Skip to main content

Help us improve the Digital Marketplace - send your feedback

Brightwire

Umbraco CMS - Responsive, well designed and easy to manage websites

Umbraco is an incredibly easy to use content management system which is fully customisable to meet your needs. Brightwire is an Umbraco Gold Partner - we design and develop award-winning, responsive and integrated websites and web applications. This cost-effective and high-performance platform is easy to use and easy to manage.

Features

  • Complete flexibility - platform is heavily customisable
  • Easy to use for non-technical users
  • Systems integration with other applications
  • Digital asset management with a media library
  • Multimedia Support
  • Content publishing and expiry tools
  • Responsive design
  • E-commerce capability
  • Member and partner portal capability
  • Stunning visual designs with optimum user experience and usability

Benefits

  • Incredibly easy to use and manage content
  • Zero licence fee means lower cost of implementation
  • Rapid development platform
  • All the features you'd expect of enterprise content management
  • Full training and support services provided
  • Supports restricted access areas for specified groups or members
  • Supports micro sites and blogs
  • Supports workflow and content approval models
  • GDPR compliant
  • Accessibility compliant

Pricing

£725 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at clare.millar@brightwire.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 0 9 1 9 9 4 4 1 1 3 3 6 7 2

Contact

Brightwire Clare Millar
Telephone: 0131 541 2159
Email: clare.millar@brightwire.net

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
None - clients have a choice of deployment and support models depending on organisational and infrastructure requirements.
System requirements
Web browser (IE, Chrome, Safari, Firefox, Opera)

User support

Email or online ticketing support
Email or online ticketing
Support response times
There are defined SLAs and Out of hours support models covering weekends and bank holidays. Support incidents are classed in three categories (Level 1 Critical, Level 2 Major and Level 3 Minor) each with four defined stages. A Level 1 incident has a maximum response time of 1 hour. Our support desk runs within office hours for the majority of clients, with year-round out of hours support also available on request.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support levels are based on an agreed allocation of time per month, with time reporting to indicate usage. Support can be scaled back or topped up accordingly. Support is based on a day rate. For out of hours support this cover is based on the client's need and an appropriate cost is calculated. We have clear support procedures in place and a technical account manager as well as a nominated support engineer are both provided as part of the support agreement.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We offer a variety of training plans to help users start using the service.
• Some training is face to face for administrators but we have extensive user based online training for our SaaS offerings.
• User documentation is provided where required in electronic format.
• Onsite training: provided to groups of trainees who are usually split by administrative and user type. provided to groups of trainees who are usually split by administrative and user type. We recommend a 'train the trainer' approach with advocates who will be the key 'go to' people within the organisation, and provide floorwalking.
• User guides: these can either be documented or video guides for users and contain quick tips and handy reference information.
• Online training: we can provide online training if required - typically to larger groups of users.
• The level of onboarding and offboarding support depends on the customer's requirements.
• We can provide full support for organisations where there is an organisation-wide rollout, as well as pilot or trials within a specific business area.
Service documentation
Yes
Documentation formats
  • ODF
  • PDF
  • Other
Other documentation formats
  • Word/DOC/DOCX
  • Video/Multimedia
End-of-contract data extraction
All data can be exported as a SQL Server database backup or via reporting tools. The way in which we would recommend this be done would depend on customer need and the target environment.
End-of-contract process
The support agreement would normally allow for basic handover at contract end - however if there were more specific or custom requirements (such as a new target environment to which to replicate) then these would be assessed and a cost agreed with the Client. Brightwire will provide appropriate assistance to the client to extract any data or move to another supplier as required.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
User support accessibility
WCAG 2.1 A
Description of service interface
Umbraco provides a service interface out of the box.
Accessibility standards
WCAG 2.1 A
Accessibility testing
Umbraco can be customised to meet a client's accessibility requirements. For some clients we have configured and tested the interface with assistive technology tools as part of application development.
API
Yes
What users can and can't do using the API
In one single installation of Umbraco Headless you are able to provide fresh content to all your customers on any device. Simply hit publish and your changes will automatically update on your mobile app, on store displays, flatscreens, websites, and on smart watches. More information is available here: https://bit.ly/2HIialH
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Umbraco can be extensively customised to suit client needs. We have designed and developed sites for member management, secure extranets and portals, and comprehensive e-commerce and multi-channel solutions based on Umbraco. It can also be integrated with other line of business systems whether these are retail, ERP or asset management tools.

Scaling

Independence of resources
There are multiple deployment routes - each of which would be assessed in the light of specific functional and non-functional requirements such as performance. Performance can be affected by user bandwidth/connectivity as well as network capacity. We implement techniques to improve application performance and can recommend hosting models that will reduce the risk of load that negatively impacts performance. Umbraco Cloud offers considerable advantages including load balancing, performance, resilience and failover, backup and restore, and automatic updates. Further information is available here: https://umbraco.com/products/umbraco-cloud/

Analytics

Service usage metrics
Yes
Metrics types
Service usage might apply to two scenarios - the behaviour of the users consuming the service, on which analytics can be provided, and/or the draw-down of the support time allocation, analytics for which are typically provided on a monthly basis. For usage metrics we typically recommend Google Analytics on a public website.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
All data can be exported as a SQL Server database backup or via reporting tools and a file system backup. The way in which we would recommend this be done would depend on customer need and the target environment.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Excel
  • JSON
  • Various formats can be exported from Umbraco
  • XML and database backup
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • JSON
  • Various formats can be exported from Umbraco
  • XML and database backup

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our guarantee for service level uptime is 99.9%.
Approach to resilience
The underlying solution is based on a high availability configuration on Azure. Further information is available here: https://azure.microsoft.com/en-gb/features/resiliency/
Outage reporting
Administrator dashboard with automatic error reports via alerts and notifications.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Admin access is limited by role based controls built into the software to ensure that only users with appropriate rights have access to management functionality.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
29/11/2001
What the ISO/IEC 27001 doesn’t cover
Brightwire does not directly hold ISO 27001 certification for Umbraco, however the Azure platform on which this is based holds the accreditation. For further information please see here: https://www.microsoft.com/en-us/TrustCenter/Compliance/ISO-IEC-27001
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
SagePay/Coalfire
PCI DSS accreditation date
09/06/2018
What the PCI DSS doesn’t cover
Brightwire does not hold the certification directly, however, Sage Pay, one of our online payment partners, have PCI DSS certification.

We also integrate with other online payment providers, if required.
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We follow ISO 27001 methodology for policy and processes, and ensure that this is mapped closely to the Government's Cloud Security Principles. We have a defined reporting structure in place with ultimate responsibility for security and compliance resting with the CTO. Further information on security can be found here: https://bit.ly/2QghUyr

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow a structured change procedure, which provides a high degree of management and quality of output with a controlled approach to changes in scope – it being essential to track changes and ensure that all amendments are assessed and authorised. Specific processes for change management are as follows:
Request: Initiation of a change with a request for change (RFC);
Classification: Assigning a priority to the change after assessing its urgency and impact;
Authorisation: Processing the RFC through to the change advisory board;
Development: Developing the change, release management;
Release Management: Releasing the change for testing;
Review: Conducting post-deployment review.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We have a policy of applying all Microsoft related security patches within a day of them becoming available. For our hosting environment we subscribe to VMWare notifications and apply these to our private cloud environment within 3 days of them becoming available. For other general software that we use such as Umbraco we subscribe to notification lists and deploy these based on a triage of the exposure and risk and a prioritisation. Critical updates are always deployed as soon as they become available and always within a 4 hour window.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We limit exposure by only allowing access via firewall control to services which need to be accessed externally and have an account lockout process whereby after 15 attempts, an account will automatically be locked as suspicious activity would be assumed. We track and monitor invalid login attempts via standard Windows event logging mechanisms. We respond based on the SLA times as detailed earlier. Monitoring continuously measures the performance of key subsystems of the services platform against the established boundaries for acceptable service performance and availability, and generates warnings so that operations staff can address the event if one occurs.
Incident management type
Supplier-defined controls
Incident management approach
Users report incidents online using our incident reporting tool or by phone or email if required. We have specific processes that are triggered by incidents being reported to us which are followed and users are able to track and monitor the incident as it progresses through the SLA that corresponds to its priority. All incidents are followed by an incident report explaining what happened and what action is to be taken to prevent a reoccurance.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Building systems using cloud platforms enhances our ability to address our customers’ environmental challenges and advance towards net-zero greenhouse gas emissions. This cloud infrastructure optimises operational efficiency and promotes environmental stewardship through data-driven insights and streamlined processes. These platforms reduce the need for physical IT resources, by centralising data storage and computing in Microsoft’s energy-efficient datacentres that prioritise renewable energy and minimise carbon footprints. Additionally, they automate workflows and optimise resource allocation, reduce the need for physical resources and decrease the environmental footprint of daily operations. For instance, reducing paper use through digital records and communications significantly cuts waste and energy associated with paper production and disposal, directly lowering greenhouse gas emissions and encouraging sustainable practices.

Our solutions leverage Microsoft platforms and cloud technology not only for business efficiency but also as powerful tools for environmental stewardship. They provide a pathway for our customers to achieve sustainability goals and influence a wider community, and are able to contribute significantly to our customers’ efforts against climate change.

Covid-19 recovery

Leveraging cloud and Microsoft technologies, our solutions empower communities to navigate and overcome the repercussions of COVID-19. By enhancing digital platforms, we streamline the re-training and return-to-work processes for those unemployed due to the pandemic, fostering seamless transitions into emerging job sectors. Our technology also strengthens the resilience of people and communities, providing tools that facilitate effective communication and resource management, critical for recovery. For organizations and businesses, our solutions enable adaptable new working methods, ensuring continuity and efficiency in service delivery. Additionally, we support the physical and mental well-being of individuals by automating routine tasks to reduce workload and stress, improving employee well-being. Moreover, our innovations improve workplace conditions by enabling robust remote working infrastructures and promoting health-conscious operational practices, crucial for sustaining recovery efforts.

Tackling economic inequality

Our business applications are specifically engineered to tackle economic inequality by creating significant employment opportunities and enhancing training systems. By developing user-friendly systems that are straightforward to learn, we reduce the training period required for new hires in our customers' organizations. This efficiency accelerates their integration into productive roles, boosting employment rates swiftly.

We also prioritize inclusivity, designing our solutions to be accessible from anywhere. This flexibility enables part-time workers and remote employees, who may face traditional barriers to employment, to contribute effectively from their preferred environments. Our technology thus opens doors for a diverse range of individuals to participate in and benefit from the workforce.

As a company committed to growth and development, we invest heavily in our team. We offer specialized training programs that not only increase our team members' technical proficiency but also lead to recognized qualifications and certifications. This focus on continuous professional development ensures that our staff are equipped with cutting-edge skills, enhancing their career prospects and contributing to the overall skill base of the industry.

Through these strategic initiatives, we not only foster a more inclusive and skilled workforce but also contribute to reducing economic disparities by enabling more people to engage successfully in the digital economy.

Equal opportunity

Our business applications are designed to address economic inequality by fostering equal opportunities across the workforce. By creating user-friendly and accessible systems, we notably reduce the training time required for new starters, enabling quicker integration into productive roles. This approach is particularly beneficial in supporting disabled individuals, helping to bridge the disability training gap through tailored features that facilitate the development of new skills.

Additionally, our technology promotes workplace progression by providing tools that are easy to use and learn, which is essential for people who face barriers to employment. This inclusivity ensures that everyone, regardless of their circumstances, has the opportunity to contribute effectively and advance within their careers.

As a company committed to nurturing talent, we offer specific training programmes that not only enhance our team members' technical abilities but also lead to recognised qualifications and certifications. These initiatives are aimed at upskilling our customers' staff and teams, enabling them to move into higher-paid roles and thereby reducing economic disparities.

Through these strategic efforts, we not only support our customers in creating more equitable workplace environments but also commit to the growth and development of our own team, ensuring they are well-equipped to meet the challenges of the digital economy.

Wellbeing

Our business applications are not only designed to enhance operational efficiency but also to support the wellbeing of our customers' workforce. By fostering a user-friendly environment, our solutions help alleviate stress and promote a positive work atmosphere, contributing significantly to employee satisfaction and mental health.

A cornerstone of our development process is our commitment to collaboration and inclusion. We employ agile development methodologies, which allow us to work closely with our customers through iterative sprints and frequent feedback loops. This approach ensures that the solutions we develop are finely tuned to the real needs of the people who will use them every day.

During the development process, we actively engage with a broad range of stakeholders from our customer's organisation, including front-line staff and end-users. This inclusive strategy allows us to gather diverse insights and preferences, which inform the functionality and usability of our applications. By involving users early and often, we facilitate a sense of ownership and acceptance among the workforce, which is crucial for the successful adoption of new technologies.

Ultimately, our goal is to deliver solutions that not only meet the specified requirements but also support a thriving community of users. By building these communities, we help our customers foster a collaborative environment where continuous feedback and shared experiences drive collective success and innovation.

Pricing

Price
£725 a unit a day
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at clare.millar@brightwire.net. Tell them what format you need. It will help if you say what assistive technology you use.