Optimizely Content Cloud DXP

CDS provides end-to-end consultancy, implementation and support for Optimizely Content Cloud (formerly Episerver), a digital experience platform (DXP) and web content management platform with powerful, market-leading software and high-availability, scalable cloud hosting. Optimizely is a SaaS platform offering ease of use and connectivity with other cloud services and systems.


  • Elastic scaling to support traffic peaks and bursts
  • Based on latest Microsoft cloud technology, Azure Web Apps
  • Optimal performance via a content delivery network (CDN)
  • Separate environments for integration/test, pre-production and production
  • Best-of-breed services from vendors via connectors and add-ons
  • 24x7x365 global operations for maintenance and support
  • Online reports for website and transaction performance
  • Proactive application monitoring and end-user experience monitoring
  • Data back-up and retention
  • DDOS mitigation


  • SLA guarantee on service availability
  • Unlimited number of Optimizely websites
  • Unlimited number of CMS editors and administrators
  • Scaled packages available to suit your traffic and content needs
  • Includes Optimizely Search & Navigation enterprise search product
  • Lower total cost of ownership with a fully managed service
  • Single platform including commerce, CMS and campaign
  • CDS is the UK's largest Optimizely implementation partner
  • Leader in Gartner Magic Quadrant (web content management and DXP)
  • CDS are ISO20000-certified Optimizely Premium Solution Partners


£500 to £1,500 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

2 4 3 4 6 2 2 5 8 2 5 9 1 2 7


CDS Matt Johnson
Telephone: 0113 399 4000

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Deployment is on public cloud.
Please see for additional considerations
System requirements
Content editing requires modern browsers

User support

Email or online ticketing support
Email or online ticketing
Support response times
9am-5pm Monday to Friday as standard; up to 24x7x365 by arrangement. SLAs vary by contract
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Optimizely DXP includes 24x7x365 platform support (up to CMS application).
We provide second- and third-line support and maintenance for deployed services via our ISO 20000-certified Service Desk, which uses an ITIL methodology to maintain the integrity and availability of business-critical, high profile and complex systems. Our Service Desk provides: •Incident and service request management •Problem management •Change management •Release and deployment management •Service level management and service reporting •Configuration management •Service management plan •Service level agreement. All CDS Service Managers and Service Desk staff are ITIL-certified. Support and maintenance contracts stipulate a minimum level of support provision per month, appropriate to the size and complexity of the service; this entitles clients to a certain number of hours of support, at standard day rate. Additional time is chargeable at the agreed contract day rate. The SLA is flexible and can be tailored to customers’ requirements; as support needs vary, provision can be reviewed every six months to ensure it continues to meet client requirements. Typical SLAs include Service Desk support Monday to Friday, 9am to 5pm; we can provide out of hours (on-call) support, up to 24x7x365.
Support available to third parties

Onboarding and offboarding

Getting started
CDS commissions the DXP service which provides the platform and tools we need to build your website. We undertake discovery, design and development processes appropriate to your requirements, through to full system testing. The approved solution is deployed to the production environment by Optimizely.

CDS provides tutor-led, on-site training for editors and administrators, and template user guides. Optimizely also provides certified training courses and online user documentation for the application.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
All documentation is available at
End-of-contract data extraction
Through request to CDS or the Optimizely Managed Service desk, a full back-up of the Optimizely database and accompanying binary assets can be provided. CDS can provide additional Exit Planning and Management services upon request.
End-of-contract process
Subject to 90 days' termination notice being provided, there is no additional cost for ending the contract after the original contract period. If the termination date requested is before the end of the contracted period, the remaining period must be paid for in order to terminate. CDS can provide Exit Planning and Management services to assist in the transition.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The service is responsive and can be used on a range of screen sizes including mobile, tablet and desktop.
Service interface
User support accessibility
None or don’t know
Description of service interface
The user and administration interface for Optimizely is browser based and can be customised to meet the requirements of the user.
Accessibility standards
None or don’t know
Description of accessibility
The interface is user-friendly and intuitive
Accessibility testing
None known
What users can and can't do using the API
Optimizely's API enables all aspects of the system to be interacted with.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Customisation available
Description of customisation
Optimizely can be fully customised to suit your individual website requirements, including presentation templates, authentication providers, site functionality and editing/management functionality. Customisation is through .NET languages and JavaScript, using Visual Studio. CDS is a Optimizely Premium Solution Partner that provides all customisation services, from discovery and design through to content and SEO optimisation.


Independence of resources
Each DXP implementation runs as a single tenant solution with its own dedicated set of resources that scale using public cloud infrastructure.


Service usage metrics
Metrics types
Service level metrics
CMS activity, e.g. pages published
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported directly from the database or an export can be run that downloads content as a compressed XML file.
Data export formats
Other data export formats
XML as part of a standard Optimizely export.
Data import formats
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Availability is guaranteed at 99.7%, rising to 99.9% depending on package selected. Should this service level not be met, the customer has the right to obtain a reduction on the monthly fee for the affected service(s), corresponding to 10% of the monthly fee for each interval of 1 hour that the effective availability falls below the SLA for the affected service(s). The reduction is limited to the actual month when the agreed availability level has fallen short. This compensation shall be the Customer's sole remedy for interruption or delay in Optimizely Services(s).
Approach to resilience
Optimizely is primarily based on Microsoft Azure services and utilises other cloud services. Full details of resiliency are available on request.
Outage reporting
Email alerts, public dashboard, phone notification

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access management is enforced at different levels in the DXP-S. Optimizely's PaaS portal is used to administer and manage a client's DXP users. Only authorised Optimizely users with set permissions are allowed to manage the service, this is controlled via AzureAD; stings are also hard coded in the portal. Client developers or partners are allowed to access the DXP integration environment only; users must be requested. Customer editors can authenticate with the DXP via their own chosen federated security if they wish, Optimizely can also restrict access via set IP ranges if required.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
CDS maintains a set of security policies aligned with our ISO27001 certification, we are also Cyber Essentials Plus certified. All staff are BPSS cleared at minimum and are briefed on the security policy at induction and ongoing compliance supported by an internal learning management system.

Optimizely maintains its own ISMS which is aligned to ISO27001, which is included in new starter training for all employees and supported by their learning management system.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Optimizely development follows an iterative development lifecycle regarding code changes. Optimizely performs web vulnerability scans that look for the OWASP Top 10 vulnerabilities and use the OWASP references as a guide during development. Optimizely has a review process for all changes/releases to the software (weekly), restricted to select publishers (who have been trained against Optimizely's ISMS). Microsoft Azure teams follow a formal Security Development Life-Cycle process for their services which Optimizely consumes.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
DXP-S uses a web application firewall (WAF) to stop attacks at the network edge, protecting your website from common threats and specialised attacks before they reach your service. Microsoft is also protected by an active Intrusion Detection/Protection system which detects threats. Microsoft regularly penetration tests the underlying infrastructure of DXP. The DXP is also subject to regular pen tests conducted by customers and partners. If a threat is detected these are given Optimzely's highest service priority and escalation. Microsoft is responsible for patch management.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
DXP-S offers centralised monitoring and analysis systems that provide continuous visibility and timely alerts to the teams who manage the service. Triggers and thresholds are set, benchmarked against typical consumption or behaviour on your website. If unanticipated performance behaviour is detected, the service desk is alerted to analyse further. Security incidents receive the highest priority and customers are notified at the earliest opportunity.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
CDS operate a mature Incident and Service Request Management process, certified to the ISO 20000 standard. The process is operated by our Service Management tool, which is interactive and can be configured to support the ticket workflow and metrics agreed with customers. Customers can report and update incidents via our interactive portal, email and telephone. Though we operate a core Incident Management policy and process, these can be tailored within customers Service Level Agreements to support common incidents and events. We operate a separate Major Incident Management process, which can provide incident reports, post-mortems etc., when criteria are triggered.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

CDS is certified to the internationally recognised standard BS EN ISO 14001: 2004 – Environmental Management. The standard underpins our commitment to look after the environment, prevent negative environmental impacts, manage waste and reduce our carbon footprint.  CDS is Planet Mark accredited, helping us to transform society, the environment and economy by measuring our carbon and social data. Our Carbon Reduction Plan sets corporate continual improvement goals, strategies and annual targets and CDS has pledged to halve our carbon emissions by 2030 and be carbon-neutral by 2050. The Bailie Group (of which CDS is part), is applying for ISO 50001 Energy Management System certification in 2022, which will focus our efforts on continually improving energy performance. Example initiatives and activities designed to fight climate change include: • Mandatory environmental awareness training for all new staff. Thereafter, all staff are required to complete annual refresher training • Introducing site-wide recycling facilities and waste streaming • Regular staff awareness bulletins on the company’s intranet on environment and sustainability best practices, to encourage behavioural change among staff • Replacing bottled water and disposable cups with personal water bottles and reusable insulated coffee cups, to replace single use plastics • Refurbishing our Leeds office to make it more environmentally friendly including changing the entire building to LED lighting with PIR sensors on the lights and replacing gas boilers with air source heating • Providing season ticket loans for public transport to reduce single car use • Investing in collaboration tools and video conferencing to eliminate unnecessary travel • Adding additional questions into our procurement compliance checklist, to encourage all of our potential suppliers to adopt sustainable practices.
Covid-19 recovery

Covid-19 recovery

Through our work with local authorities, transport and national infrastructure clients, we have supported many communications campaigns designed to support recovery from the impacts of Covid-19 in local communities. This includes: • Transport for London: working as TfL’s print and communications partner, CDS has supported the campaign to encourage people safely back onto public transport, producing outdoor media, train/bus stickers, signage and leaflets • London Borough of Lambeth: as Lambeth’s print partner, we have supported the borough council with its response to Covid-19, and delivering communications campaigns reaching citizens and businesses. Most recently, this has focussed on supporting recovery and economic regeneration • CDS supported Make it York (an organisation supporting York-based businesses to achieve economic prosperity) to deliver a campaign encouraging shoppers safely back into the city. Other initiaitives and activities include: • Offering opportunities for work experience, such as unpaid student placements • Providing apprenticeships • Improving workplace conditions including effective social distancing, increased cleaning and flexible, hybrid working • Creating employment opportunities for people made unemployed by Covid-19.
Tackling economic inequality

Tackling economic inequality

CDS provides a range of initiatives designed to create new businesses, new jobs and new skills within our local community. These include: • Apprenticeships and work experience, particularly for people who face barriers to employment. In the past two years, we have provided nine apprenticeship positions at our Leeds head office, of which four have become full-time employees. This year, we plan to offer around 20 new apprenticeship roles across the company. • Local employment: as a national company, CDS operates from six offices, each run as an autonomous business unit, managed by local teams. This regional structure has resulted in CDS becoming a community-focussed organisation, owing to local recruitment. • Engagement with local SMEs to encourage spend in the community. • Volunteering: many CDS staff give up their free time to volunteer as part of our charity initiatives.
Equal opportunity

Equal opportunity

CDS’ fully hybrid working model enables participation by people from across the country, including people experiencing limited mobility, neurodivergence and/or clinical vulnerability. Our Leeds head office is also highly accessible, with ground-floor access, a disabled toilet, a lift to the first and second floors and step-free access to all meeting spaces and refreshment areas.   CDS operates an inclusive and accessible recruitment practice; we actively encourage applications from suitably qualified and eligible candidates regardless of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, and sexual orientation. Our recruitment process is fair, equal, and non-discriminatory and works on the premise that the best person for the role will be offered the job.   As part of our people strategy, we will be using the Disability Confident standard to inform how we can provide opportunities for disabled people to join the organisation in the future.   Other initiatives and activities include: - STEM Programme: designed to break down barriers that might prevent young people from pursuing a career in technology - Structured staff appraisal process to identify individual skill gaps, and a training programme and assigned budget for delivering Personal Development Plans.


We support the health and wellbeing of our staff through a range of initiatives including: - Employee Assistance Programme -Trained Mental Health First Aiders - Flexible working hours to balance work and home activities - Personal healthcare plan - Staff social committee who organise regular events e.g., quizzes, film nights, meals out - Charity work in support of our chosen charity partner - Organised sponsored physical activities including the Yorkshire Three Peaks and ‘Tour de CDS’ - Cycle to Work Scheme, bike storage and shower facilities to encourage exercise - Free yoga classes and back massages - Quarterly staff engagement survey - Monthly ‘360’ reviews and professional development plans for all staff - Inclusive and accessible recruitment practices - Employee intranet providing regular content on wellbeing topics, including mental health and promoting awareness days such as Time to Talk.


£500 to £1,500 a unit a day
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.