Contentful CMS
Contentful is a headless content management system (CMS). It lets you create, manage, and edit the content on your website or app without it being directly tied to the design or layout. This allows for greater flexibility and makes it easier to deliver content across different channels.
Features
- Content Modeling
- User-friendly Interface
- Multi-language Support
- Collaboration Tools
- API-first approach
- Composable Content
- Omnichannel Delivery
- Scalability
- Role-based access control and disaster recovery plans
Benefits
- APIs streamline integration with existing systems
- Fast time-to-market for new content and campaigns
- Front-end technology is unique to each project
- Localised experiences for your audience
- Collaboration among editors, streamlining workflows
- Content is delivered through APIs
- Deliver content through various channels (websites, apps, digital displays)
- Unify content into a single content hub
- Increase reusability and scalability
Pricing
£300 a licence a month
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
4 5 5 5 7 5 3 8 4 2 1 7 4 7 5
Contact
Remarkable
Jonathan Ward
Telephone: 07821 644 499
Email: jonathan.ward@remarkable.global
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
-
Limited Control over Infrastructure: Since Contentful manages the underlying infrastructure, you have limited control over specific hardware or software configurations. This might be a constraint if you have very specific technical requirements.
Vendor Lock-in: Migrating away from Contentful can be complex due to the way your content is structured and delivered through APIs. Carefully consider your long-term needs before choosing Contentful. - System requirements
-
- Javascript, Python , or Java
- Front-End Development
- API Client Libraries
- Content Delivery Network (CDN)
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
-
Immediate notification of receipt of fault.
Critical fault 30 minutes (system unusable)
Urgent Fault 60 minutes (error in a single module)
Non-urgent Fault 4 hours (minor impact, still usable) - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
We provide the following support levels ...
- Standard office hours
- Extended office hours
- 24x7 coverage
All are by agreement with the client. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Onsite training can be provided or remote training can be provided. Full documentation of our service can be issued. Online training is also available which can be trainer lead.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- This can be manually performed as the users require. All content and database elements can be extracted, via a robust API, or by using Microsoft SQL Server.
- End-of-contract process
- Only extraction of data elements or transferring to another system, are not included in the price of contract.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The service when developed for an individual company can operate on any range of devices.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 A
- Description of service interface
- Standard Microsoft Azure facilities are used on an ongoing basis for the interface.
- Accessibility standards
- None or don’t know
- Description of accessibility
- The end product customized for a company has been tested over the whole variety of WCAG standards and the See It Right standard.
- Accessibility testing
- Full, customized end product testing has been performed with clients which cover the whole range of WCAG and See it right standards,
- API
- Yes
- What users can and can't do using the API
- The service can be extended to include templates as required by the end users and editorial facilities are provided either by properties or by on-page editing.
- API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- The whole of the front end solution environment is customisable. The services environment is not customisable.
Scaling
- Independence of resources
- Fully implemented on Microsoft Azure with configurable regions and levels of usage are available.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Usage and performance metrics.
- Reporting types
-
- API access
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Contentful
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data can be exported via the API and /or by using Microsoft SQL Server facilities which would extract to CSV files and could be either directly or indirectly.
- Data export formats
-
- CSV
- Other
- Other data export formats
- XML
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- XML
- JSON
Data-in-transit protection
- Data protection between buyer and supplier networks
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
-
Multi-Region Delivery Infrastructure (MRDI): Built on Cloud providers and providing multi zones for redundancy. This means if one zone experiences an outage, others can take over, minimizing service disruption.
Focus on Reliability: Contentful prioritizes building and maintaining a reliable infrastructure to ensure high availability. Contentful implement various measures to prevent outages and quickly recover from any incidents. - Approach to resilience
- High availability is provided by maintaining acceptable continuous performance despite temporary failures in services, hardware, datacenters or fluctuations in loads. Disaster recovery through protection of an entire region by asynchronous replication for failover of virtual machines and data using cloud provider resilience and geo-redundant storage. Backup by replication of virtual machines and data to one or more regions using cloud provider backups.
- Outage reporting
- Outages are reported through the portal and also with email alerts.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Only the individuals concerned are allowed access to incident management systems, development systems. Individuals are designed to police particular areas of our development process and report upon these.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- You control when users can access audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- You control when users can access audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- NQA
- ISO/IEC 27001 accreditation date
- 06/02/2024
- What the ISO/IEC 27001 doesn’t cover
- No exemptions
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
We possess the following security policies and processes ...
Information Security Management System Statement & Policy
Information Security Management System Manual (ISMS)
Office Security Policy
Equipment Provision Policy
Mobile Device Policy
Personal Device Policy (BYOD)
Access Control Policy
Password Policy
Collaboration Software Policy
Handling and Destruction of Data
Remarkable Consulting Workplace Visitors' Policy
Quality Management Policy
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Unit testing of a solution is performed by a developer and when they are satisfied is passed to a Development Manager for code inspection. When this has been passed the solution goes to formal Quality Control with a promotion of the solution to the QA environment. When this has passed QA testing the solution is moved to Integration environment where it can be inspected by the client. When this has been approved it is moved to the production environment. At any of the stages if failure occurs then the solution goes back to the developer and the process is restarted.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We monitor logs, use security and vulnerability software to detect any incidents. Dependent upon the severity we would look to deploy patches in 2 weeks (earlier if more severe).
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We monitor systems regularly for potential intrusion and depending upon the severity of any findings would seek to remedy these within a week.
- Incident management type
- Supplier-defined controls
- Incident management approach
-
The client will have entered into a particular support category, typically office hours, extended hours or 24x7 coverage and these will determine the metrics of the service level agreement.
Incidents can be reported using our incident management software and is categorized into Critical, Urgent or Non-urgent by in house staff. The issue is then scheduled to be rectified, and at this point, if any temporary fix is needed, then this is applied. The issue is monitored using the incident management system which the client has access to. It is reported upon at the status meetings and cleared, tested.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Reduced Paper Usage: Highlight how Contentful can help the company move away from paper-based processes like brochures, forms, and marketing materials. Contentful allows for creating and managing digital content, reducing reliance on physical printing.Covid-19 recovery
Remote Work Capabilities: Contentful can empower a remote work model. Contentful features like digital collaboration tools, project management features, and communication channels can ensure efficient teamwork even in a geographically dispersed workforce. This can be crucial for companies still cautious about returning to a full in-office environment due to Covid-19.
Employee Communication: Contentful can be used to create internal portals or communication hubs to keep employees informed about company policies, safety protocols, and any updates related to Covid-19.Tackling economic inequality
Reduced Costs: Contentful offers a comprehensive digital experience platform that can be more affordable than building custom solutions from scratch. This can help small businesses compete with larger corporations by providing them with powerful digital tools at a lower cost.Equal opportunity
Contentful offers a comprehensive digital experience platform that's more affordable than custom solutions. This empowers small businesses to compete with larger corporations. by providing them with powerful digital tools at a lower cost. This helps bridge the gap in resources and technology access that can hinder equal opportunity.Wellbeing
Contentful offers gains in remote working and work - life balance by reducing commuting times and offering more control over staff schedules. Contentful can potentially streamline workflows and improve communication, reducing work-related stress and burnout. Features like project management tools, task automation, and centralized communication channels can contribute to a more efficient and less chaotic work environment.
Pricing
- Price
- £300 a licence a month
- Discount for educational organisations
- Yes
- Free trial available
- No