Code Enigma Limited

Drupal website audit

Comprehensive audit of your Drupal website. We'll investigate your codebase for performance and security issues within core, contributed or custom modules. We'll provide feedback on code quality, particularly in custom code. We'll report on recommendations to align with Drupal best practices, and a summary of findings according to severity.

Features

• Fixed fee audit
• Comprehensive audit, with findings identified by severity
• Assessment of quality, performance and security
• Audited by Acquia qualified Drupal developers with 10+ years experience

Benefits

• Impartial third party perspective
• Easily prioritise efforts to make quick progress towards improvement
• Benefit from engaging a partner who can deliver continuous improvements
• Combine Drupal and accessibility audits for a fuller website review

£1,950 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@codeenigma.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

386505923044778

Contact

Greg Harvey
020 3588 1550
sales@codeenigma.com

Planning

• Planning service: Yes
• How the planning service works: We’ve learned as an agency that one size doesn’t fit all when it comes to delivering projects. Here’s a summary of key parts to any project we run: ; ; Onboarding - It’s important we align with the objectives of the project. The Onboarding meeting is an opportunity for the project team to discuss details, agree on the approach, structure, governance and processes for the project. We’ll also clarify any potential risks and agree on how to mitigate them. ; ; Responsibility - We’ll be working closely together so it’s important we know who has been delegated with decision making responsibility, and who to go for signoff. This will smooth the transitions between each iteration and phase of the project. ; ; Discovery - It’s hard and time consuming to fully spec a project from the start. We build in the flexibility to work together in defining the first steps. ; ; Communication - While our project management tool is the main form of communication between Code Enigma and clients we'll also establish other touchpoints. We’re very used to regular online meetings to discuss ideas and problems. We'll schedule regular meetings to show our work and check we remain aligned with your objectives.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Moving onto implementing fixes identified in an audit, you'll engage our Drupal development team.; ; In our CI/CD process there is an emphasis on controls and checks, both qualitative and quantitative. Within the development lifecycle: ; ; All custom code changes run through a peer-review process to ensure that coding standards and security principles are properly applied and to catch possible bugs early. ; ; End-to-end tests or unit tests are created for the features we develop. ; ; End-to-end testing helps verify the complete application and sub-systems flow, increasing the test coverage and confidence in the overall software performance, including cross browser/device compatibility. ; ; Unit testing improves code quality, helping developers to identify the smallest defects that might be present in the units before they go for integration testing.; ; All developers are familiar with common vulnerabilities, referring to the OWASP Top Ten as a minimum. Drupal coding standards are available, as well as specific documentation for writing secure code for Drupal. We use tools such as Nightwatch for functional testing, BrowserStack or LambdaTest for browser/device compatibility, and axe DevTools and Lighthouse for accessibility testing. You’ll contribute as well through engaging with demos, user acceptance testing and regular feedback sessions to keep us on track with your expectations.

Security testing

• Security services: Yes
• Security services type:
  • Security risk management
  • Security testing
  • Security audit services
• Certified security testers: No

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: Starting with a block of 5 hours a month you can gain access to our expert Drupal team who will be on hand to solve any ongoing issues. Spent time will be recorded in the Service Desk against the issues resolved. We can provide flexibility to extend beyond this time, either by purchasing additional support time (in blocks of 5 hours), or simply on an hourly Pay As You Go (PAYG) basis. ; ; Alternatively, starting from 2 days a month, engage our team on retainer. Our Project Management team will plan the retainer with you each month to ensure the right resource is allocated and the outcomes are agreed so the time is used effectively. Each retainer is followed by a review session to measure the level of success versus the planned deliverables.; ; The benefit of a retainer is the regular, planned iteration of your new Drupal website. The time can be easily aligned with your development roadmap and relied upon to respond to new initiatives to improve your website. It is more proactive, as opposed to the reactive monthly support time as the time can be used for discovery and requirement gathering, as much as the delivery of new features.

Service scope

• Service constraints: We can only support sites using version control. ; Clients and their services are required to conform to our ISO 27001 information security policies. ; We work as a distributed team so will not normally work onsite. ; We're unable to support Windows servers on any hosting platform. ; We're Debian Linux specialists, infrastructure running other versions may require migration to a new server. ; Security in our hosting service is a shared responsibility between Code Enigma, Amazon Web Services (or other hosting provider), and the client.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our Service Desk is available 24/7 for users to submit issues, requests and report incidents. Our UK/EU based team is available from 8am to 6pm (UK). We endeavour to respond to support tickets within one working day.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Our web chat tool, Mattermost is WCAG 2.0L compliant. For meeting Web Contact Accessibility Guidelines 2.0 (WCAG), Mattermost has received a third-party “A” rating and is working towards an “AA” rating. https://docs.mattermost.com/overview/compliance.html#accessibility-compliance
• Web chat accessibility testing: None
• Support levels: All clients have access to the same level of support and Service Level Agreement.; ; Code Enigma provides all clients with secure, authenticated access to our management dashboard. From this, you’re able to manage your users, access instant chat services, view live systems status dashboards and use our secure file sharing.; ; This also enables access to our Service Desk which is based on the open source, issue management tool, Redmine. ; ; Our Operations team oversees contract and relationship management for all clients, including scheduling and chairing regular service reviews. These are an opportunity to review and discuss any key issues/incidents, improvement suggestions/requests and problem/root cause analysis. They are also an opportunity for qualitative feedback on how we deliver our services. The frequency of these reviews is agreed with you, but we typically meet with clients monthly.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA Certification
• ISO/IEC 27001 accreditation date: 30/08/2023
• What the ISO/IEC 27001 doesn’t cover: Areas of HR and Finance teams that deal with company data
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  We choose to base many of our services on AWS due to their commitment to be net zero by 2040. We review the data centres we use against the Green Web Foundation's hosting directory (https://www.thegreenwebfoundation.org/directory/) to look for opportunities to minimise our environmental impact. AWS' approach differs from most other green hosting companies in that it is not only based on offsetting, carbon credits, and tree planting, but also significant investment in renewable energy schemes internationally. We are exploring the prospect of using company funds to subsidise “green” home improvements for our UK employees (replacing gas boilers with heat pumps, solar panel installation, insulation improvements etc.). We reviewed our banks against https://switchit.green/ and have closed our account with HSBC. We currently bank with the Co-Operative, Nationwide, and an investment bank in the North of England, and are investigating Unity Trust and Tide because of their ethical and sustainable approach to banking. We are also official partners of the Eden Reforestation Projects https://www.edenprojects.org/partners?search=Code+Enigma

  Tackling economic inequality

  Code Enigma is proud to be an ethical employer. It’s rooted deep in our values to be fair and open. That’s why we’re members of the Living Wage Foundation in the UK and also signed up to the Prompt Payment Code.; ; We have a dedicated training budget per head, enabling our employees to invest in themselves with supported time off in order to obtain further skills in their chosen field.; ; We are also experts in open source software, we invest heavily via both our time and our mission fund to ensure free software flourishes, which is a major way out of poverty in both the developed and developing world, providing free tools to allow people to train and learn new skills.

  Wellbeing

  Our company Health & Safety, Dignity at Work, and Diversity & Equality policies are coupled with private health cover for our staff - committed to helping them get the help they need when they need it.

Pricing

• Price: £1,950 a unit
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@codeenigma.com. Tell them what format you need. It will help if you say what assistive technology you use.