Acquia Inc

Acquia Cloud IDE

Acquia Cloud IDE is a preconfigured cloud based development environment. Developers can write code and use a command line interface all from their browser with no required setup. Integrating seamlessly with our other environments, Acquia Cloud IDE gets developers coding on day one.

Features

• Visual code editor
• Source code editor & IDE
• Git / Git UI integration
• PHP Code Sniffer
• Built-in site preview and terminal
• Preinstalled Drupal Plugins
• Drupal best practices
• Node.js / NPM / NVM
• Drush Launcher
• Preconfigured Chromedriver

Benefits

• Optimized Drupal environment with built-in best practices
• Reduced maintenance
• Improved code quality
• Faster Performance
• Ready to debug
• Keep it SaaS, keep it safe
• Faster ramp-up time

£640 a licence

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at christian.walker@acquia.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

407169306794251

Contact

Christian Walker
+44 (0) 7807302254
christian.walker@acquia.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Modern web browser
  • Modern operating system

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Times are not different on weekends. Response times vary based on the level of urgency for a given issue.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Acquia provides standard technical support, advisory hours, technical account managers and enablement services.; ; Support Levels: Starter, Basic, Business, Premium, Elite; ; See details at: https://docs.acquia.com/support/guide#overview_subscriptions; ; Customer may contact Acquia Support Services by submitting tickets or by phone. Response times to tickets are based on the level of urgency. ; ; "Critical" issues where the customer's production system is inoperative, production operations are several impacted, or involving a critical security issue have a 1 hour, 24x7 initial response time. ; ; "High" urgency issues (Customer’s production system is operating but the issue is disrupting Customer’s business operations; a workaround is not suitable for sustained operations) have a 2 hour maximum initial response time during business hours. ; ; "Medium" urgency issues (Customer’s system is operating and the issue’s impact on Customer’s business operations is moderate to low; a workaround or alternative is available) have a maximum 4 hour initial response time during business hours. ; ; "Low" urgency issues, which do not impact business operations in any significant way and have little or no time sensitivity, have a maximum initial response time of one business day.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Digital Asset Repository with Acquia Drupal Integration includes Acquia Professional Services onboarding training. Online training and documentation is also available.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data can be mass exported from Redshift to S3, or an API can be used to selectively export data.
• End-of-contract process: No additional cost at end of contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Extendable via API
• Accessibility standards: None or don’t know
• Description of accessibility: There is accessibility testing and guidelines we follow, including WCAG, as we design and develop, but we can’t formally say that these have been tested against WCAG compliance guidelines, at this point.
• Accessibility testing: There is accessibility testing and guidelines we follow, including WCAG, as we design and develop, but we can’t formally say that these have been tested against WCAG compliance guidelines, at this point.
• API: Yes
• What users can and can't do using the API: The product includes an API to integrate with virtually any 3rd party technologies, including your custom-built databases, cataloging systems, distribution systems or marketing and CRM platforms, such as Marketo and Salesforce.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users control access permissions, in other words, who can customize the service. Custom integrations, content types, and workflows are some of the customizable features.

Scaling

• Independence of resources: Performance scales with spikes in traffic, and protects the eCommerce system from internet traffic for increased system performance.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: This is done through templates and/or APIs.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • CSV
  • XML
  • Serialized PHP array
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • CSV
  • XML
  • Serialized PHP array

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: AWS, our hosting provider, is responsible for encrypting VM images during transport.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.95% uptime SLA; ; In the event Acquia does not meet this service commitment, customers are eligible to receive a service extension. For each one-half hour of unavailability, customers will receive a one-day extension of their subscription.
• Approach to resilience: For Acquia's cloud platform that supports this service: At the Internet-facing tier, a software-based load balancer is deployed with a hot standby in a different availability zone in the same region. The load balancer distributes load across multiple web servers, which are also distributed across multiple availability zones. Acquia's expert operations team adds additional web servers to the resource pool as needed. The load balancer continuously monitors the web servers, and if a server becomes unavailable, it removes it from the pool of hosts serving the site. Web servers use a shared network file system (GlusterFS) so that all files are kept in sync and redundant to each other At the database layer, a scalable database cluster serves the site with active and passive database servers in multiple availability zones. The active master database server continuously updates the passive master database using MySQL replication. In the event of a failure of the master database, the passive database becomes primary through a DNS-based failover.
• Outage reporting: For outages, customers can subscribe to the Acquia Status page by email, SMS messaging, or RSS/Atom feeds. You can subscribe to individual components, individual incidents, or all notifications. This enables you to get only the updates that you feel should be appropriate for your site.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Acquia has baseline access security requirements. Access controls can be configured by customers for increased security.
• Access restriction testing frequency: Never
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: - SOC 1; - SOC 2; - HIPAA; - PCI-DSS; - FedRAMP
• Information security policies and processes: Acquia follows its Information Security Policy and Procedures.The information security policy is required to be reviewed on an annual basis and approved by either the CISO or the Senior Director of Information Security; ; All Acquia employees, interns, contractors, and third party contractors are required to complete a security awareness training course upon hire and annually thereafter, that educates workers about Acquia's security policies. In addition, they are required to sign off on the Acquia acceptable use policy that includes acknowledging the receipt and review of the information security policy.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Acquia utilizes an agile change management process. System changes are managed by the Acquia engineering team who use a single server in each environment which is configured as the configuration management server. Changes are grouped into sprints. System changes are tracked in a change management ticketing system and required to be tested and approved prior to being implemented into the production environment. Version control software is in place to help ensure that code changes are tracked and can be rolled back as needed. Changes are assessed for potential security impact.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: At the Operating System and LAMP stack layers, Acquia employs a third-party vulnerability assessment platform, Rapid7, to perform authenticated host-based vulnerability scans against a representative sample of Acquia server types. The vulnerability scans are run weekly and reported to Acquia's security and operations teams. Vulnerabilities are reviewed, identified, and categorised by the Acquia security team, which assigns and prioritises reported vulnerabilities and documents mitigation steps to be implemented by the Acquia operations team.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Acquia uses OSSEC, an open-source, host-based Intrusion Detection System (IDS), which performs log analysis, integrity checking, and time-based alerting. Action is taken immediately if a compromise is identified. All affected or potentially affected customers are notified immediately.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Acquia has a formally documented Incident Response Plan that describes discovery, investigation, escalation, containment, notification, and documentation processes of security incidents. Upon initial notification that a Security Incident that has occurred, or is in progress, and is customer impacting it is the responsibility of Support team to notify the customers who are likely to be affected by the incident. Regular updates will be sent depending on the nature of the incident and as determined during the incident declaration stage.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Wellbeing As a global organization with employees located in over 14 offices across the globe, Acquia prides itself on inclusion, being open to, and celebrating the cultural differences that make up or team. Here are some practices and initiatives that support diversity and inclusion: - Code of Conduct policy - Annual Affirmative Action Plan (AAP) reporting, including a targeted action plan. - Sponsorship of annual Pride celebration throughout its global offices. - Support of Women's initiatives through partnering with local organizations that provide educational and leadership opportunities. Acquia also facilitates an internal mentoring program that connects a diverse set of employees at varying skill levels in the organization together to promote growth, development, and coaching opportunities.

Pricing

• Price: £640 a licence
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at christian.walker@acquia.com. Tell them what format you need. It will help if you say what assistive technology you use.