NHS Trust Website design and build service
A new website for your trust or healthcare body. Covering citizen information, regulatory requirements and advisory content. Tailored content management system using a major open-source technology to avoid vendor lock-in.
Features
- CQC integration to meet regulatory needs.
- Secure platform, hosted with web application firewall
- Service pages, step-by-step process pages and more
- Directories to show locations on a map and in search
- News and events pages
- Custom forms with wide range of integrations
- Widely used with community of practice and dedicated slack
- Application of organisational branding and styling
- Integrate with your organisation's single-sign-on, including ActiveDirectory
- Content migration from previous platform
Benefits
- Reduce carbon emissions with highly green sustainable sites
- Highly experienced developers, with years of relevant experience
- Content management system designed to meet public sector needs easily
- World leaders in accessibility, contributing to the WCAG standards
- Advice on content management strategy and tone of voice
- Security and quality certifications
- Hosted in your choice of Azure, AWS or GCP
- Web application firewall and role-based access control
- Fully managed service, but open-source. No vendor lock-in.
Pricing
£500 to £1,500 a unit
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
3 6 9 1 4 4 4 8 6 6 0 5 2 9 1
Contact
Nomensa Ltd
Stuart Pollock
Telephone: 0117 9297333
Email: gcloud@nomensa.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud
- Service constraints
- NA
- System requirements
- Solution specific - to be confirmed with client
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 1 hour
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- We provide three tiers of support, offering in-hours service, out-of-hours for P1 incidents only and out-of-hours service. These include all appropriate skills and is based on the 'Live Service' lot 3 service and the SFIA rate-card.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We conduct a discovery to identify user needs, functionality requirements, NFRs etc.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- PPT
- Diagrammatic
- End-of-contract data extraction
- We will export data and transmit this to you, or work with a new supplier to transfer directly.
- End-of-contract process
- An export of customer data is included. Additional engineering time follows our SFIA rate-card. Any additional services would be agreed in advance.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Mobile compatible accessible designs
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- Accessible, simple to use
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- WCAG 2.1AA compliant - user testing with users of assistive technology
- API
- No
- Customisation available
- Yes
- Description of customisation
- Bespoke to client needs
Scaling
- Independence of resources
- We use automatic horizontal scaling of compute and IO, coupled with monitoring of databases to manually scale vertically. We use a CDN and caching to minimise load on services.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Though optional analytics
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- Less than once a year
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Encryption of all physical media
- Other
- Other data at rest protection approach
- The underlying hosting fabric manages the physical security of data. Any aspects held by Nomensa, such as infrastructure as code and contract administrative are stored on encrypted drives.
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- We will export data and transmit this to you, or work with a new supplier to transfer directly.
- Data export formats
-
- CSV
- ODF
- Data import formats
-
- CSV
- ODF
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- We pass on guarantees of underlying hosting service
- Approach to resilience
- We use containerisation to supply self-healing compute, which automatically restarts in the event of issues. We use infrastructure as code to allow disaster recovery to alternate zones or regions, in the event of major outages. More details are available on request.
- Outage reporting
- We produce monthly reporting on outages. We can offer email alerts or more frequent notification if requested.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Username or password
- Other
- Other user authentication
- Service is fully managed, all access is through support channels.
- Access restrictions in management interfaces and support channels
- We use Jira Service Desk's accounts system to restrict access to open tickets.
- Access restriction testing frequency
- Never
- Management access authentication
- Other
- Description of management access authentication
- No direct management access
Audit information for users
- Access to user activity audit information
- You control when users can access audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- You control when users can access audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 01/11/2023
- What the ISO/IEC 27001 doesn’t cover
- Our ISO27001 accreditation covers all of our services
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- No
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- We hold CyberEssentials Plus and ISO27001. We have an ISMS that is responsible for managing security policies and processes. We internally and externally audit our compliance.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Infrastructure is defined as Infrastructure-as-Code, which follows our secure development policy and is versioned. Security impact is evaluated through a combination of expert review and automated checkers.
- Vulnerability management type
- Undisclosed
- Vulnerability management approach
- We use software bill-of-materials generation and scanning to evaluate threats. We will work with you to ensure that vulnerabilities are patched or mitigated according to severity and priority.
- Protective monitoring type
- Undisclosed
- Protective monitoring approach
- Client-specific monitoring as agreed.
- Incident management type
- Undisclosed
- Incident management approach
- Incident management through support-desk.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Tackling economic inequality
- Equal opportunity
Tackling economic inequality
Tackling economic inequality: Nomensa are gold-accredited Investors in People, demonstrating our emphasis on learning and development and ensuring this has impacts beyond our business and into the local community. We continue to work closely with local schools, colleges, universities and other organisations to help build the local digital skills economy for the current and next generation. Recognising the benefits of a diverse workforce, we’re committed to creating employment opportunities, particularly for those facing barriers to employment. Each year, two interns join us as part of Hargreaves Lansdown’s Strive Internship, which offers paid internships to BAME students. Organisational growth has enabled us to increase the number of apprenticeship, graduate and internship roles we offer. Since 2013, 52 apprentices, interns and graduates have developed their skills and progressed their careers with us. We also partner with charity Envision, who work with young people from less advantaged backgrounds to “make change happen whilst building their skills beyond the classroom”. Envision is a UK based charity that empowers young people from less advantaged backgrounds who are underrepresented in the world of work to develop essential skills and confidence through tackling social issues affecting their community. This year our mentor team won Mentors of the Year across the programme as well as the group of young people winning the overall award for Envision finalists 2023/24. As part of our commitment to social responsibility and community involvement, we have our Employee Volunteer Day initiative. Employee Volunteer Day is an opportunity for all employees to take a day off from work to support a charitable cause of their choice. So far, our volunteering hours include: • Supporting Bristol University outreach to school’s program providing coding and development support to events for school children. • Volunteering at career days. • Support on steering groups for Vocscur’s LGBTQ+ partnership.Equal opportunity
Equal Opportunity: We recognise the importance of a diverse workforce and are committed to providing a working environment that is free from discrimination. We promote the principles of equality and diversity across everything we do and work to ensure that our workforce is not only representative of UK population but treated fairly and equally. As part of our E&D policy, we encourage applications and provide the support for candidates regardless of sex, race, disability, age, sexual orientation, gender reassignment, religion or belief. We know our work to meet this ambition is never finished and constantly strive towards identifying improvements to our people, processes, supply chains and environment. We continue to proactively monitor, evaluate and improve our offering, but we currently have in place the following processes: • Inclusive recruitment training and use of inclusive practices, including blind CVs, utilising alternative recruitment networks that aim to support underrepresented groups (e.g. Technojobs) and providing specialist support throughout the recruitments process, being recognised as a Disability Confident Committed company. • Early careers paths established using apprenticeship route (Level 3-Level 6) and exploring opportunities for structuring new and existing roles in line with T-level and higher apprentice frameworks. Attracting typically under-represented groups within the sector, our initiatives have already seen 52 Graduates/Apprentices since 2013. • Intern schemes, including already participating in Hargreaves Lansdown’s Strive Internship, which aims to offer up to 75 paid internships to minority ethnic students, alongside the Envision mentoring scheme, where we provide mentoring to local schools, recently winning mentors of the year 2024 and the group of young people we mentored from Digitech winning the overall event. • Employee-led working groups and assigned individuals leads, including a equality diversity and inclusion group, who proactively monitor, plan and implement new initiatives, schemes and processes.
Pricing
- Price
- £500 to £1,500 a unit
- Discount for educational organisations
- No
- Free trial available
- No