CDS

Optimizely Content Cloud DXP

CDS provides end-to-end consultancy, implementation and support for Optimizely Content Cloud (formerly Episerver), a digital experience platform (DXP) and web content management platform with powerful, market-leading software and high-availability, scalable cloud hosting. Optimizely is a SaaS platform offering ease of use and connectivity with other cloud services and systems.

Features

• Elastic scaling to support traffic peaks and bursts
• Based on latest Microsoft cloud technology, Azure Web Apps
• Optimal performance via a content delivery network (CDN)
• Separate environments for integration/test, pre-production and production
• Best-of-breed services from vendors via connectors and add-ons
• 24x7x365 global operations for maintenance and support
• Online reports for website and transaction performance
• Proactive application monitoring and end-user experience monitoring
• Data back-up and retention
• DDOS mitigation

Benefits

• SLA guarantee on service availability
• Unlimited number of Optimizely websites
• Unlimited number of CMS editors and administrators
• Scaled packages available to suit your traffic and content needs
• Includes Optimizely Search & Navigation enterprise search product
• Lower total cost of ownership with a fully managed service
• Single platform including commerce, CMS and campaign
• CDS is the UK's largest Optimizely implementation partner
• Leader in Gartner Magic Quadrant (web content management and DXP)
• CDS are ISO20000-certified Optimizely Premium Solution Partners

£500 to £1,500 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@cds.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

243462258259127

Contact

Matt Johnson
0113 399 4000
bidteam@cds.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Deployment is on public cloud.; Please see https://docs.developers.optimizely.com/digital-experience-platform/v1.2.0-dxp-cloud-services/docs/requirements for additional considerations
• System requirements: Content editing requires modern browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 9am-5pm Monday to Friday as standard; up to 24x7x365 by arrangement. SLAs vary by contract
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Optimizely DXP includes 24x7x365 platform support (up to CMS application). ; We provide second- and third-line support and maintenance for deployed services via our ISO 20000-certified Service Desk, which uses an ITIL methodology to maintain the integrity and availability of business-critical, high profile and complex systems. Our Service Desk provides: •Incident and service request management •Problem management •Change management •Release and deployment management •Service level management and service reporting •Configuration management •Service management plan •Service level agreement. All CDS Service Managers and Service Desk staff are ITIL-certified. Support and maintenance contracts stipulate a minimum level of support provision per month, appropriate to the size and complexity of the service; this entitles clients to a certain number of hours of support, at standard day rate. Additional time is chargeable at the agreed contract day rate. The SLA is flexible and can be tailored to customers’ requirements; as support needs vary, provision can be reviewed every six months to ensure it continues to meet client requirements. Typical SLAs include Service Desk support Monday to Friday, 9am to 5pm; we can provide out of hours (on-call) support, up to 24x7x365.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: CDS commissions the DXP service which provides the platform and tools we need to build your website. We undertake discovery, design and development processes appropriate to your requirements, through to full system testing. The approved solution is deployed to the production environment by Optimizely. ; ; CDS provides tutor-led, on-site training for editors and administrators, and template user guides. Optimizely also provides certified training courses and online user documentation for the application.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: All documentation is available at www.optimizely.com
• End-of-contract data extraction: Through request to CDS or the Optimizely Managed Service desk, a full back-up of the Optimizely database and accompanying binary assets can be provided. CDS can provide additional Exit Planning and Management services upon request.
• End-of-contract process: Subject to 90 days' termination notice being provided, there is no additional cost for ending the contract after the original contract period. If the termination date requested is before the end of the contracted period, the remaining period must be paid for in order to terminate. CDS can provide Exit Planning and Management services to assist in the transition.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is responsive and can be used on a range of screen sizes including mobile, tablet and desktop.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The user and administration interface for Optimizely is browser based and can be customised to meet the requirements of the user.
• Accessibility standards: None or don’t know
• Description of accessibility: The interface is user-friendly and intuitive
• Accessibility testing: None known
• API: Yes
• What users can and can't do using the API: Optimizely's API enables all aspects of the system to be interacted with.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Optimizely can be fully customised to suit your individual website requirements, including presentation templates, authentication providers, site functionality and editing/management functionality. Customisation is through .NET languages and JavaScript, using Visual Studio. CDS is a Optimizely Premium Solution Partner that provides all customisation services, from discovery and design through to content and SEO optimisation.

Scaling

• Independence of resources: Each DXP implementation runs as a single tenant solution with its own dedicated set of resources that scale using public cloud infrastructure.

Analytics

• Service usage metrics: Yes
• Metrics types: Service level metrics; CMS activity, e.g. pages published
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Optimizely

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported directly from the database or an export can be run that downloads content as a compressed XML file.
• Data export formats: Other
• Other data export formats: XML as part of a standard Optimizely export.
• Data import formats: Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Availability is guaranteed at 99.7%, rising to 99.9% depending on package selected. Should this service level not be met, the customer has the right to obtain a reduction on the monthly fee for the affected service(s), corresponding to 10% of the monthly fee for each interval of 1 hour that the effective availability falls below the SLA for the affected service(s). The reduction is limited to the actual month when the agreed availability level has fallen short. This compensation shall be the Customer's sole remedy for interruption or delay in Optimizely Services(s).
• Approach to resilience: Optimizely is primarily based on Microsoft Azure services and utilises other cloud services. Full details of resiliency are available on request.
• Outage reporting: Email alerts, public dashboard, phone notification

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access management is enforced at different levels in the DXP-S. Optimizely's PaaS portal is used to administer and manage a client's DXP users. Only authorised Optimizely users with set permissions are allowed to manage the service, this is controlled via AzureAD; stings are also hard coded in the portal. Client developers or partners are allowed to access the DXP integration environment only; users must be requested. Customer editors can authenticate with the DXP via their own chosen federated security if they wish, Optimizely can also restrict access via set IP ranges if required.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 13/7/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: CDS maintains a set of security policies aligned with our ISO27001 certification, we are also Cyber Essentials Plus certified. All staff are BPSS cleared at minimum and are briefed on the security policy at induction and ongoing compliance supported by an internal learning management system.; ; Optimizely maintains its own ISMS which is aligned to ISO27001, which is included in new starter training for all employees and supported by their learning management system.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Optimizely development follows an iterative development lifecycle regarding code changes. Optimizely performs web vulnerability scans that look for the OWASP Top 10 vulnerabilities and use the OWASP references as a guide during development. Optimizely has a review process for all changes/releases to the software (weekly), restricted to select publishers (who have been trained against Optimizely's ISMS). Microsoft Azure teams follow a formal Security Development Life-Cycle process for their services which Optimizely consumes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: DXP-S uses a web application firewall (WAF) to stop attacks at the network edge, protecting your website from common threats and specialised attacks before they reach your service. Microsoft is also protected by an active Intrusion Detection/Protection system which detects threats. Microsoft regularly penetration tests the underlying infrastructure of DXP. The DXP is also subject to regular pen tests conducted by customers and partners. If a threat is detected these are given Optimzely's highest service priority and escalation. Microsoft is responsible for patch management.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: DXP-S offers centralised monitoring and analysis systems that provide continuous visibility and timely alerts to the teams who manage the service. Triggers and thresholds are set, benchmarked against typical consumption or behaviour on your website. If unanticipated performance behaviour is detected, the service desk is alerted to analyse further. Security incidents receive the highest priority and customers are notified at the earliest opportunity.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: CDS operate a mature Incident and Service Request Management process, certified to the ISO 20000 standard. The process is operated by our Service Management tool, which is interactive and can be configured to support the ticket workflow and metrics agreed with customers. Customers can report and update incidents via our interactive portal, email and telephone. Though we operate a core Incident Management policy and process, these can be tailored within customers Service Level Agreements to support common incidents and events. We operate a separate Major Incident Management process, which can provide incident reports, post-mortems etc., when criteria are triggered.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  CDS is certified to the internationally recognised standard BS EN ISO 14001: 2004 – Environmental Management. The standard underpins our commitment to look after the environment, prevent negative environmental impacts, manage waste and reduce our carbon footprint. CDS is Planet Mark accredited, helping us to transform society, the environment and economy by measuring our carbon and social data. Our Carbon Reduction Plan sets corporate continual improvement goals, strategies and annual targets and CDS has pledged to halve our carbon emissions by 2030 and be carbon-neutral by 2050. The Bailie Group (of which CDS is part), is applying for ISO 50001 Energy Management System certification in 2022, which will focus our efforts on continually improving energy performance. Example initiatives and activities designed to fight climate change include: • Mandatory environmental awareness training for all new staff. Thereafter, all staff are required to complete annual refresher training • Introducing site-wide recycling facilities and waste streaming • Regular staff awareness bulletins on the company’s intranet on environment and sustainability best practices, to encourage behavioural change among staff • Replacing bottled water and disposable cups with personal water bottles and reusable insulated coffee cups, to replace single use plastics • Refurbishing our Leeds office to make it more environmentally friendly including changing the entire building to LED lighting with PIR sensors on the lights and replacing gas boilers with air source heating • Providing season ticket loans for public transport to reduce single car use • Investing in collaboration tools and video conferencing to eliminate unnecessary travel • Adding additional questions into our procurement compliance checklist, to encourage all of our potential suppliers to adopt sustainable practices.
• Covid-19 recovery:

  Covid-19 recovery

  Through our work with local authorities, transport and national infrastructure clients, we have supported many communications campaigns designed to support recovery from the impacts of Covid-19 in local communities. This includes: • Transport for London: working as TfL’s print and communications partner, CDS has supported the campaign to encourage people safely back onto public transport, producing outdoor media, train/bus stickers, signage and leaflets • London Borough of Lambeth: as Lambeth’s print partner, we have supported the borough council with its response to Covid-19, and delivering communications campaigns reaching citizens and businesses. Most recently, this has focussed on supporting recovery and economic regeneration • CDS supported Make it York (an organisation supporting York-based businesses to achieve economic prosperity) to deliver a campaign encouraging shoppers safely back into the city. Other initiaitives and activities include: • Offering opportunities for work experience, such as unpaid student placements • Providing apprenticeships • Improving workplace conditions including effective social distancing, increased cleaning and flexible, hybrid working • Creating employment opportunities for people made unemployed by Covid-19.
• Tackling economic inequality:

  Tackling economic inequality

  CDS provides a range of initiatives designed to create new businesses, new jobs and new skills within our local community. These include: • Apprenticeships and work experience, particularly for people who face barriers to employment. In the past two years, we have provided nine apprenticeship positions at our Leeds head office, of which four have become full-time employees. This year, we plan to offer around 20 new apprenticeship roles across the company. • Local employment: as a national company, CDS operates from six offices, each run as an autonomous business unit, managed by local teams. This regional structure has resulted in CDS becoming a community-focussed organisation, owing to local recruitment. • Engagement with local SMEs to encourage spend in the community. • Volunteering: many CDS staff give up their free time to volunteer as part of our charity initiatives.
• Equal opportunity:

  Equal opportunity

  CDS’ fully hybrid working model enables participation by people from across the country, including people experiencing limited mobility, neurodivergence and/or clinical vulnerability. Our Leeds head office is also highly accessible, with ground-floor access, a disabled toilet, a lift to the first and second floors and step-free access to all meeting spaces and refreshment areas. CDS operates an inclusive and accessible recruitment practice; we actively encourage applications from suitably qualified and eligible candidates regardless of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, and sexual orientation. Our recruitment process is fair, equal, and non-discriminatory and works on the premise that the best person for the role will be offered the job. As part of our people strategy, we will be using the Disability Confident standard to inform how we can provide opportunities for disabled people to join the organisation in the future. Other initiatives and activities include: - STEM Programme: designed to break down barriers that might prevent young people from pursuing a career in technology - Structured staff appraisal process to identify individual skill gaps, and a training programme and assigned budget for delivering Personal Development Plans.
• Wellbeing:

  Wellbeing

  We support the health and wellbeing of our staff through a range of initiatives including: - Employee Assistance Programme -Trained Mental Health First Aiders - Flexible working hours to balance work and home activities - Personal healthcare plan - Staff social committee who organise regular events e.g., quizzes, film nights, meals out - Charity work in support of our chosen charity partner - Organised sponsored physical activities including the Yorkshire Three Peaks and ‘Tour de CDS’ - Cycle to Work Scheme, bike storage and shower facilities to encourage exercise - Free yoga classes and back massages - Quarterly staff engagement survey - Monthly ‘360’ reviews and professional development plans for all staff - Inclusive and accessible recruitment practices - Employee intranet providing regular content on wellbeing topics, including mental health and promoting awareness days such as Time to Talk.

Pricing

• Price: £500 to £1,500 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@cds.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.