NEXER DIGITAL LTD

Umbraco CMS Design, Development and Support (Umbraco Platinum Partner)

Umbraco is one of the world's most popular, and easiest to use, open source web Content Management Systems (CMS). Nexer is a Contributing Platinum Umbraco Partner, the highest level of accreditation possible. We’ve built 250+ websites and digital solutions based on Umbraco. We lead the Umbraco accessibility and sustainability communities.

Features

• Research, design and implementation of bespoke websites, portals and applications
• Migration from other content management systems into the Umbraco platform
• Advanced integrations with Umbraco and ERP, CRM and other systems
• Ecommerce solutions based on Umbraco and platforms such as Ucommerce
• Hosting setup and optimisation including Azure cloud
• Umbraco upgrades for both minor and major versions
• Support, maintenance and optimisation services through our UK-based service desk
• Deep expertise in UX research, design and accessibility

Benefits

• Open Source CMS, no licencing costs
• Mature, stable and secure technology
• Flexible and easy to use for content editors
• Responsive across desktop, tablet and mobile
• Content versioning, audit and rollback
• Personalisation and user segmentation
• Supports a multi-lingual and multi-channel digital strategy
• Form builder and workflows
• Ability to build GDPR compliant solutions
• Ability to build highly usable and accessible solutions meeting WCAG

£100 to £125 a unit an hour

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at shaun.gomm@nexergroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

409216347115126

Contact

Shaun Gomm
07878 712133
shaun.gomm@nexergroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No
• System requirements: Umbraco requires a suitable hosting environment

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Standard support is normal UK office hours (09:00 to 17:00) Monday to Friday, excluding public holidays and the period between 26th December and 1st January. However, 24/7/365 support can be provided as an option.; ; Standard response SLAs are: Priority One - 1 working hour, Priority Two - 2 working hours and Priority Three - 4 working hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide three levels of support:; ; 1) Baseline - This is our base support tier and provides access to our support service and JIRA for issue tracking, along with backup and disaster recovery, heartbeat monitoring, and critical (site-down) issue triage and resolution. ; ; 2) Baseline plus hours - Most of our clients have Baseline support plus an agreed number of hours per month. This allows us to provide agreed SLAs and also includes monthly reporting. We operate a flexible service where we can scale up or down our support as required and we don't stop working on issues once our clients have reached their monthly hours. ; ; 3) Retainer service - This tier is Baseline plus an agreed number of hours per month. This includes a dedicated team with a clear roadmap and backlog. It also includes comprehensive analytics set-up, goal-setting and optimisation strategy alongside proactive UX, accessibility and security reviews, and ongoing development of the site or service.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide full training and ongoing support, maintenance and optimisation for the bespoke solutions we build on Umbraco. To get started, we offer comprehensive training that can be tailored to different roles, for example authors, editors and administrators. Our training can be face-to-face or online and we can also provide documentation and videos, if required.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We have a full offboarding process for the purposes of handing over data and other assets at the end of a contract. Encrypted files can be provided to a secure repository.
• End-of-contract process: At the end of our contract we will have a meeting to plan offboarding activities and the level of support you require with this. It is normal for us to securely hand over data and other assets. If we have arranged hosting on your behalf, you can continue the arrangement directly with the hosting provider or move to another hosting provider. If an in-house team or new supplier is taking on the support and maintenance of the Umbraco solution then we can conduct handover sessions and provide documentation, if required. This can all be handled as a project cost or T&M.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is responsive and can be used across desktop, tablet and mobile.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The Umbraco administration interface is browser-based and can be customised to suit your needs.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Automated and manual accessibility testing against the Web Content Accessibility Guidelines (WCAG).
• API: Yes
• What users can and can't do using the API: Umbraco has an extensive API that can be leveraged to implement complex system integration requirements and enables the extension of the system with bespoke development. See: https://our.umbraco.com/documentation/reference/. Umbraco also has a headless CMS option.
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Umbraco can be heavily customised and extended to meet your specific requirements. It is one of the most flexible open source frameworks available.

Scaling

• Independence of resources: The service is hosted on a fully managed public or private (single tenant) cloud-based solution. It is fully scalable to increase on demand ensuring any spikes in traffic can be handled.

Analytics

• Service usage metrics: Yes
• Metrics types: We utilise Google Analytics to provide a full suite of usage metrics. We can also integrate other analytics packages, if required.; ; As well as Google Analytics and with a focus on UX, it's common for us to implement additional tools (such as Hotjar, Microsoft Clarity and Siteimprove) to give further insights on user journeys, behaviours and conversions, providing actionable insights. Data can be presented in various formats, including reports and online dashboards through Power BI.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can export their data from the Umbraco content management system using a CSV/XLSX export. We can also help with extraction of data for you as part of your support package.
• Data export formats:
  • CSV
  • Other
• Data import formats:
  • CSV
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Microsoft Azure offers a 99.9% uptime guarantee. Refunds are returned as service credits.
• Approach to resilience: Please see: https://www.microsoft.com/en-us/cloud-platform/global-datacenters and https://www.microsoft.com/en-us/TrustCenter/.
• Outage reporting: The service status is available via a public dashboard: https://status.azure.com/en-gb/status. We also have separate uptime monitoring tools in place that will instantly alert us to any disruption in service so we can investigate and resolve.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: To access the Umbraco management interface, all users are required to have a unique username and password. We can also implement 2-factor authentication and IP restriction.; ; Access to our support service is also restricted to named individuals with secure login credentials and telephone or email requests are also verified.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: Microsoft Azure has a well-established Information Security Management Program (ISMP) that includes compliance with CSA CCM: https://cloudsecurityalliance.org/star/registry/microsoft/ and ISO/IEC 27001: https://www.microsoft.com/en-us/TrustCenter/Compliance/ISO-IEC-27001. At Nexer, we have our own fully documented information security policies and processes, available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Details of project requirements are outlined in a Proposal document and/or Statement of Work prior to work commencing. Any change requests that deviate from the requirements require confirmation from both parties. All requested changes must be vetted by the Technical Lead on the project before being approved.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We monitor any security vulnerabilities on a daily basis and are alerted to potential threats from a number of sources, such as notifications from Umbraco about the CMS. Any threats are assessed by our technical team. We give all vulnerabilities the highest priority, with critical vulnerabilities patched straight away and those less important still addressed in a timely manner.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Microsoft Azure provides sophisticated protective monitoring tools including Security Center that helps prevent, detect, and respond to threats. Security Center provides increased visibility into, and control over, the security of Azure resources. At Nexer, we also use 3rd party tools for advanced monitoring of our solutions. If a potential compromise is identified the client is notified and this is dealt with as a priority.
• Incident management type: Supplier-defined controls
• Incident management approach: Our clients can report incidents to us through our online ticketing system (JIRA) or via email or telephone. We are aligned to the ITIL incident management process. We encourage clients to provide a priority level indicator with each support request. Higher priority requests take immediate precedence over any existing lower priorities. Clients can log into their dedicated space within our ticketing system to track the status of incidents and their investigation and resolution. We can also provide monthly reports summarising all incidents and their management, if required.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Nexer is committed to reducing the environmental impact of its business, and of the digital products and services we design and build with our customers. We have committed to reducing our carbon footprint by 50% by 2030, in line with the wider Nexer Group. ; ; We have taken a number of important steps to reduce our impact on the environment: ; • Brought in an acknowledged expert in digital carbon reduction, Gerry McGovern, to advise us on how to build more sustainable products and services ; • Calculated the carbon output of our delivery squads and developed a model, which we share with our customers and include in our commercial proposals, for calculating and reducing the carbon footprint of the projects we deliver with them ; • Placed carbon reduction measures at the heart of our strategy, for example in informing our technology choices, building longevity principles into our designs, and committing to energy and waste reduction in our internal ways of working ; ; Much more detail of our carbon reduction policies and actions can be found in our Environmental and Sustainability Strategy on the Nexer Digital website.

  Tackling economic inequality

  We take the following steps to reduce economic inequality in our hiring and staffing model:; ; • We are a Disability Confident Employer and member of the Neurodiversity in Business community.; ; • We encourage applicants from under-represented groups through:; 1. Our support for agile bootcamps run by Diverse & Equal, bringing career switchers from under-represented backgrounds into our industry. We have fully funded, run and employed 8 people from a D&E design bootcamp in 2023.; 2. Our partnerships with Love Circular and the Responsible Tech Collective. We’re founder members of the Responsible Tech Collective alongside organisations such as the Coop and the Department for Education.; 3. We run all our job adverts and role specifications through a gender decoder to ensure inclusivity, and we use the Team Tailor platform to anonymise the CV and application submission process.; ; • We continually review and respond to market conditions. We review pay annually aligned to our capability frameworks which are available to all, with salaries increasing every year for everyone.; ; • We’ve supported two apprenticeship programmes: Manchester Digital’s Software Developer Apprenticeship and Manchester Metropolitan University’s Software Engineering Degree Apprenticeship, providing multi-year sponsored employment programmes. We’re currently sponsoring two apprentices, studying part-time and working for us, and we’re committed to further apprenticeships in future.; ; • We’re a partner to HI Future, providing access to employment for people who’ve experienced homelessness.

  Equal opportunity

  We have an established policy which sets out our commitments to equal opportunities and diversity and outlines the positive actions we take to promote these principles in all of our work and with all of our team members. ; ; • 60% of our workforce identify as women. 18% identify as being part of the LGBTQ+ community. Nexer Digital was founded and is managed by a gay woman.; • Our team includes people who are blind, deaf, neurodiverse and have physical and cognitive disabilities. We explicitly encourage applications for roles with Nexer from people from under-represented backgrounds. We monitor this through an anonymous census to capture information about protected characteristics. ; • We take active steps to ensure our hiring strategy has equality and diversity at its heart, focusing on inclusive recruitment models such as anonymised CVs and hiring channels such as Diverse & Equal, which enable us to more effectively recruit staff from underrepresented groups.

  Wellbeing

  Staff wellbeing is at the heart of Nexer’s philosophy, enabling us to have a staff retention rate of >95% over the last 3 years (2021-2024).; ; • We train our teams in Mental Health First Aid and line managers take active steps to recognise the signs of stress, burnout or mental health issues in their teams. ; • We’ve developed capability frameworks as an open, structured way to guide progression. ; • We have a disability steering group, who assess our tools and communication channels for accessibility and inclusion. ; • We have well-embedded processes in place to ensure people can do their best work, including regular time off projects, reducing likelihood of burnout.; • We provide paid volunteer days for all team members so they can spend time away from work focusing on social impact projects or issues that they care about.

Pricing

• Price: £100 to £125 a unit an hour
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at shaun.gomm@nexergroup.com. Tell them what format you need. It will help if you say what assistive technology you use.