Drupal Consultancy, Development and Support Services

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: Our tailored services can serve as an extension to other software services, especially Drupal, which can be integrated into a microservices architecture. However, tailored services are also designed to function independently as a standalone service, offering comprehensive software solutions tailored to the specific requirements of our clients.
Cloud deployment model: Public cloud

Private cloud

Community cloud

Hybrid cloud
Service constraints: There are no specific constraints to the support service offered. The support services will be tailored to match the client’s support requirements and priced accordingly
System requirements: Drupal

User support

Email or online ticketing support: Email or online ticketing
Support response times: 15 minutes for critical support
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 A
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: Web chat
Web chat support availability: 24 hours, 7 days a week
Web chat support accessibility standard: WCAG 2.1 A
Web chat accessibility testing: We regularly conduct testing with assistive technology users to ensure our web chat meets accessibility standards and is usable for all individuals, regardless of disabilities.
Onsite support: Yes, at extra cost
Support levels: JEDEX offers a single-tier support service, contracted as "support days per month" at £700 per day. Clients enjoy unlimited ticket submissions within the contracted support time. However, any support time beyond the agreed amount incurs a charge of £85 per hour. Clients have the flexibility to adjust their contracted support time, with a minimum of 1 day per month, by providing 30 days' notice. This ensures tailored support aligned with evolving needs while maintaining transparency and flexibility for our clients.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: JEDEX is committed to ensuring a smooth and effective onboarding experience for users. Our onboarding process typically commences with a workshop, often referred to as a kick-off meeting, aimed at capturing essential project information and key behaviors necessary for project success. During this workshop, users are introduced to our processes and project management systems such as Jira. We also offer agile training sessions as part of the workshop, covering fundamental aspects of agile methodologies and providing basic training on our project management systems. Furthermore, we recognize the importance of providing comprehensive training for users on the Drupal CMS, a key component of our service. As such, Drupal CMS training is offered as a separate service, with detailed information available in our Service Definition document. In addition to workshops and training sessions, JEDEX also provides extensive user documentation to support users in getting started with our service. This documentation covers various aspects of using our service, from basic setup and configuration to more advanced functionalities and troubleshooting tips. Our goal is to ensure that users have access to the resources and support they need to successfully onboard and begin utilizing our service effectively.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: At the end of the contract, users can extract their data using OS-level tools such as xcopy or rsync. These tools facilitate the copying of data from the system to an external storage device or location, ensuring users retain access to their data even after the contract ends. Additionally, users may also have the option to export their data through built-in functionalities or APIs provided by the service, depending on the specific capabilities and configurations of the system. JEDEX ensures that users have the necessary tools and support to securely extract their data in compliance with contractual obligations and data protection regulations.
End-of-contract process: At the end of the contract, the buyer has the option to terminate the agreement with JEDEX by providing notice. Upon termination, JEDEX retains customer data for a period of 30 days, allowing customers to retrieve their content from JEDEX services. However, customers must ensure that all outstanding charges, including any post-termination usage fees and other amounts due, have been paid. Included in the price of the contract are the core service offerings provided by JEDEX, such as access to the platform, technical support, and regular updates. Additional costs may apply for extra services or features not covered by the base contract, such as customization, training, or premium support packages. Customers should review their contract terms to understand the scope of services included and any associated costs for additional offerings.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Our service are meticulously designed to function seamlessly on mobile devices, ensuring a user-friendly experience across various screen sizes and resolutions. While the core functionalities remain consistent between mobile and desktop versions, there may be slight differences in the layout and presentation to optimize usability on smaller screens. Additionally, mobile-specific features such as touch gestures and responsive design elements enhance the mobile experience, providing convenience and accessibility for users on the go.
Service interface: Yes
User support accessibility: WCAG 2.1 A
Description of service interface: JEDEX employs Drupal for a user-friendly interface, facilitating seamless content creation, management, and customization. Clients efficiently update website content, manage user permissions, and enhance functionality with various modules and plugins.

For support management, we leverage Jira to streamline the process. Clients submit requests, track their status, and communicate through a centralized platform. Jira's efficient workflow management prioritizes and resolves issues promptly, ensuring transparency and accountability throughout the support lifecycle.
Accessibility standards: WCAG 2.1 A
Accessibility testing: We conduct rigorous interface testing with users of assistive technology to ensure accessibility and usability for all individuals. This testing involves users with a range of disabilities, including visual impairments, motor disabilities, and cognitive impairments. We employ various assistive technologies such as screen readers, voice recognition software, and alternative input devices during these tests.
API: Yes
What users can and can't do using the API: All functionality can be exposed via an API. Set up the service: Users can programmatically configure and initialize our service by making API calls to create accounts, configure settings, and establish integrations with other systems. This allows for seamless automation of setup processes, reducing manual intervention. Make changes: Users can dynamically modify settings, configurations, and data within our service through API endpoints. This includes updating user profiles, adjusting account settings, managing permissions, and performing data operations such as adding, updating, or deleting records.
API documentation: Yes
API documentation formats: Open API (also known as Swagger)

HTML

PDF
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Design and Layout: Users can customise the appearance of their website by modifying themes, layouts, colors, fonts, and branding elements. Functionality: Users can extend the functionality of their website by adding, removing, or configuring modules and plugins. This allows for the integration of additional features and enhancements tailored to their requirements. Content: Users can create, edit, and manage content types, fields, and taxonomy terms to organise and structure their website content according to their preferences. User Roles and Permissions: Users can define custom user roles and permissions to control access to different parts of the website and manage user privileges effectively. Workflows and Automation: Users can customise workflows, automation rules, and scheduling tasks to streamline processes and automate repetitive tasks. Users with appropriate permissions, typically administrators or site owners, can customise these aspects of the Drupal web application through the administrative interface. This ensures that customisations are managed securely and in accordance with the buyer's specifications.

Scaling

Independence of resources: To guarantee independence of resources, JEDEX implements strict logical segregation of customer environments, preventing unauthorized access. Virtualized operational environments, like EC2, ensure customer segregation through network and hypervisor-level security controls. AWS monitors service usage to anticipate infrastructure needs for availability commitments, maintaining a capacity planning model updated at least monthly. This model forecasts future demands, enabling timely acquisition and implementation of additional resources. This robust approach ensures users remain unaffected by the demand placed on our service by other users, maintaining consistent performance and reliability.

Analytics

Service usage metrics: Yes
Metrics types: We track and report on the uptime of our services, providing clients with visibility into system availability and performance. We measure and report on our adherence to service level agreements (SLAs) for support response times, resolution times, and overall customer satisfaction. We offer integration with Google Analytics to provide clients with detailed insights into website traffic, user behavior, and engagement metrics. We utilize New Relic for performance monitoring and application analytics, allowing us to track key performance indicators (KPIs) such as response times, error rates, and throughput.
Reporting types: API access

Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)

Other locations
User control over data storage and processing locations: Yes
Datacentre security standards: Supplier-defined controls
Penetration testing frequency: At least every 6 months
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Encryption of all physical media

Other
Other data at rest protection approach: AWS infrastructure, aligning with industry best practices and regulatory standards. Our approach includes: Encryption of All Physical Media: We encrypt all physical media containing sensitive data. AWS offers scalable and efficient encryption features that enable customers to add additional security layers to their data at rest. We leverage these encryption options to ensure that data stored within our AWS environment is encrypted using robust cryptographic algorithms. AWS provides flexible key management options, allowing customers to control the encryption keys used to encrypt and decrypt their data. This enables us to implement secure key management practices.
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: In-house destruction process

Data importing and exporting

Data export approach: Users with administrative access to the Drupal Cloud CMS can export their data directly from the admin interface. Within the admin interface, users can navigate to the desired data or content they wish to export and utilize built-in export functionalities to generate export files. These export files can typically be downloaded in common file formats such as CSV (Comma-Separated Values) or XML (eXtensible Markup Language), depending on the configuration and requirements of the Drupal installation. This streamlined process empowers users to efficiently extract and utilize their data for analysis, reporting, or migration purposes.
Data export formats: CSV

ODF
Data import formats: CSV

ODF

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway
Data protection within supplier network: Other
Other protection within supplier network: Logical Segregation: Customer environments are logically segregated to prevent unauthorized access to resources. This ensures that users and customers can only access resources assigned to them, maintaining data confidentiality and integrity. We employ TLS (Version 1.2 or above) to encrypt data in transit, providing a secure communication channel between clients and our services. Encryption of API Calls and Console Connections: API calls made to our services are encrypted using TLS/SSL, maintaining confidentiality and preventing data interception. Additionally, connections to our AWS Console are encrypted with TLS, further enhancing data security and protecting against unauthorized access

Availability and resilience

Guaranteed availability: We guarantee a level of availability with a Service Level Agreement (SLA) of 98%. If we fail to meet this agreed level of availability, service credits will be awarded to the customer as compensation. Under the SLA, users are entitled to receive service credits in the event of downtime or unavailability that exceeds the guaranteed level. These service credits serve as compensation for the inconvenience caused by the service disruption. The specific details of how service credits are calculated and awarded, as well as the process for requesting and receiving credits, are outlined in our SLA agreement. Our goal is to ensure that users experience minimal disruptions to their service and are adequately compensated in the rare event that availability levels fall below the agreed threshold.
Approach to resilience: JEDEX's resilience approach aligns with the government's cloud security principle of Asset Protection and Resilience. Our custom web applications and Drupal-based web services are hosted on a resilient infrastructure designed for high availability and reliability. Our cloud infrastructure, built on AWS, adheres to AWS's Business Continuity plan, which outlines a comprehensive process for managing outages. This includes a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. These phases ensure systematic recovery efforts, minimizing downtime due to errors and omissions. To enhance resilience, we have implemented robust continuity measures, including: Frequent Server Instance Backups: We regularly back up server instances to ensure data integrity and facilitate rapid recovery in the event of a failure. Data Redundancy Replication: Critical data is replicated across multiple data stores to prevent data loss and maintain availability in case of hardware failures or disasters. Geographic Distribution: Our infrastructure spans multiple geographic regions, with instances and data stores distributed across multiple Availability Zones. This geographic redundancy enhances fault tolerance and resilience against localized disruptions.
Outage reporting: JEDEX promptly notifies users of any outages through multiple channels to ensure transparency and timely communication: Public Dashboard: We provide a public dashboard where users can view real-time status updates and incident reports. This dashboard offers visibility into system availability and any ongoing issues affecting service delivery. Email Alerts: Users receive email alerts directly to their registered email addresses in the event of an outage or service disruption. These alerts include detailed information about the nature of the outage, its impact, and ongoing efforts to resolve the issue. API: Additionally, we offer an API that enables users to programmatically access outage information and status updates. Users can integrate this API into their monitoring systems or custom applications to receive automated notifications and stay informed about service status changes.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Dedicated link (for example VPN)

Username or password
Access restrictions in management interfaces and support channels: User authentication via MFA devices. interfaces and support channels IAM provides access control to JEDEX services, APIs and specific resources. Other controls include time, originating IP address, SSL use.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Dedicated link (for example VPN)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: JEDEX adheres to comprehensive information security policies and processes, ensuring the integrity and confidentiality of our operations. We maintain formal, documented policies and procedures that outline the purpose, scope, roles, responsibilities, and management commitment to information security. These policies are centrally stored and easily accessible to all employees. Leadership involvement is integral to our approach, providing clear direction and visible support for security initiatives. Leadership reviews include decisions and actions related to enhancing the effectiveness of our Information Security Management System (ISMS), updating risk assessments, modifying procedures and controls, addressing resource needs, and improving control effectiveness measurement. Our policies undergo annual approval by JEDEX leadership or following significant infrastructure changes to ensure alignment with evolving security requirements. We enforce adherence to these policies through regular monitoring, training, and internal audits, fostering a culture of security awareness and accountability throughout the organization.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: JEDEX employs rigorous change management practices, integrating Git for version control, peer-to-peer reviews, and automated deployments and testing. Our process includes creating prototypes and conducting client demos to ensure alignment with expectations. Changes undergo thorough testing in non-production environments before deployment, with rollback procedures in place. Emergency changes follow established incident response protocols, and any exceptions are documented and escalated for review. Our configuration and change management processes are meticulously designed to ensure the integrity and security of our services. We adhere to stringent secure software development practices, which include comprehensive security risk assessments prior to implementing any changes.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: At JEDEX, we employ a robust vulnerability management process to safeguard our services against potential threats. We conduct regular vulnerability scans on host operating systems, web applications, and databases within our AWS environments. Additionally, we engage approved third-party suppliers to conduct external assessments, ensuring comprehensive coverage (minimum frequency: annually). Identified vulnerabilities are diligently monitored and evaluated, and we swiftly design and implement countermeasures to neutralize any known or newly identified threats. To stay informed about emerging threats and patches, we actively monitor newsfeeds and vendor sites for the latest information.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: JEDEX employs monitoring tools to detect unauthorized intrusion attempts, usage abuse, and anomalies in network/application bandwidth. These tools monitor various aspects including port scanning attacks, system usage metrics, and unauthorized connection attempts. We receive near real-time alerts when potential compromises are detected, triggering immediate investigation and response. Our response protocol ensures swift action to mitigate the incident and prevent further damage. We prioritize rapid incident response, aiming to resolve issues promptly to minimize impact on our services and clients.
Incident management type: Supplier-defined controls
Incident management approach: JEDEX's incident management process is structured and efficient. We begin by logging incidents in our dashboard, assigning severity levels for prioritization. Our support team validates incidents, ensuring clarity and understanding. Next, incidents are assigned to relevant team members for analysis, with estimated resolution times provided. Upon resolution, incidents are tracked with unique reference numbers, allowing clients to monitor progress and receive notifications. We have a recorded escalation process to involve directors when necessary. Finally, incidents are closed with client acceptance via a streamlined process. Our approach ensures timely resolution and transparent communication throughout the incident lifecycle.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

JEDEX has Environmental Management and are working towards net zero/ carbon neutrality. Our policies and procedures aim to influence our team, client and supply partners to consider and minimise the environmental impact of our activities

Covid-19 recovery

JEDEX have implemented staff services to support the mental health of the team in light of COVID-19 and the impact it has had on wellbeing. We have also invested in facilities and workplace conditions that support the COVID-19 recovery effort

Tackling economic inequality

JEDEX is committed to create a diverse working environment which includes seeking candidates from different social and economic backgrounds.

Equal opportunity

JEDEX is committed to ensuring equal opportunity for all. Ensuring that no one is excluded or undermined because of their age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage/ civil partnership, pregnancy and maternity, or factors such as social background. JEDEX actively promotes an inclusive working environment

Wellbeing

JEDEX is committed to support the health and wellbeing of the team, including physical and mental health. JEDEX offers flexible working hours, extended maternity and paternity leave and private healthcare to support our team.

Pricing

Price: £600 to £1,050 a unit a day
Discount for educational organisations: Yes
Free trial available: No

Drupal Consultancy, Development and Support Services

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Drupal Consultancy, Development and Support Services

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents