Rocktime Ltd

Bilingual Content Management Systems (CMS)

Logic CMS is a powerful 'Open standards' Bilingual Content management System that enables organisations to easily manage the content, media and documents of their websites, Intranets and extranets. Powered by the latest Microsoft .Net technology, Logic CMS has an intuitive user interface, proven security and flexible development options.

Features

• Open Standards .Net Technology
• Role based permissions
• WYSIWYG editor
• Flexible Database Driven Modules
• Fully responsive front end (HTML5 & CSS)
• Responsive control panel
• Integrates with 3rd party and legacy software and systems
• Enterprise level security
• Optimised for search accessibility
• Media & document management functions

Benefits

• Publish and manage bilingual content from multiple devices
• User access & permissions are based on job role requirments
• Real-time reporting on site activity
• Low cost of ownership with no per-user charges
• Business efficiency with site content, imagery and media management
• Intuitive and user friendly interfaces that are fully customisable
• Continual system expansion inline with business goals
• Integrated social media content activity
• Manage content from multiple sites through a single dashboard.
• Compliant with CESG architectural pattern number 10

£5,000 an instance a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rtsales@rocktime.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

397562605556202

Contact

Alex McCreath
01202 678777
rtsales@rocktime.co.uk

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Verso data management and licensing SaaS platform.; Bespoke web database driven platforms purpose built for public sector
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: N/A
• System requirements: Use to support Rocktime developed web platforms

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email or online ticketing within working day(s)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: He support types are prioritised according to potential business impact and are identified as follows: Priority Level 1 • Critical bug fixes (errors that prevent the site from functioning) • Ecommerce (errors that prevent the site from functioning) • Payment platform (errors that prevent the site from functioning) • Server Diagnosis (if on Rocktime Hosting) Priority Level 2 • Minor Bug fixes • Validation issues • JavaScript issues Priority Level 3 • Simple text changes (for static content) • Graphical amendments (for static content) • Minor usability changes • Simple programming changes • Browser compatibility issues (for static content) for past and / or future browsers • Minor layup alterations (for static content) Priority Level 4 • Core updates • Module updates (core and control panel) • Security updates Each support issue will have a ‘ticket’ raised and the appropriate resolution/work will be scheduled within our standard work schedule and communicated to the client. Our response times for support issues raised during normal working hours are as follows: • Priority Level 1: Within 36 hours • Priority Level 2: Within 50 hours • Priority Level 3: Within 1 Week • Priority Level 4: Updates applied every 6 months (unless critical)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Rocktime's CMS has been purpose built to enable the company to offer a Buyer a tool to manage their Rocktime developed web platform. From the Discovery Phase through a sprint development process to completion, the client will form part of the delivery process resulting in a training program to introduce all users to the web platform. Online training and user documentation form part of the release cycle.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data is held in a SQL database or if integrated, within the users systems. all data will be extracted by Rocktime and sent to the user in their preferred format at the end of the contract.
• End-of-contract process: Rocktime have a documented process for onboarding and offboarding clients using verso. this includes extracting client data from verso and ensuring all API links are closed. Any developer time required for this process will be quoted for depending on the client configuration.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: No
• Customisation available: No

Scaling

• Independence of resources: Scalable hosting resources applied to hosting environment when necessary to support service demands

Analytics

• Service usage metrics: Yes
• Metrics types: Custom reports discussed with the client
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data Extraction file
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The Supplier warrants that supply of access to the system shall be available at a level not less than 99.9% per month - (Standard Service Level Guarantee). This excludes - Failures of network/equipment/circuits not operated by the Company, its sub-contractors or suppliers; Failures of circuits that are outside of the Supplier or their sub-contractors or their suppliers reasonable control; In the event of Service suspension due to technical fault in the network or act of God or otherwise, the Supplier will use best endeavours to resume the Service with minimum delay but will not be responsible for loss suffered by the Buyer other than in accordance with this agreement or law. The Supplier may suspend the Service from time-to-time for necessary technical reasons and network upgrades without invalidating its Service Level Guarantee provided that 1 days’ notice via email or phone call has been given to the Buyer and the period of suspension is not more than one hour. The Supplier shall at all times minimise the disruption to the Buyer and act reasonably. Service Credits are used to calculate the number of Service Credits due during any calendar month period as a result of non-achievement of target service levels.
• Approach to resilience: Available on Request due to sensitivity
• Outage reporting: Rocktime will communicate to the Buyer of an outage of the hosting service within the hour (of a working day) and will continue to update the client until such time as the service has been restored. Such updates will take the form of email alerts to designated Buyer stakeholders.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Control panel utilises role based permissions, so staff and admin user functionality is defined by the users individual login permissions. Support functions are limited to named persons within the organisations who will either email or provide authentication when using telephone support
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 01/02/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Self Assessment - SAQ-D
• PCI DSS accreditation date: 25/04/2023
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: CESG Architectural Pattern No. 10

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Rocktime conforms to ISO 27001 & 9001 standards which require the continual monitoring and management of services provided by the company and specifically its members of staff.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Rocktime performs according to its Access Control Policy. Availability, confidentiality and integrity are fundamental aspects of the protection of systems and information and are achieved through physical, logical and procedural controls. It is vital for the protection of systems and information authorised users who have access to Company systems and information are aware of and understand how their actions may affect security. Availability – systems and information are physically secure and will be accessible to authorised persons when required. Confidentiality - systems and information will only be accessible to authorised persons.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Rocktime's ISO:27001 policies and procedures support risk management to mitigate threats to its services that are continually followed as part of delivering both strategic and operational objectives. Deployment of security patches conforms to Rocktime's Patch Management Policy available upon request. Rocktime is supported by various 3rd party organisations (suppliers of software used by the company and industry security bodies) which are continuously monitored to identify potential threats which are then accessed to determine if they impact Rocktime and/ or Client systems managed by the company.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Rocktime approach to protective monitoring includes (but is not limited to) inspection of firewall logs, the investigation of security alerts, and monitoring of intrusion detection systems. Any potential compromise identified is logged in accordance with ISO 27001 and referred to ICT Management whilst the compromise is investigation with appropriate action to mitigate or resolve undertaken. Rocktime response times are in according to the level of severity of an incident.
• Incident management type: Supplier-defined controls
• Incident management approach: Rocktime performs according to ISO 27001 certification and therefore has pre-defined processes as part of logging non-conformities. An incident record is created with a structured process of investigating, resolving and auditing the results by the ICT Management.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Public Services Network (PSN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Rocktime Limited aims to achieve excellence in all areas of our company with the commitment to minimising the environmental impacts of our business operations. Our commitment sets out to: • Reduce our consumption of resources and improve the efficient use of those resources. • Continuously improve our environmental performance and integrate recognised environmental management best practice into our business operations. • Measure and take action to reduce the carbon footprint of our business activities to meet objectives and targets. • Manage waste generated from our business operations according to the principles of reduction, re-use and recycling. • Manage our business operations to prevent pollution. • Give due consideration to environmental issues and energy performance in the use of our office buildings. • Ensure environmental, including climate change, criteria are taken into account in the procurement of goods and services. • Comply as a minimum with all relevant environmental legislation as well as other environmental requirements. To meet our commitments, we will: • Set and monitor key objectives and targets for managing our environmental performance at least annually. • Communicate internally and externally our environmental policy and performance on a regular basis and encourage feedback. • Communicate the importance of environmental issues to our people. • Work together with our people/employees, service partners, suppliers, landlords and their agents to promote improved environmental performance. • Promote appropriate consideration of sustainability and environmental issues in the services we provide to our clients. • Review our environmental policy regularly.

  Covid-19 recovery

  Covid-19 recovery As a cloud technology company, Rocktime has been successful in implementing changes to processes and procedures to adapt to the new norm that features greater flexibility in the manner in which it conducts its business both with its staff as well as with clients. The company has actively promoted excellence through the use of technology that helps local businesses to connect and work more effectively, benefitting from collaborative working arrangements to foster positive business relationships in the local community and recovery as we exit Covid-19 and accept the current economic landscape. The company engages with local diverse market businesses to advise on the use of technology in the same manner as it does with its public sector clients with the aim to open up supply chain opportunities.

  Tackling economic inequality

  The company’s values a diverse workforce and the contribution each individual makes. We are committed to promoting inclusivity, equality and diversity in our policies, practices and procedures. This policy applies to the company's dealings with all its people as well as others engaged by or who work with the firm including, for example, clients, job applicants and other third parties. The company believes in treating everyone equally and with the same attention, courtesy and respect regardless of their age, disability, gender reassignment, marriage/civil partnership, pregnancy/maternity, race, religion or belief, sex and sexual orientation which is referred to within its Equality, Diversity and Inclusion Policy as the "protected characteristics".

  Equal opportunity

  The company has always believed in promoting diversity within the workplace and this forms part of its recruitment practices. Using the 5 foundational principles of quality work set out in the Good Work Plan (e.g. fair, pay, participation and progression, voice and autonomy). Career advice with local schools offers opportunity to instil insights and confidence in potential career paths for young people whilst also providing the opportunity for a work placement. Additionally, consideration is made for recruiting trainees and training them to perform roles whilst offering them a career path within the business or as a means to seek one elsewhere.

  Wellbeing

  The company recognises the pressures that have arisen in recent times with Covid-19 and the effects of social distancing, remote working and travel enforcements. Through constant dialogue with its team the company has sort to provide flexible working conditions whilst maintaining regular and personal engagement to reduce the impact of loneliness and isolation. Believing in the positive nature of ‘culture’ within a company, initiatives are in place to maintain and reinforce a team mentality that aims to support individuals and foster wellbeing.

Pricing

• Price: £5,000 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rtsales@rocktime.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.