Compucorp Ltd

Drupal CMS: Open-source Content Management and Website Development

We provide design, UX research and build services for websites and content related digital platforms. Let our experienced team help you navigate to a fully integrated digital marketing presence with high returns on investment based on the easy to use Drupal content management system.

Features

• Open-source highly flexible CMS
• Multi-lingual support
• User research, testing and service design
• Open API with integration to CRM and other platforms
• Comprehensive sign-on options
• Flexible content management suitable for enterprise sites
• Highly scalable infrastructure with performance monitoring and optimisation
• Support for complex content editing workflows
• Accessible to WCAG 2.1 AAA possible
• AI integrated chatbots

Benefits

• Enterprise ready CMS platform
• Open source for flexibility and extensive functionality
• Future proof and easy to upgrade
• Easy to use, but powerful features
• Ready made core website templates for rapid deployment
• Extensive system performance monitoring
• Publish and manage content from mobile devices anywhere

£950 to £1,300 a unit a day

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Jamie@compuco.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

321782343198353

Contact

Jamie Novick
0207 096 3336
Jamie@compuco.io

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Scheduled security updates are normally applied monthly and require a small amount of system downtime (normally around 30 mins). We agree with clients to agree to a suitable maintenance window in order to apply these which can be outside of normal working hours. ; ; Drupal requires PHP with a MySQL or equivalent database.
• System requirements: Latest version of all major web browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide a 4h response time for high priority issues during standard working hours (9am - 5.30pm) weekdays. Our standard contracts are Monday to Friday, but weekend support is available at an additional cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We use the ""Freshdesk"" platform for managing support requests with their integrated chatbot. Their Internal web strategy includes; - accessibility solutions.; - Integrated accessibility in their strategy and design practices.; - They regularly validate and test their website for compliance with WCAG.
• Onsite support: Yes, at extra cost
• Support levels: We provide a range of Helpdesk Support options which are based on the number of required hours per month. Clients can always increase this number of hours if needed or purchase additional use ad-hoc support hours. ; ; All our customers are allocated an Account Manager who has regular check-ins to discuss strategic focus and further products or enhancements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The Compuco implementation process is focused on helping the CRM to deliver tangible outcomes for our clients. We are able to offer an end to end implementation service including discovery, configuration, training (both on and offsite) as well as supporting with complex data migrations. We will also supply full documentation of all processes that have been designed as part of the onboarding.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: As a user you will always be able to download data via the application export features, but for more technical administrators we can provide a database export for you in any prescribed format.
• End-of-contract process: If at the end of the contract you wish to move to a new system we would work with you and your new supplier to define an exit strategy so that your organisation could continue to operate with minimal disruption over the transition period. There is no “one size fits all” approach as every organisation’s circumstances are different, but by working together we are confident that the handover can be achieved to your satisfaction.; ; We would be happy to work with any supplier to support migration to the new system, and can help with extracting data in a number of formats and providing advice and guidance as to the structure of the original data files. Once the migration has been confirmed we would decommission the old site. We would run through our final exit checklist to ensure all non-required data and access is removed from our systems before notifying the client of the same.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Drupal has a highly configurable API which can allow any level of integration required. API's would however need to be configured to meet your integration requirements.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Drupal is a highly flexible platform that supports high levels of customisations from within the application interface. This includes adding fields to various entities in the system. It is also possible to select from and install a wide array of community contributed extensions which add additional functionality. Should further customisation be necessary, the open source nature of the platform allows us to develop the platform in any way needed, and is unconstrained. We would be happy to discuss any developments as part of any implementation.

Scaling

• Independence of resources: Our hosting infrastructure ensures that customer instances are logically separated to prevent users from accessing resources not alloted to them. Compuco AWS-powered hosting ensures that customers are segregated via security management processes/controls at the network and hypervisor level.

Analytics

• Service usage metrics: Yes
• Metrics types: User last login date/time. ; Further metrics are possible and available on request. ; Full integration with google analytics available on request.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: As a user with appropriate permissions, data can be exported in a number of ways but primarily using the built in CSV exporter or via a number of reporting options.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Compuco's AWS-hosted systems guarantee 99.99% availability of the service except for any scheduled maintenance downtime as may be agreed with the customer. Higher levels of availability with high availability infrastructures are available at request. Failure to meet agreed levels of availability will result in service credits awarded to the customer.
• Approach to resilience: AWS currently provides SLAs for several services. Due to the rapidly evolving nature of AWS’s product offerings, SLAs are best reviewed directly on their website via the links below: ; • Amazon EC2 SLA: http://aws.amazon.com/ec2-sla/ ; • Amazon S3 SLA: http://aws.amazon.com/s3-sla ; • Amazon CloudFront SLA: http://aws.amazon.com/cloudfront/sla/; • Amazon Route 53 SLA: http://aws.amazon.com/route53/sla/ ; • Amazon RDS SLA: http://aws.amazon.com/rds-sla/ ; • AWS Shield Advanced SLA: https://aws.amazon.com/shield/sla/ ; ; Our well-architected solutions on AWS leverage AWS Service SLA’s and unique AWS capabilities such as multiple Availability Zones, which ease the burden of achieving specific SLA requirements.
• Outage reporting: Compuco’s incident reporting system ensures that outages (service failure, web site unavailable, etc) are reported directly to responsible parties via e-mails, so that necessary actions can be taken. An API is available on request.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: 2-factor authentication; Public key authentication (including by TLS client certificate); Identity federation with existing provider (for example Google Apps); Dedicated link (for example VPN); Username or password
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: AWS
• ISO/IEC 27001 accreditation date: 22 November 2023
• What the ISO/IEC 27001 doesn’t cover: Compuco does not hold the certification directly, however, our hosting provider AWS has certification for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, and ISO/IEC 9001:2015.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Stripe / Coalfire
• PCI DSS accreditation date: Valid through date: March 31 2025
• What the PCI DSS doesn’t cover: Compuco does not hold the certification directly, however, Stripe , our preferred online payment partners, have current Payment Card Industry Data Security Standard (PCI DSS) certification. ; ; • PCI DSS v3.2 Level 1 Service Provider ; ; We can also integrate with other online payment providers as required who can provide this certification for e-commerce functionality.; ; We can also integrate with other online payment providers as required who can provide this certification for e-commerce functionality.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Certification ; Additionally we operate an ISO 9001 aligned quality manual and ISO 27001 aligned information security policy. Our quality manual underpins our approach to software development, testing and release processes. Our information security policy underpins our approach to data management, staff training, development processes and internal data management.
• Information security policies and processes: Compucorp implement formal, documented policies and procedures that provide guidance for operations and information security within the organisation.; ; Compucorp is committed to a robust implementation of Information Security Management. It aims to ensure the appropriate confidentiality, integrity and availability of its data by maintaining policies in a centralised and accessible location.; ; A copy of our policies are available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to the service are managed as described by our quality manual. ; ; All code changes are subject to multiple stages of review, before being committed to a fully auditable version control system. Automated and manual tests are then run before the changes are applied to any live environment.; ; Automated and manual tests are then run before the changes are applied to any live environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Compuco leverages Drupal's Security team which employs several vulnerability management processes :; ; - Security Advisories: Drupal.org publishes security advisories to alert users of any vulnerabilities discovered .; - Security Team: Drupal.org has a dedicated Security Team responsible for triaging, verifying, and addressing reported security issues; - Release Management: Drupal.org follows a structured release management process to deliver security updates.; ; Compuco then use a risk level system based on the NIST Common Misuse Scoring System to determine when to apply Drupal security releases. The hosting platform receives automated security patching for all software directly from the OS maintainers.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our comprehensive webserver monitoring solution will alert us to unusual system activity, unauthorised intrusion attempts, usage abuse, and network/application bandwidth usage. Near real-time alerts flag incidents and our infrastructure team will take immediate action at the infrastructure or application level to correct any issues identified.
• Incident management type: Supplier-defined controls
• Incident management approach: Users report incidents via online ticket, email or telephone to our support team who will then investigate, categorise and escalate these to our Information Security Management Team as required. Urgent issues are given clear priority and are treated as soon as possible. We retrospective all information security incidents in order to identify solutions to ensure they are mitigated in future.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Compuco's sustainability policy aims to minimise environmental impact and promote societal contribution. It addresses emissions sources like electricity usage, corporate expenses, and employee commuting.; ; Principles:; ; - Compliance: Meet or exceed relevant laws and regulations.; - Integration: Incorporate sustainability into all decisions.; - Awareness: Ensure staff are informed and committed.; - Technology: Use advanced tech to reduce environmental impact.; ; Practical Steps:; ; - Travel and Meetings: Prioritise sustainable transport and teleconferencing.; - Equipment and Resources: Optimise data usage, conserve energy, and minimise waste.; - We use Amazon Web Services (AWS UK) as our hosting partner, who have committed to achieving net-zero emissions by 2040.; - Externalities: Encourage staff volunteering and offset carbon emissions.; ; The implementation of our Drupal CMS product can play a vital role in supporting efforts to fight climate change and deliver environmental benefits by promoting sustainable practices, educating stakeholders, facilitating collaboration, encouraging sustainable behavior, and tracking environmental performance. By leveraging the power of digital communication and engagement, organisations can mobilise stakeholders to support environmental protection and improvement initiatives, contributing to a more sustainable and resilient future.

  Covid-19 recovery

  Compuco recognised the challenges brought about Covid-19 and understands the likelihood of continued uncertainties in the near future. However, with over half of its team already accustomed to remote work, Compuco was well-equipped to support organisations during the main outbreak. It seamlessly transitioned to a fully distributed model, leveraging its experience to assist clients in their own remote work transitions. Compuco conducted client sessions, feedback, and training remotely using high-quality tools, resulting in increased efficiency and client engagement. ; ; In a post-COVID era, Compuco will continue to operate primarily in a distributed manner, capitalising on the efficiency and flexibility it offers. Remote client interactions and collaboration will remain prominent, with a continued emphasis on utilising the best available tools for effective communication and project management. The company has incorporated lessons learned during the pandemic to further optimise its operations and support clients in navigating potential future disruptions. ; ; Implementing Drupal can add social value by providing online platforms for job creation, community support, organisational resilience, health promotion, and workplace adaptation during the COVID-19 recovery process. These platforms can serve as valuable resources for individuals, communities, organisations, and businesses striving to navigate the challenges and uncertainties brought about by the pandemic.

  Tackling economic inequality

  Compuco's approach to tackling Economic Inequality covers a range of practical steps:; ; - We prioritising fair hiring practices and diversity within our workforce.; - We are a Certified Living Wage Employer.; - Where necessary, we will establishing skill development programs for underrepresented groups.; - We engage with local communities through outreach and partnerships, for example our landlord's Educational Charity.; - We offering up to 2 days of volunteering per year to each of our employees whci can be spend providing services to organisations addressing inequality.; - We supporting diverse suppliers and vendors.; ; Implementing our Drupal CMS can help tackle equal opportunity and workforce inequality by providing accessible platforms for promoting inclusive hiring practices, supporting skills development, influencing stakeholders, identifying and addressing inequality, supporting in-work progression, and managing the risks of modern slavery. These platforms can serve as powerful tools for fostering diversity, equity, and inclusion within the contract workforce and promoting a culture of fairness and respect.

  Equal opportunity

  Compuco prioritises the physical and mental health of its team members through several initiatives:; ; Encourages taking control of health with a Wellness Day annually for preventive care.; Provides an extra day off on employees' birthdays.; Offers two paid volunteering days per year for supporting charitable causes.; Grants bereavement or compassionate leave in cases of serious illness or death in the immediate family.; Provides a personal development allowance for learning and growth.; Offers access to a Private Health Insurance Scheme for UK employees.; Grants two Friday afternoons off between June and August to encourage relaxation.; Supports flexible work arrangements for better work-life balance.; Organises various social events, both in-person and online, to foster team bonding and well-being.

  Wellbeing

  Compuco prioritises the physical and mental health of its team members through several initiatives:; ; - Encourages taking control of health with a Wellness Day annually for preventive care.; - Provides an extra day off on employees' birthdays.; - Offers two paid volunteering days per year for supporting charitable causes.; - Grants bereavement or compassionate leave in cases of serious illness or death in the immediate family.; - Provides a personal development allowance for learning and growth.; - Offers access to a Private Health Insurance Scheme for UK employees.; - Grants two Friday afternoons off between June and August to encourage relaxation.; - Supports flexible work arrangements for better work-life balance.; - Organises various social events, both in-person and online, to foster team bonding and well-being.; ; Implementing our Drupal CMS product can improve health and wellbeing by providing resources and support for the contract workforce and by influencing stakeholders to prioritise health and wellbeing initiatives. Additionally, Drupal facilitates community integration by promoting collaboration in codesign and delivery of contracts and by encouraging stakeholders to support strong, integrated communities.

Pricing

• Price: £950 to £1,300 a unit a day
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Compuco can provide a full demonstration version of the system to clients to use for an agreed period of time (up to 1 month).

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Jamie@compuco.io. Tell them what format you need. It will help if you say what assistive technology you use.