Zoocha Limited

Cloudflare - Drupal Optimised CDN

Protect your Drupal website, improve performance and availability as well potentially reducing overall infrastructure costs with a Drupal optimised Cloudflare CDN. Quick and easy to set up.

Features

• Drupal optimised global CDN
• DDoS Mitigation
• Web Application Firewall
• Load Balancing
• Bot Mitigation
• Access Management
• DNS Management
• SSL/TLS Provisioning
• Proactive monitoring and management

Benefits

• Improves performance of your Drupal website
• Increases security of your Drupal website and infrastructure
• Optimises your infrastructure investments
• Mitigate malicious attacks, including XSS and SQL Injection
• Improve reporting

£150 an instance a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@zoocha.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

518271662668522

Contact

William Huggins
441992256700
info@zoocha.com

Service scope

• Service constraints: N/A
• System requirements: Drupal

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Critical issues are responded to within 15 minutes, 24/7. ; ; Our standard support hours are 9am to 5.30pm Monday to Friday, exluding bank holidays. Zoocha also offers extended support hours from 7am to 9pm Monday to Friday, exluding bank holidays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: Zoocha provide a multi tier support service which is contracted as 'support days per month' @ £700 per day and utilisation against contracted support time is reported monthly. Contracted support time can be increased or decreased (to a minimum of 1 day per month) at any time during the contract, by providing 30 days notice.; ; Our standard support hours are 9am to 5.30pm Monday to Friday, exluding bank holidays. Zoocha also offers extended support hours from 7am to 9pm Monday to Friday, exluding bank holidays. ; ; Critical support can be provided on a 24/7/365 basis at an additional cost of £250 per month, which guarentees a 15 minute response and 2 hour resolution of all critical issues.; ; Service level agreements (SLA's) cover uptime, incident response and incident resolution.; ; Each client will have a named Client Services Manager, who will be their main point of contact and will be responsible for the monthly service reviews.; ; Zoocha's support service is ISO certified to a UKAS rated standard for 9001:2015, 14001:2015, 22301:2019, 27001:2022.; ; Note: Overages (support time used above the contracted amount) is charged at £150 per hour.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Zoocha facilitate an onboarding workshop with key stakeholders and service users.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The Cloudflare User Interface includes data aggregation logs, which include audit logs (log of every action taken within the interface and change to an account setting), as well as HTTP request logs. Data can be extracted via API in aggregate, or individual requests can be downloaded from the UI directly. Upon ending a contract, Cloudflare will advise customers on capturing all these data prior to account termination.
• End-of-contract process: There are no off boarding costs. At the end of the contract, the customer can migrate all data to an alternative user. Cloudflare supports customers through the end of their contract and does not charge for reasonable off-boarding services.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can manage all aspects of onboarding and configuration of their internet properties via the Cloudflare dashboard.
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: Cloudflare do conduct external and internal user-testing sessions where some portion of the test subjects opt to use assistive technologies, largely keyboard based users. They also test in house as a part of a component development QA process for keyboard accessibility to ensure any job to be done defined in the product specs can be accomplished without the aid of a mouse.
• API: Yes
• What users can and can't do using the API: All onboarding and configuration management tasks can be completed via API.
• API automation tools: Terraform
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Cloudflare offers CLI via a Cloudflare Open Source GO repository named "flarectl" (https://github.com/cloudflare/cloudflare-go/tree/master/cmd/flarectl) services can be provisioned, modified and deleted by using this as per the examples within the ReadMe. Cloudflare also offers a Terraform integration that can be found here: https://www.terraform.io/docs/providers/cloudflare/index.html

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: N/A
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: Service desk ticket

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • HTTP request and response status
  • Network
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Cloudflare

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Multiple datacentres with disaster recovery
• Backup controls: Cloudflare conducts backups to ensure restoration of customer accounts in the event of a complete data loss or disaster scenario within its primary data center. Cloudflare only has limited customer data and does not host its customers' websites, therefore customers do not control what is backed up or recovered.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 100% uptime guarantee (2500% Cloudflare service credit)
• Approach to resilience: Cloudflare operates a global Anycast network with 185+ Points of Presence globally. Each data centre builds its own cache such that any data center can service an end customers' request. Cloudflare also has two data centres which make up the control plane, located in the United States and in Luxembourg. Information like customer account settings are backed up daily to the core data centres and, in the event of a disaster affecting the primary data center, full failover from the disaster recovery site would be conducted. More information regarding service level RPO/RTOs can be provided upon request.
• Outage reporting: Public dashboard, email alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Zoocha provide customer support through Jira Service Desk, which only rhe Zoocha team have access to. Cloudflare provides customer support through Zendesk, to which only the Cloudflare Support Team has access. Access to production is limited by role to the Systems Reliability Engineering team.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SOCOTEC
• ISO/IEC 27001 accreditation date: 08/11/2023
• What the ISO/IEC 27001 doesn’t cover: All Zoocha services are covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2 Type 1 (Cloudflare)
  • PCI DSS (Cloudflare)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Cloudflare is SOC 2 Type 1 and ISO27001 compliant. Cloudflare also has a robust policy management process by which all of its internal policies are reviewed and revised on an at-least annual basis. More information on individual policies or processes can be made available upon request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Cloudflare maintains baseline configurations in SaltStack. Cloudflare systems and process owners document and control change to all organizational information systems. All information system changes must approved by an appropriate manager in accordance with organizational policies and procedures. All configuration changes are monitored and access to production is severely based on role and utilizes systems to ensure access restriction and limitations.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All critical and high priority patches must be applied within thirty (30) calendar days from their release. Cloudflare conducts threat intelligence through the Information Security Team, who is responsible for reviewing and connecting disparate datasets to conduct internal and external threat analyses based on open source information, Cloudflare's internal logs, and the detection of anomalous behavior or traffic. Cloudflare also utilizes Red Canary for endpoint security, threat detection and notification.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Cloudflare's internal teams monitor our service for potential compromises in addition to sponsoring Responsible Disclosure and Bug Bounty Programs. Potential compromises are reviewed by the Security Incident Response Team (SIRT) who defines the incident level and then addresses the incident based upon severity classification.
• Incident management type: Supplier-defined controls
• Incident management approach: Users can report incidents via the Zoocha service desk or directly via the Cloudflare dashboard. Cloudflare also monitors other channels, such as social media, to ensure that they are aware of any potential issue in the provision of service. Pre-defined processes exist for incident management, including common events. Incidents are subject to Cloudflare's Security Incident Response Policy, which includes requirements for root cause analysis and full reporting.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Zoocha are proud to be certificated to the ISO 14001 standard (by a UKAS rated accreditation body) since early 2023. This internationally recognized standard for Environmental Management Systems (EMS) helps organisations such as Zoocha in identifying, managing, and continually improving their environmental performance. ; ; While ISO 14001 doesn't explicitly target carbon emissions, it supports the reduction of a variety of practices, such as Zoocha’s environmental policy which outlines our commitment to reducing environmental impacts, including carbon emissions.; ; Zoocha's services are also 'Green Mark' certified.; ; Zoocha has an established EMS, which includes plans, procedures, and practices to achieve our objectives and targets. This included the development of strategies to reduce energy consumption, improving process efficiency (such as in hosting environments), and switching to low-carbon energy sources.

  Tackling economic inequality

  At Zoocha, we understand the profound impact that economic inequality can have on communities and industries alike. Our approach to tackling this issue is multi-faceted, rooted in our core values of People, Trust, Value, Quality, and Success. We strive to create opportunities and foster an inclusive environment where everyone has the chance to thrive.; ; Firstly, we ensure that our hiring practices are fair and inclusive, offering equal opportunities for people from diverse backgrounds. This is crucial in the tech industry, where diversity can drive innovation and creativity. By building a team that reflects a wide range of experiences and perspectives, we not only enhance our own services but also contribute to reducing the skills gap in the technology sector.; ; We also extend our commitment to economic equality through our work with clients in the higher education, public sector, health, and Charity/NGO sectors. By delivering high-quality digital solutions that improve accessibility, efficiency, and engagement, we help these organisations serve their communities more effectively, indirectly combating economic inequality by providing better access to essential services.; ; Finally, our contributions to the Drupal Open Source project reflect our belief in the power of technology as a force for good. By supporting the Drupal community through financial support, code contributions, and knowledge sharing, we help ensure that cutting-edge technology is available and accessible to all, democratizing access to digital tools that can empower individuals and organizations worldwide.; ; In these ways, Zoocha actively works towards a more equitable world, leveraging our expertise and resources to make a difference in the communities we serve and beyond.

  Equal opportunity

  The Zoocha culture, policies and processes explicitly ban any discrimination including (but not limited to) on the grounds of age, disability, gender reassignment, marriage/civil partnership, pregnancy/maternity, race, religion or belief, sex or sexual orientation. Zoocha aspires to provide a diverse workforce, a composition of which reflects that of the broader community.; ; In accordance with our policy, Zoocha is totally committed to the principles and practice of equal opportunities as an employer. Our directors and members of senior management are empowered to recruit and manage employees, advocate our policies and make every effort to ensure that all actions and decisions have equity at their core.

  Wellbeing

  At Zoocha, our employee wellbeing is a top priority and we offer a number of services to accommodate this. Our benefits scheme includes birthdays off, 25 days of annual leave per year, gym memberships, mental health support and private health care. These are offered to our employees to ensure that we are able to provide a comfortable, secure work space that everybody can enjoy. ; ; We also offer all of our employees the opportunity to take advantage of a flexible working schedule which allows them to work from any location and attend to any needs throughout the day. While we encourage the onboarding of local employees to support employment opportunities, we are more than happy to accommodate our remote employees, supplying any equipment needed in order to create a comforting home office space, as well as booking hotel stays if they want to visit the office for a more sociable atmosphere.

Pricing

• Price: £150 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@zoocha.com. Tell them what format you need. It will help if you say what assistive technology you use.