systems and configurations are managed in a controlled manner. This includes a three-stage process combining best practices from the Association for Project Management with the software development lifecycle. Projects pass through quality gates to ensure high-quality deliverables aligned with client expectations. A detailed Project Management Plan is produced, outlining the project approach, outcomes, deliverables, responsibilities, issues, and risks. Service Asset & Configuration Management (SACM) supports this by providing a comprehensive view of IT infrastructure and services, facilitating accurate change management and promoting efficient resource allocation.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process entails automated scanning, manual penetration testing, regular updates, secure configurations, and effective documentation and communication to identify and mitigate security risks.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring process includes conducting regular security assessments, implementing robust cybersecurity measures, adhering to compliance standards, ensuring health and safety, monitoring for threats, maintaining documentation, and engaging in stakeholder communication to safeguard IT systems and data.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management process is structured to ensure swift and effective handling of any incidents. It involves initial incident reporting, categorisation, and assignment to appropriate teams. We prioritise incidents based on impact and urgency, followed by investigation and resolution. Throughout the process, communication is maintained with stakeholders, and incidents are logged for audit and improvement purposes. Post-resolution, incidents are reviewed to identify root causes and prevent recurrence, ensuring continuous improvement in our incident management practices.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Prodo has a working group where we discuss and review initiatives to reduce our carbon footprint.; We use electric powered vechicles as Company cars, donate to the Cheshire Peak District to plant trees to offset our emissions, train staff in water and energy stewardship, procure sensibly and consider environmental factors, reuse and recycle where possible, donate server space to BOINC to allow scientific studies to crunch numbers on climate change, and much more.; In addition, our hosting is 100% carbon neutral.; Our goal is to be carbon neutral by 2050 and are continually reviewing our practices.; To promote environmental sustainability we prefer suppiliers and partners who can provide details of their pledges and actions to support the cause.; And lastly, we refuse to do busines with organisations who have breached, or are being investigated for breached of environmental law.

  Covid-19 recovery

  During the COVID-19 pandemic Prodo was determined to retain 100% of staff despite a difficult market and decrease in projects.; We successfully managed to navigate this difficult time with zero redundancies, and at the same time, offered full time positions to two apprentices.; In the past 9 months we focused on expanding and created four new positions within the business which have all since been filled.; Prodo is exptemely proud of our values and during a time when staff felt vulnerable we:; 1. Purchased laptops and VPN's for develeopment staff which enabled them to work effectively from home.; 2. Adopted a work from home policy where all staff, and not just shielding staff could work remotely during lockdown periods and where office working was non-essential.; 3. Trained 7 staff in mental health first aid so that one to one support was available.; 4. Provided updated information to staff on office opening (where permitted and essential), how to stay safe, and the procedures we put in place to keep people safe. (Risk assessments and reviews of GovUK guidance and law were reviewed regularly).; 5. Promoted Company funded online GP and counselling services and a Private Healthcare scheme to our staff and their families and encouraged engagement.; 6. Moved all meetings to digital and kept visitors to site to a minimum.; 7. Hosted virtual staff engagement activities to combat lonliness including virtual gameshows, quizzes, and movie nights.; 8. Used local supplier and small to meduim enterprises where possible to boost the local economy.; Prodo continues to support recovery wherever possible and will continue to, where possible, grow our business and provide safe and secure jobs and contracts to bolster the economy and provide more opportunitites.

  Tackling economic inequality

  Prodo is opposed to all inequality and recognises the value of supporting smaller businesses and entrepreneurs to grow and where possible, we promote growth within the sector in order to create opportunities and increase supply chain resilience and capacity.; To do this we:; 1. Bring recruitment, apprenticeship and partnership opportunities to large markets where possible to promote opportunities to individuals and/or organisations who face barriers and/or are located in deprived areas.; 2. Create diverse supply chains and where possible, choose small businesses, start-ups, and mutuals as our suppliers.; 3. Work with agencies to take on apprentices in the technology field which is facing skills shortages.; 4. Invest in people and train our staff to grow their knowledge and help our clients to grow.; 5. Spend time and resources developing new technology which is high quality, modern, effective, and available at a great market price.; 6. Ensure that our business is at the forefront of cyber security innovation and application and bolster our processes to maximise security.; 7. Develop fair working partnerships with clients and third parties where we offer quality and value for money. We learn from mistakes and recognise our accountability.; 8. Ensure that our operations, and those of our partners are resiliant and that business continuity plans are in place and tested regularly to ensure continuity of service. Excellent BCP is a requirement of all core suppliers. For example our hosting service have strict SLA's and are held accountable for any downtime.; 9. Pay all staff above the Real Living Wage.; 10. Develop technology to assist our clients and promote productivity within their organisation.

  Equal opportunity

  Prodo is proud to be an equal opportunities employer and service provider and have in place robust policies and procedures to meet our objectives.; We do this by:; 1. Ensuring that jobs are advertised on a large number of accessible and diverse platforms in order to reach a broad audience.; 2. Not stating any essential characteristics in job adverts that are discriminatory unless there is a legal and legitimate requirement.; 3. Actively engaging with applicants and existing staff to determine whether reasonable adjustments are required and using our Occupational Health Service to explore how we can implement these. (We have made reasonable adjustments in the past for disabled employees and apprentices).; 4. Offering employment, training, and advancement opportunities to all and employing/approving and funding training based on subjective reasoning and without diecrimination by ensuring that every decision is peer reviewed. Where individuals from disadvantaged background and/or minority group possess the necessary attributes but lack formal training we will, where practicable employ them and provide in house training to support their continued employment and growth.; 5. Training our staff in equality and diversity.; 6. Having a supervision structure where staff needs can be identified and where practical support can be provided in good time.; 7. Paying all employees above the Real Living Wage.; 8. Investing in staff where the individual and the Company may benefit from the development of new skills through recognised qualifications - which will improve the individual's opportunity for advancement professionally.; 9. Having a robust Modern Slavery Policy and Statement to manage the risks within the Company.; 10. Expecting our partners and suppliers to provide equality of opportunity throughout their business and promote diversity and inclusion. We may ask for supporting documents through the tendering process.

  Wellbeing

  As previously stated, Prodo supports our staff mentally and physically as we acknowledge not only our duty of care under the law but our moral responsibility as an employer.; To do this we:; 1. Have an IOSH trained health and safety manager who is active in the promotion of physical and mental healh via risk assessments, staff engagement, and training.; 2. Have trained mental health first aiders who are available to staff during the working day.; 3. Have an employee assistance programme in place offering 24/7 support to staff.; 4. Offer Company Private Healthcare to all employees.; 5. Promote mental health and wellbeing by organising social events amongst staff.; 6. Promote a culture of community health and wellbeing promotion where we organise, host and donate to charities and local good causes. For exaple raising money for MacMillan, donating money towards the enhancement of a school garden in a deprived area, and hosting 'away days' at charitable locations such as the zoo.; 7. Make donations on behalf of our cleients to health and wellbeing organisations/causes/charities close to their heart, which will benefit their community.; 8. Promote health and wellbeing through our social media posts.; 9. Choosing suppliers and partners who ensure the health and welfare of their workforce by requesting copies of their working policies on health and safety and related documents.; 10. Make clear to our staff, clients, partners, and suppliers that we promote health and wellbeing and will not tolerate any form of abuse, intimidation, discrimination, or any behaviour which will negatively impact others.

Pricing

• Price: £1,500 to £2,500 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jacob.howell@prodo.com. Tell them what format you need. It will help if you say what assistive technology you use.