ANNERTECH (UK) LIMITED

Drupal Cloud CMS services

Annertech provides a cloud hosted Drupal CMS solution and Drupal development, design, and support services. Our ring-fenced team of Drupal specialists are dedicated to looking after our Drupal support clients. Our certified Drupal developers are active Drupal contributors.

Features

• Custom design and custom Drupal theme to match branding guidelines
• Drupal customisation and custom Drupal module development
• Drupal implementation, Drupal upskilling and Drupal coaching
• Drupal content migration, copywriting and Drupal content design
• Drupal site support and Drupal site maintenance
• Drupal Certified Developers and Dedicated Drupal Support Team
• Flexible support retainer and Drupal technical support packages
• Drupal site audit and experienced Drupal on-boarding
• Drupal security updates, Drupal patches and Drupal bug fixes
• Self-service reports dashboard and proactive Drupal site monitoring

Benefits

• Experienced Drupal partner and Drupal support specialists
• Drupal accessibility support to meet government accessibility standards
• Collaborative Drupal development and active Drupal contributors
• Experienced Drupal development team providing Drupal technical support
• Drupal optimisation, Drupal performance improvements and Drupal SEO optimisation
• Regular Drupal security updates and Drupal security risk mitigation
• Drupal platform continuous improvement, Drupal ecosystem improvements
• Direct support contact, Drupal developer contact and designated account manager
• Customisable service packages, Drupal requirements analysis and Drupal digital transformation
• Dedicated Account Manager and dedicated managed services team

£200 to £4,200 a unit a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@annertech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

443868057975285

Contact

Stella Power
+442045860065
hello@annertech.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No
• System requirements:
  • Internet connectivity
  • Modern web browser
  • Access to private trusted network (private / hybrid cloud only)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide the following response times during standard business hours, 9am - 5:30pm Mon-Fri excluding public holidays:; ; ◦ Critical priority – immediately, with a maximum 2 working hours response time.; ◦ High priority – within 8 working hours.; ◦ Medium priority – within 24 working hours.; ◦ Low priority – within 5 working days.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer a number of subscription packages. These come in bundles of 8 hours per month and are billed in 15 minute increments. They cover help and support from our dedicated support team, maintenance of your application, and offer continuous improvement and ongoing development.; ; We provide 4 levels of support:; ; • Bronze: 8 hrs/mo,; • Silver: 16 hrs/mo,; • Gold: 24 hrs/mo,; • Enterprise: 25+ hrs/mo,; All packages can be upgraded or downgraded with one month's notice.; ; If not all subscribed hours are used within a given month, you can roll over hours to the following month(s). A cap of one month's subscription is applied.; ; We do not penalise clients for exceeding their monthly subscription, and still only charge extra work at the daily rate according to the package chosen. However, we are unable to guarantee our capacity to take on extra work which has not been previously flagged or agreed to.; Please see our pricing document for costs.; ; You will have a dedicated, named account manager who will lead you through the on-boarding process and hold regular reviews with you to ensure our levels of service are acceptable, and discuss goals and upcoming changes for the site.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The on-boarding process for our Drupal Cloud CMS Services is designed to help users start using the service effectively and efficiently. Here's how we support users during the on-boarding phase:; 1. Kick-off Meeting: We start by scheduling a kick-off meeting with key team members to understand your specific requirements and goals.; 2. Dedicated Point of Contact: We assign you an Account Manager who will provide assistance and guidance during the on-boarding process and throughout the contract. They will be available to answer any questions and address any concerns you may have.; 3. Documentation: We provide comprehensive documentation that includes user guides to help you utilise the Drupal platform effectively.; 4. Training: We offer training sessions tailored to your needs, whether it's for administrators, content editors/designers, or developers. These sessions can be conducted remotely or on-site, depending on your preference.; 5. Account Management: Throughout the on-boarding process, our account management team will be available to ensure a smooth transition and address any issues that may arise.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Online videos
• End-of-contract data extraction: We will provide full access to the CMS or application software code. We will also provide full access to the database and files uploaded to the CMS.
• End-of-contract process: We will work closely with you to ensure a seamless transition to your new provider. We will provide all code, documentation and data access as needed assuming any outstanding invoices have been paid. Unless otherwise directed by the client, all data will be destroyed 30 days after contract termination.; ; This is all included as standard within the price of the contract. Additional support or additional documentation would be chargeable.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Fully responsive web interface so all sites work across all devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The CMS has a user-friendly and easy-to-use editor interface which provides access to all content from across the site and supports easy updates. We offer training services to help editors gain familiarity with the tools available.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Tested with screen readers such as NVDA and Apple Voiceover, as well as evaluations for keyboard and alternative input device accessibility.
• API: Yes
• What users can and can't do using the API: Our system can be fully extended with a variety of API endpoints, enabling users to undertake a wide range of frequent tasks as required. Full details can be discussed and agreed during onboarding.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The service is fully customisable, based around specific client requirements. As part of the onboarding process, any customisations needed will be discussed and scoped. Our agile delivery methodology ensures that regular updates are provided in a transparent manner, allowing adjustments to be made throughout the project lifecycle.

Scaling

• Independence of resources: Enterprise Dedicated deployments receive dedicated infrastructure. All other environments are containerised with resources being guaranteed by the allocator.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics are supported through the use of Google Analytics, Matomo and other services.; ; Annertech also provide an online dashboard with various reports including uptime statistics, support reporting, and other metrics.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Volumes encrypted by default.; Third-parties guarantee protection - our hosting environment is deployed in AWS or Google Cloud Platform (GCP) data centres. They adhere to independently validated privacy, data protection, security protections and control processes. They are responsible for the security of the cloud and wherever appropriate, offer customers options to add additional security layers to data at rest, via scalable and efficient encryption features. They offer flexible key management options and dedicated hardware-based cryptographic key storage.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can either request Annertech provide a data export at any point as part of this service, while users with administrative access are able to export data directly from the admin interface.
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: The only mechanism where data can enter and leave our hosting environment is via secure encrypted protocols unless the customer specifies otherwise (such as forcing HTTP on).
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Data transit is fire-walled to only be accessible by expected and specified relationships. Each container is only able to communicate to explicitly defined relationship subjects.

Availability and resilience

• Guaranteed availability: Depending on the level of service required we can support high availability environments up to 99.99% uptime. As standard we guarantee our minimum level of availability to 99.5%. ; ; Depending on hosting package chosen, failure to meet agreed level of availability can result in service credits awarded to to the customer.
• Approach to resilience: Our hosting is a highly available container grid.; ; The grid is automatically self-healing. Any host that fails gets taken over by a healthy node; Any service that fails is automatically moved to a healthy host; Any unhealthy host is evacuated and the services move to a healthy host; The gateways are aware of the state of the underlying infrastructure and freeze traffic as failover happens; Grid hosts are aware of the state of services and do not run “deployment hooks” on services that fail-over, making failover quasi-instantaneous.
• Outage reporting: Outages are reported via an online status page which is hosted off-site, as well as via the helpdesk and email for individual affected customers. Detailed incident reports are sent to affected customers after resolution.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Restriction is managed by secure keys (for API access) as well as username & passwords for more routine support channels. Two factor authentication is also available.; ; Administrative connections may only be made over secured SSH or TLS channels.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Our data centre holds ISO 27001 amongst other security certifications
  • Our PaaS provider has PCI-DSS certification accredited by Risk3sixty, LLC
  • Our PaaS provider has SOC2 Type 1, SOC2 Type 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: The data centre is ISO27001 certified. ; ; Our hosting provider has a corporate governance framework to ensure continuity and monitor quality of the Security Programs. The following groups are established to facilitate corporate governance: ; ; Board of Directors: Helps ensure oversight for management strategy and operations. ; ; Audit Committee: Helps ensure that an independent body can provide corporate governance in corporate matters.; ; Governance, Risk and Compliance (GRC) Council, along with members of the Executive team, help ensure that organisational risks are prioritised and addressed, accepted or transferred. ; There are also definitions for Monitoring, Architecture, Policy, Plan & Procedure Review and External Third-party Audits.
• Information security policies and processes: Annertech implement formal, documented policies and procedures that provide guidance for operations and information security within the organisation.; ; Policies address purpose, scope, roles, responsibilities and management commitment.; ; Policies are maintained in a centralised and accessible location. ; ; Leadership involvement provides clear direction and visible support for security initiatives.; ; The output of Leadership reviews include any decisions or actions related to:; • Improvement of the effectiveness of information security; • Update of the risk assessment and treatment plan; • Modification of procedures and controls that affect information security to respond to internal or external events; • Resource needs; • Improvement in how the effectiveness of controls is measured. ; ; Policies are approved by Annertech leadership at least annually.; ; All staff are required to complete annual GDPR and IT Security training.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have an agreed change management process to allow services to evolve over time. We use source code versioning, peer-reviews and database monitoring tools to track and assess any configuration and change management process. Before any service updates, security tests are performed.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Annertech perform vulnerability scans on the host operating system, web applications, and databases in our environments. ; ; The hosting platform (operating system, software, and applications) receives automated security patching for all software directly from the OS maintainers, with security patches applied as soon as they are available and have been tested on pre-production environments.; ; Alerts and newsletters are available from the maintainers, and technical staff monitor a number of respected advisory services for news.; ; Our Content Delivery Network provides a Web Application Firewall which is constantly updated to defend against newly released exploits.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Annertech have a range of automated and manual approaches to protective monitoring that are constantly being reviewed as new threats are identified within the industry. We work closely with our hosting partners to identify potential compromises, including inspecting access logs and Git commit histories.; ; Any compromise found results in quarantine actions for affected systems and replacement by clean builds, as well as analysis of access vectors used in attack. Response would be immediate following discovery.
• Incident management type: Supplier-defined controls
• Incident management approach: We have defined process for any outages and will update clients via agreed channels. Users report incidents through our service desk via ticket, email or telephone, and are kept updated with the progress and state of the incident throughout the event via the ticketing system. Full incident reports are provided in the event of serious incidents (for example, extended outages or security events).

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are aware that reducing our emissions represents a significant benefit for ourselves, our customers, our suppliers and our communities.; Since our foundation, Annertech has always been a remote-first, distributed company – we have no offices. This means that we have reduced our impact on the environment by not having premises, meaning that our team does not have to commute while also enjoy a better work/life balance with flexible working hours.; As a digital only company we’ve also removed the need for paper, and travel to on-site meetings only where value can be added. If travel is required, then we encourage our staff to use public transport wherever possible.; We partner with providers, including hosting, who are committed to reducing their carbon footprint.

  Covid-19 recovery

  As a fully distributed company, our staff are able to work remotely from home. This meant that during the pandemic we were able to continue to support our customers with minimal disruption. In addition, our fully flexible working hours meant that staff were able to more effectively balance the needs of their families with that of work.; Being a distributed company, we are also mindful of the need for social interaction and to maintain our open, transparent and collaborative culture. To that end we have daily online coffee mornings, cameras on by-default (but not mandatory) policy, and other social activities such as a book club, foodie group to share recipes and restaurant recommendations, and more. We also try to get as many people from the team as possible to meet up in person for 1-2 retreats per year.; The health and wellbeing of our staff is important to us, so everyone also has access to an Employee Assistance Programme (EAP).

  Tackling economic inequality

  Annertech is committed to creating a diverse working environment which includes seeking candidates from different geographic, social and economic backgrounds.; We are mindful of the differing needs of sections of the community when it comes to employment opportunities. We provide fully flexible working conditions, including the ability to work from home and fully flexible working hours so they can flex their hours around childcare, taking care of elderly parents, or other personal commitments.; A training stipend is provided each year for employees to take advantage of to further develop their skills and knowledge.; We are committed to paying our staff fairly, and ensure that everyone is paid above the living wage. We have zero tolerance for slavery and human trafficking and are committed to ensuring there is no modern slavery or human trafficking in our supply chains. ; Where possible, we look to procure locally and support the local communities of our clients. We pay all of our suppliers promptly and always before the due date of their invoices.

  Equal opportunity

  At Annertech, we recognise that discrimination and victimisation are unacceptable and we are committed to encouraging equality, inclusivity and diversity in all aspects of our work.; We believe that policies alone are not enough and are committed to building an inclusive culture where discrimination is eliminated, everyone is respected and feels comfortable being themselves, and where everyone has equal opportunities. We employ team members based solely on their ability and experience, regardless of gender, race, religion or disability.; We are committed to paying our staff fairly, and ensure that everyone is paid above the living wage. We have zero tolerance for slavery and human trafficking and are committed to ensuring there is no modern slavery or human trafficking in our supply chains.

  Wellbeing

  At Annertech, the wellbeing of our staff is very important to us. We offer all staff members fully flexible working conditions, including the ability to work from home and fully flexible working hours. It is important to us that staff understand that family/personal time comes first and work should fit around their personal lives, rather than the other way around. If they need to care for a sick child, or they need to leave early, they can do that knowing without any difficulties or stress.; ; We also offer generous holidays to employees, and encourage them to take at least one solid 2-week break per year.; ; We also run a wellbeing programme where staff can access online resources and avail of a 24/7 Employee Assistance Programme which covers a large range of assistance from mental health, legal and financial advice, family counselling, and more.; We encourage openness, collaboration and engagement at all times and all levels. We operate a flat organisational structure with monthly company-wide meetings, where we come together to discuss our goals and achievements.

Pricing

• Price: £200 to £4,200 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@annertech.com. Tell them what format you need. It will help if you say what assistive technology you use.