VU online Limited

WordPress hosting, maintenance, support and updates

Competitively priced UK hosting service for WordPress Applications.

Our friendly and helpful UK-based WordPress team manage Core and Plugin updates, as well as a backlog of CMS development requests.

Our service includes WordPress hosting, WordPress site maintenance, responsive SLA, resilient infrastructure, firewalls, security, monitoring, online helpdesk and WordPress issue tracking.

Features

• WordPress Hosting for Small, Medium and Large instances
• WordPress CMS & Server Maintenance
• Reliable & Flexible WordPress Support
• DDOS Protection Security & Firewalls
• WordPress disaster recovery policy
• Proactive Monitoring
• Implementation plan
• WordPress responsive Service Level Agreement (SLA)
• WordPress application and data daily back-ups

Benefits

• Easy backlog management for non-technical customers
• 24/7 Monitoring
• Flexible additional support hours available
• Permanent UK based WordPress team
• Cyber Essentials, GDPR compliance, PlanetMark, Living Wage Employer
• Social Value driven service - Social, Environmental & Financial
• Customer Onboarding and Offboarding
• Resilient infrastructure from major suppliers
• Regular reporting
• Compatibility with GovPress type WordPress instances

£100.00 to £500.00 an instance a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@vuonline.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

577892958872021

Contact

Stuart Johnston
01803 866430
info@vuonline.co.uk

Service scope

• Service constraints: EC2 Instance: Default Limit: 20 per region; EBS Volume: Default Limit: 5,000 volumes or an aggregate size of 20 TiBElastic IP: Default Limit: 5 per region; Elastic Load Balancer: Default Limit: 10; High I/O Instance: Default Limit: 2; Virtual Private Cloud: Default Limit: 5
• System requirements: Internet access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 1. Total system loss or total inability to use a module do to functionality or security problem.; 1st response: As soon as possible; ; 2. One or more users are unable to carry out critical business processes. A large number of users are unable to access the system as normal.; 1st response: As soon as possible; ; 3 One or more users are unable to perform some functions within the system. No critical systems/processes affected; 1st response: 1 day; ; 4. Minor or cosmetic problem with some functions within the; system. Does not stop system from performing designed function; 1st response: 1 day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Standard use of Slack. Text, video or audio chat available.
• Web chat accessibility testing: No testing done
• Onsite support: No
• Support levels: 1. Total system loss or total inability to use a module do to functionality or security problem.; 1st response: As soon as possible; ; 2. One or more users are unable to carry out critical business processes. A large number of users are unable to access the system as normal.; 1st response: As soon as possible; ; 3 One or more users are unable to perform some functions within the system. No critical systems/processes affected; 1st response: 1 day; ; 4. Minor or cosmetic problem with some functions within the; system. Does not stop system from performing designed function; 1st response: 1 day; ; All support charged at £80/hour on monthy 30 day account.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Initial consulation on line to capture requirement, scale and technical needs. Creation of statement of work to agree scope, SLA and payment terms.; ; Ad hoc video training as required with client.; ; Monthy reporting and monitoring to be agreed.; ; Deployment and testing.
• Service documentation: No
• End-of-contract data extraction: FTP
• End-of-contract process: FTP data transfer - Free of Charge

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Dedicated cloud instances
• Usage notifications: Yes
• Usage reporting: Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Data layer
  • Application layer
• Backup controls: All backups are daily by default but can be changed to be more frequent as required.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Less than 99.99% but equal to or greater than 99.0%; 10% Credit; ; Less than 99.0% but equal to or greater than 95.0%; 30% Credit; ; Less than 95.0%; 100% Credit
• Approach to resilience: Available on request.
• Outage reporting: Slack alerts, email.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Strict named user Authentication over encryption.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Government grade ; PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171
• Information security policies and processes: The IT infrastructure that AWS provides to its customers is designed and managed in alignment with best security practices and a variety of IT security standards. The following is a partial list of assurance programs with which AWS complies:; ; SOC 1/ISAE 3402, SOC 2, SOC 3; FISMA, DIACAP, and FedRAMP; PCI DSS Level 1; ISO 9001, ISO 27001, ISO 27017, ISO 27018; ; Reporting structure is customised to customer needs.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The AWS service itself is under the developmental control of Amazon.; ; The middleware or application layers used in conjunction are subject to regular expert review for security or upgardes.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: AWS threats are managed by Amazon which includes patching and updates.; ; Any middleware or application layer sitting on the service is covered under a seperate agreement and process. This can be based on individual customer needs or as circustances change.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Incidents are responded to according to agreed SLA included elsewhere in this document.; ; Monitoring takes place at Amazon. Application layers which sit on te service can be monitored for unusual activity using (specifically in a WordPress system) iThemes Security Pro Scan. Additional software can include Pingdom, Uptime Robot and NewRelic as additional cost items.
• Incident management type: Undisclosed
• Incident management approach: Incidents are reported by either monitoring software, technican or client. A ticketing system linked to Slack notifys an incident in real-time to all parties to be dealt with under the agreed SLA.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: Amazon EC2 relies on Xen Virtualization for launching all of its instances. Every physical machine has a hypervisor running on it. A Xen hypervisor allows multiple instances to share a single hardware platform.
• How shared infrastructure is kept separate: An organization has one management account along with zero or more member accounts. You can organize the accounts in a hierarchical, tree-like structure with a root at the top and organizational units nested under the root. Each account can be directly in the root, or placed in one of the OUs in the hierarchy.; ; Different organisatiosns have different unconnected clound instances.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Fighting climate change:

  Fighting climate change

  Vu is an Independently Verified CO2e Assessed Organisation:; https://vuonline.co.uk/carbon-policy/

Pricing

• Price: £100.00 to £500.00 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@vuonline.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.