HUMAN MADE LIMITED

Enterprise WordPress Development & Hosting

Human Made is an award-winning, global WordPress agency building powerful digital solutions for enterprise clients and large publishers. We manage complex WordPress projects at scale for some of the most visited websites in the world, with experience consulting for internationally successful organisations such as NewsUK, USA Today, Capgemini, and Unison.

Features

• Provision of Enterprise-level Wordpress CMS development and consultancy
• Headless and Multisite WordPress solutions
• Multilingual WordPress at scale
• Custom API integrations
• Custom publishing workflows built to suit your organisational process
• Accessibility, performance and sustainability optimisation
• Ongoing WordPress CMS support and continuous improvement
• AI and personalisation tools
• Agile process for complex, large scale transformation projects
• Agency includes REST API creator and co-founder of WordPress

Benefits

• Fast reliable website performance - WCAG 2.1 AAA compatible
• Altis - Our own Enterprise WordPress hosting solution
• Delivery teams in Americas, APAC and EMEA
• Truely multinational and multilingual
• Major contributors to WordPress core code
• Transparent Open Source ethos, public GitHub repos
• Experience of WordPress CMS at considerable scale
• Expertise in digital publishing and newsrooms
• Large scale platform migrations
• Secure WordPress hosting

£132 to £190 a unit an hour

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@humanmade.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

359419293417758

Contact

Adam Brown
01629 628082
sales@humanmade.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: WordPress CMS
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: Ongoing support, maintenance and continuous improvement is for WordPress CMS sites only. Non-WordPress to WordPress migrations available.
• System requirements: Modern website browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response time are tailored to different severity. Urgent requests are responded to within 1 to 2 hours depending on the selected support tier.; ; 4 severity tiers are covered within our support coverage - Urgent, Priority, Medium severity and low severity.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We use Slack and defer to Slack's testing practices
• Onsite support: Yes, at extra cost
• Support levels: We provide 3 types of support. ; 1. Altis Cloud hosting support - Delivered via a support messaging service and monitored by a cloud engineer; 2. Platform support & maintenance - Designed to cover small items such system upgrades and plugin updates; 3. Continuous improvement - An ongoing optimisation service for incremental platform improvement; ; Technical Account Managers are available on many of our tiered offering.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Human Made provides a comprehensive onboarding service to help clients make the best use of our project communication channels and Agile process. We also provide training on all CMS solutions, either via remote video call or video archives.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Our exit management plan mandates that we provide the client's data, code base and assets and will deliver it digitally.; ; Files will be digitally compressed and grouped and delivered via a secure link.
• End-of-contract process: We respect the open source nature of what we're delivering and will seek to place our clients in the best position even at the end of the contract.; ; On the development front, the client is recommended to disable our access to their systems. Human Made can facilitate hand-over and knowledge transfer as a separate distinct contract.; ; Upon termination of the contract, Altis will provide an offboarding package to the customer. This package includes a copy of the customer content (including the database and assets).; The customer codebase is owned by the customer, and Altis uses a customer-provided GitHub repository. Altis provides WordPress and custom functionality as part of the platform, which is publicly-available open-source code licensed under the GNU General Public License.; Customers may also take exports of data at any time from the self-service Altis Dashboard.; Altis will retain customer data for 90 days after the end date of the contract to facilitate emergency situations, after which it will be securely deleted. Legal and contractual information may be retained for up to 10 years in line with relevant legal and taxation requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Websites can be optimised to deliver a specific mobile experience if required, such as alternative content and/or layout.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: The WordPress user admin is a digital interface accessible via any web browser that facilitates the publishing of content online. The admin user interface is often customised to suit client requirements.; ; On the hosting site, we provide a separate dashboard to monitor and administer hosting specific needs.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: WordPress regularly improves its features and creates new core themes. The accessibility team monitors these changes and tests them for web accessibility. Full details can be found at https://make.wordpress.org/accessibility/handbook/get-involved/audits-and-testing/
• API: Yes
• What users can and can't do using the API: The WordPress REST API (Created by Ryan McCue of Human Made) provides an interface for applications to interact with your WordPress site by sending and receiving data as JSON (JavaScript Object Notation) objects. It is the foundation of the WordPress Block Editor, and can likewise enable your theme, plugin or custom application to present new, powerful interfaces for managing and publishing your site content.; ; Human Made can facilitate the creation of custom APIs to third party services, including maintenance and documentation.; ; Full details on the REST API are available at https://developer.wordpress.org/rest-api/
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Almost all aspects of our WordPress development service can be customised, including the frontend design, content types, backend functionality, plugins, integrations, workflow management and hosting environment.

Scaling

• Independence of resources: For website development:; We use a capacity management process that is reviewed daily to ensure the even distribution of work across our 4 squads in Americas, APAC and EMEA. Squads are able to cross-collaborate to balance capacity or to make the best use of specialisms. Using Agile deliver method we ensure sprints are planned well in advance with contingency time baked in. ; ; For Hosting:; Altis is a dedicated hosting solution that features application, database, caching, and search servers combine with load balancers and our CDN to automatically adjust your infrastructure dynamically, based on live traffic.

Analytics

• Service usage metrics: Yes
• Metrics types: Website metrics:; Google Analytics 4; Google Tag Manager; Google Site Kit; Hosting metrics:; Website visits; Storage usage; Bandwidth
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The WordPress user admin support data export for content inclusing text and imagery, plus user account data. Human Made can provide support for data export that sits outside of WordPress's export functionality.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Cloud storage for Images, Videos etc.
  • Custom API Driven
  • Database exports such as .sql
  • XML, JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Custom APIs
  • XML, JSON
  • Database exports such as .sql

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Up to 99.99% uptime SLA depending on selected hosting tier.; ; Should Provider fail to meet the agreed Availability SLA for a given calendar month, as Customer's sole remedy and Provider's sole obligation, Customer will be entitled to a service credit, calculated by: (a) the monthly Altis platform fee, multiplied by (b) the sum of the SLA promised rate less the calendar month’s Service Availability Rate.; The Service Availability Rate is expressed as a percentage calculated by: (a) the amount of wall-clock time in a given calendar month, as measured in minutes and rounded up to the nearest minute during which the Service Availability is considered Available, divided by (b) the number of total minutes in a given calendar month.
• Approach to resilience: The Altis Cloud architecture is a highly-available, resilient, autoscaling cloud system built to handle any level of traffic. Altis Cloud has been designed from the ground up to be flexible, scalable, and performant, while minimising cost.; ; Redundancy: Altis' underlying datacenter provider ensures critical components have backups across data centers, zones, and regions, minimizing downtime from hardware failures or disasters.; ; Auto Scaling: Altis adjusts compute resources dynamically based on demand, maintaining performance during traffic spikes and avoiding resource exhaustion.; ; Fault Isolation: Altis isolates failures to specific areas, preventing cascading issues and ensuring system continuity.; ; Continuous Monitoring: Altis proactively detects potential issues and anomalies, taking preventive measures to maintain service availability.; ; Disaster Recovery: Altis provides robust solutions like Altis Backup and Disaster Recovery, enabling data and application protection across regions for business continuity.; ; High Availability: Altis features built-in redundancy and failover mechanisms, distributing traffic and replicating data across zones for consistent performance and accessibility.
• Outage reporting: The client will receive email alerts that is typically linked to a service ticket that is created by our cloud engineers.; ; Service ticket is accessible via the client dashboard as well.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: For management interfaces and support channels we require our clients to have an account on our communication platforms, which requires 2FA.; ; For access to WordPress, custom access restrictions can be applied, including custom user roles, area access restriction, single sign on and 2FA.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: OSPAR Attestation (Singapore Banking Standard)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: We have aspects modelled from ITIL which are audited using the SSAE3000 standard for our OSPAR report. Additionally, we meet the Cyber Essentials certification. At the technical level, we follow the Center for Internet Security (CIS) AWS Foundations Benchmark and the AWS Well-Architected Framework.
• Information security policies and processes: For Website development:; All Human Made employee's must follow a strict company policy for information security as set out in the company handbook. Details on this are available on request.; ; For website hosting:; Altis is built on the Amazon Web Services (AWS) cloud, which has attained certification and accreditation for thousands of standards, including SOC 2, ISO 27001, ISO 27017, and many more.; ; We operate robust internal controls, and have achieved OSPAR attestation in compliance with the Association for Banks in Singapore’s guidelines.; ; All Human Made employees are mandated to undergo and pass a security awareness training course.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: For website development process:; Our Agile development process and tool are continuously updated to provide optimal performance. Every new process or technology is rigorously tested for security risks before being deployed into operation. ; ; For client change requests:; Change requests are recorded and assessed for their time/budget impact. Using an Agile process allows us to reallocate tasks and priorities on a weekly basis.; ; For Altis (Cloud Hosting):; All changes made to Altis infrastructure follow a specific change management process, including risk rating, testing, and approval steps as appropriate for the risk level. Regular maintenance is performed during a weekly time slot.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Human Made have policies and processes for Vulnerability Management, Vulnerability Reviews and Penetration Testing. Human Made performs annual vulnerability assessments and penetration testing following established processes.; Human Made assesses vulnerabilities across many systems, services and applications using a combination of Machine Image scanning, Docker Image scanning and AWS Config. Issues are tracked in the product development backlog, and prioritized according to risk and impact.; Human Made will perform annual penetration testing according to established processes and activities. Results are reviewed and prioritized for remediation.; Human Made has penetration test reports available upon request
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Human Made continually collects and monitors logs from customer applications and systems. SSH authentication logs are tracked off-server, and only accessible to authorized individuals. Customer’s web server access logs are collected to a centralized logging service for future analysis and investigation. Access logs include request IP addresses, date, URLs and more. Actions and resource changes in AWS are tracked in AWS Config which act as an audit log of all changes to FI’s systems.; ; Virtual Machine Systems are monitored using AWS Security Hub using CIS Benchmarks.; ; Response to incidents are defined by the selected support tier.
• Incident management type: Supplier-defined controls
• Incident management approach: Altis operates a robust incident management process. Incidents can be triggered by automated alerts and monitoring which Altis has in place, or by customer-reported issues.; Customers may contact Altis by filing an urgent support ticket (either through the Altis Dashboard or via an emergency email address). Urgent support follows the urgent SLA of 2 hours, with typical response times of 15 minutes. For incidents triggered by Altis engineers, proactive communication is established as an early first step.; Any triggered incident will immediately page the on-call engineer. Altis has a global team geographically distributed around the world with engineers always available.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Altis Cloud is fully built on top of Amazon Web Services (AWS), and we use their services end-to-end to serve pages to users. AWS is actively working on sustainability efforts, including achieving carbon neutrality by 2025.; ; This includes a variety of regions powered by 100% renewable energy, including all of our European and American regions. Altis customers can select one of these green regions, with our prices the same across every region.; ; More information available at https://www.altis-dxp.com/sustainability-with-altis-cloud/

Pricing

• Price: £132 to £190 a unit an hour
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@humanmade.com. Tell them what format you need. It will help if you say what assistive technology you use.