Remarkable

Sitecore XP

Sitecore Experience Platform (XP) is an all-in-one digital experience platform (DXP) that caters to businesses looking to deliver exceptional customer experiences across various channels. It goes beyond just content management, offering a comprehensive suite of tools.

Features

• Content Management
• Customer Analytics & Reporting
• Omnichannel Support
• User-friendly editing tools
• Multi-site management
• Headless
• A/B testing and optimization tools
• Marketing automation tools
• Personalisation features

Benefits

• Manages all content and commerce needs in one location
• Personalized Customer Journeys
• Data-Driven Decisions
• Omnichannel Engagement
• Scalability, adapts to accommodate the growing needs
• Gain valuable customer insights
• Craft targeted marketing campaigns

£50,000 a licence

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jonathan.ward@remarkable.global. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

406296886725012

Contact

Jonathan Ward
07821 644 499
jonathan.ward@remarkable.global

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The solution is out-of-the-box hosted on the internationally available Microsoft Azure Cloud, which could be changed if required. Some Azure knowledge could be used if customized reports etc. are required on hosting statistics. The cost constraint of a 'Pay as you Go' Azure service applies. Dependent upon requirements the security services may require customization, rather than using standard setting which are out of the box.
• System requirements:
  • Docker Desktop: With Windows containers enabled
  • Node.js: Version 16.15.1 or later
  • .NET Core SDK: Version 3.1 or later
  • .NET Framework SDK: Version 4.8 or later
  • Visual Studio: Recommended to be version 2022 or later

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Immediate notification of receipt of fault.; Critical fault 30 minutes (system unusable); Urgent Fault 60 minutes (error in a single module); Non-urgent Fault 4 hours (minor impact, still usable)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide the following support levels ...; - Standard office hours; - Extended office hours; - 24x7 coverage; All are by agreement with the client.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training can be provided or remote training can be provided. Full documentation of our service can be issued. Online training is also available which can be trainer lead.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: This can be manually performed as the users require. All content and database elements can be extracted, via a robust API, or by using Microsoft SQL Server.
• End-of-contract process: Only extraction of data elements or transferring to another system, are not included in the price of contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service when developed for an individual company can operate on any range of devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Standard Microsoft Azure facilities are used on an ongoing basis for the interface.
• Accessibility standards: None or don’t know
• Description of accessibility: The end product customized for a company has been tested over the whole variety of WCAG standards and the See It Right standard.
• Accessibility testing: Full, customized end product testing has been performed with clients which cover the whole range of WCAG and See it right standards,
• API: Yes
• What users can and can't do using the API: The service can be extended to include templates as required by the end users and editorial facilities are provided either by properties or by on-page editing.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The whole of the end-user DXP solution environment is customisable. The services environment is not customisable.

Scaling

• Independence of resources: Fully implemented on Microsoft Azure with configurable regions and levels of usage are available.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage and performance metrics.
• Reporting types:
  • API access
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Sitecore

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported via the API and /or by using Microsoft SQL Server facilities which would extract to CSV files and could be either directly or indirectly.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: High Availability for Sitecore on Azure: If you're using Sitecore hosted on Microsoft Azure, Microsoft's Azure Kubernetes Service (AKS) guarantees a certain level of uptime depending on your configuration.; ; With Availability Zones: AKS offers 99.95% uptime for the Kubernetes API server endpoint.; Without Availability Zones: AKS offers 99.9% uptime for the Kubernetes API server endpoint.
• Approach to resilience: High availability is provided by maintaining acceptable continuous performance despite temporary failures in services, hardware, datacenters or fluctuations in loads. Disaster recovery through protection of an entire region by asynchronous replication for failover of virtual machines and data using Azure Site Recovery and geo-redundant storage is provided. Backup by replication of virtual machines and data to one or more regions using Azure Backup is provided.
• Outage reporting: Outages are reported through the portal and also with email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Only the individuals concerned are allowed access to incident management systems, development systems. Individuals are designed to police particular areas of our development process and report upon these.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 06/02/2024
• What the ISO/IEC 27001 doesn’t cover: No exemptions
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We possess the following security policies and processes ...; ; Information Security Management System Statement & Policy; Information Security Management System Manual (ISMS); Office Security Policy; Equipment Provision Policy; Mobile Device Policy; Personal Device Policy (BYOD); Access Control Policy; Password Policy; Collaboration Software Policy; Handling and Destruction of Data; Remarkable Consulting Workplace Visitors' Policy; Quality Management Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Unit testing of a solution is performed by a developer and when they are satisfied is passed to a Development Manager for code inspection. When this has been passed the solution goes to formal Quality Control with a promotion of the solution to the QA environment. When this has passed QA testing the solution is moved to Integration environment where it can be inspected by the client. When this has been approved it is moved to the production environment. At any of the stages if failure occurs then the solution goes back to the developer and the process is restarted.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We monitor logs, use security and vulnerability software to detect any incidents. Dependent upon the severity we would look to deploy patches in 2 weeks (earlier if more severe).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We monitor systems regularly for potential intrusion and depending upon the severity of any findings would seek to remedy these within a week.
• Incident management type: Supplier-defined controls
• Incident management approach: The client will have entered into a particular support category, typically office hours, extended hours or 24x7 coverage and these will determine the metrics of the service level agreement. ; Incidents can be reported using our incident management software and is categorized into Critical, Urgent or Non-urgent by in house staff. The issue is then scheduled to be rectified, and at this point, if any temporary fix is needed, then this is applied. The issue is monitored using the incident management system which the client has access to. It is reported upon at the status meetings and cleared, tested.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Site has reduced their carbon footprint: This involves things like using renewable energy sources for data centres, optimising code to reduce energy consumption, and encouraging employees to conserve energy.

  Covid-19 recovery

  Omnichannel Marketing: With consumer behavior shifting toward online channels, businesses need to be present where their customers are. Sitecore's platform allows for omnichannel marketing, ensuring consistent messaging and branding across all touchpoints, whether it's a website, social media, email, or mobile app. This joined-up approach is essential for businesses to re-engage customers post-pandemic.

  Tackling economic inequality

  Targeted outreach: Sitecore allows for personalization of content based on user data. This could be used by NGOs or government agencies to target resources and information to the communities most affected by economic inequality.; ; Fundraising and advocacy: Sitecore can be used to create user-friendly websites for fundraising campaigns or to promote advocacy efforts for policies that address economic inequality.; ; Data analysis: Sitecore collects customer data that can be used to understand the demographics of those most affected by economic inequality. This data can then be used to inform outreach and advocacy efforts.

  Equal opportunity

  WCAG compliance: Sitecore allows developers to build websites that adhere to Web Content Accessibility Guidelines (WCAG). This ensures your website is usable by people with disabilities, promoting equal access to information and opportunities. Features like keyboard navigation, screen reader compatibility, and alternative text descriptions for images can be implemented with Sitecore.; ; Multilingual content: Sitecore supports the creation and management of multilingual content. This allows you to cater to audiences with different languages, ensuring everyone has access to information and avoids unintentional exclusion.

  Wellbeing

  Support groups and forums: Sitecore can be used to create online communities where users can connect, share experiences, and offer peer support related to wellbeing. This can foster a sense of belonging and encourage users on their wellness journeys.; ; Understanding user needs: Sitecore can leverage user data (with user consent) to understand user preferences and goals. This allows for personalized content delivery, recommending healthy recipes, fitness routines, or mindfulness exercises tailored to individual needs.; ; Privacy and security: User data collection for personalisation should be transparent and adhere to privacy regulations.

Pricing

• Price: £50,000 a licence
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jonathan.ward@remarkable.global. Tell them what format you need. It will help if you say what assistive technology you use.