ORION WEB LTD

LocalGov Drupal Website Development

As an official LocalGov Drupal supplier, we specialise in building, configuring, customising and maintaining websites using the LocalGov Drupal framework.
It includes installation, back-end and front-end coding, theme and module development, content management, customisations, integrations, performance optimisation, security, responsive mobile design, pre/post-launch QA testing, deployment to servers and post-launch monitoring.

Features

• content management
• accessibility compliance
• multilingual support
• customisable design
• role-based permissions
• workflow management
• integration with external APIs and systems
• open data publishing
• community engagement tools
• security and compliance

Benefits

• cost-effectiveness
• flexibility
• scalability
• community support
• security
• accessibility compliance
• multilingual support
• integration
• rapid development
• citizen engagement

£90 a unit an hour

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@orionweb.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

584707530821223

Contact

Marios Ioannidis
02080582056
info@orionweb.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Based on the nature of the service, the provision is mostly (if not solely) remote.
• System requirements:
  • Web-database server (hosting)
  • PHP language installed on server (hosting)
  • Adequate memory on server (hosting)
  • Adequate disk space on server (hosting)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our SLA will include detailed response times, similar to the following: Urgent Issues: Response within 2 hours during business hours. Non-Urgent Issues: Response within 1 business day during business hours. Emergency Support: Response within 1 hour for critical emergencies affecting website functionality or security.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: - Tier 1: Basic help desk/support email resolution and delivery. ; - Tier 2: In-depth technical support. ; - Tier 3: Expert product and service support. ; The technical lead is commonly engaged with the support procedures and resolution path.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will make full use of our educational experience to create a structured framework of training (including scheduled online meetups at mutually convenient times) based on the new website functionality, while at the same time honouring the essential Drupal concepts upon which the website has been built.; When necessary, we will also provide guidance and references to additional resources online, compatible with the specific needs of the client’s team for successfully handling the new website functionality and features.; We usually schedule most of the training sessions before the launch of the new website, to allow for practising the concepts covered. Content editors will be able to create/view/edit/delete content and media, configure and manage content moderation workflows, test any integrations thoroughly, calibrate tracking and metrics harvesting (e.g. Google Analytics, server infrastructure metrics etc.), manage Drupal roles and users and generally gain the experience required to successfully manage the new website.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Given the nature of this service, user data will be contained in the website database. Upon continuation of the (hosting) service, the user data will remain intact. In case the client decides to discontinue the hosting service of the website, it is still possible to extract the content and user data from the website in the form of exportable files, for example .xls or .csv.
• End-of-contract process: The LocalGov Drupal web development contract typically includes planning, research and discovery, design, development, testing and QA (Quality Assurance) and deployment. Documentation of complex features and processes as well as two to three training sessions are included in the main piece of work. Support and maintenance are typically not part of the main scope of the website development project and require a separate agreement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We follow mobile-first coding practices, ensuring that the mobile version of the website is optimised for speed and performance. We prioritise the loading of essential assets, apply “lazy-loading” techniques and minimise unnecessary resources, thereby reducing load times and enhancing the overall mobile user experience. This also greatly improves the browsing experience of users requesting content from low bandwidth areas. To validate the mobile-first approach, we conduct extensive testing across a wide range of mobile devices and operating systems. Through rigorous testing, we identify any potential issues and fix them promptly to ensure a flawless user experience on mobile devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: The LocalGov Drupal website is accessible to end users via its front-end, the publicly available portion of the application. Through login, the back office of the application is available to administrators, content editors and other user roles. Various levels of access can be supported based on user roles and permissions (applies to the front-end as well as the back office).
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: All development is carried out with accessibility in mind.; All LocalGov Drupal public facing content and functionality should meet or exceed WCAG 2.1 level AA.; The project also has a target for the administration interface to meet or exceed level AA, but accepts this may not be feasible for some time.; An accessibility review should be carried out for any release featuring new or amended functionality (please also refer to our accessibility audit, optimisation and compliance service).
• API: No
• Customisation available: Yes
• Description of customisation: LocalGov Drupal offers a collection of ready-to-use modules focusing on specific areas of interest or activity (e.g. council tax, forms, microsites, landing pages etc.). Drupal can be extended and configured, through the use of plugins (modules) and themes. For example, more than one front-end themes can be developed to provide a different look and feel for different areas of the website. Other customisations can be developed as per project requirements.

Scaling

• Independence of resources: Drupal has no hard user/visitor limits. Additional hardware resources are typically allocated to installations with hundreds of thousands or millions of users in order for the performance of the website to remain optimal.

Analytics

• Service usage metrics: Yes
• Metrics types: Google Analytics is preinstalled on every LocalGov Drupal website project we deliver. Server infrastructure metrics are also available on most hosting platforms. Additional tools can be installed as per the project's requirements.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Given the nature of the service, admin user data is stored in the Drupal CMS database and through the use of plugins such as Views, it is possible to create exportable and downloadable reports. The exportables are usually in the form of XLS or CSV files.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We understand even the slightest outage can have an incredible impact on business. We provide everything needed to keep the website application up and running through the use of an effective support system, backups, byte-for-byte clones of production environments, and an SLA of 99.99% uptime.
• Approach to resilience: Available on request.
• Outage reporting: We monitor dedicated clusters 24/7 to maintain uptime and performance. A wide range of server metrics, including disk space, memory, and disk usage are continuously measured. These metrics provide a complete picture of the health of the application infrastructure. When an outage is detected, a Point in Time report is generated so our hosting partner's support can triage the cause of the outage.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: IP whitelisting for non-production environments or for administration pages that require users to be logged in.
• Access restrictions in management interfaces and support channels: The websites we produce include a back office that allows for full administrative control as well as content moderation and editing. Admin users authenticate through a pair of username and password. On top of that, two-factor authentication can be implemented as well as other additional methods of access restriction (e.g. CAPTCHA, SSO etc.).
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: User IP whitelisting.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Information Commissioner’s Office (ICO) registration

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We are working towards getting ISO/IEC 27001-certified.
• Information security policies and processes: Available upon request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Drupal provides an adequate level of change management, auditing and reporting. This can be expanded to include additional data points (e.g. user role changes) with the use of additional plugins and logic. The Drupal UI offers an intuitive interface with reports including items to be updated, pending Core security updates etc.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: The Drupal security team periodically publishes patches for newly discovered security vulnerabilities. These patches are applied as soon as they are received and during the next planned release or an urgent one if needed (depending on the severity of the vulnerability).
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We are happy to share our business continuity plan and incident response processes upon request.
• Incident management type: Undisclosed
• Incident management approach: We have defined and actively maintain an incident response process. We are happy to provide our process upon request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The official environmental policy of our company is available upon request.

  Tackling economic inequality

  The official equality-diversity-inclusion policy of our company is available upon request.

  Equal opportunity

  The official equality-diversity-inclusion policy of our company is available upon request.

  Wellbeing

  The official equality-diversity-inclusion policy of our company is available upon request.

Pricing

• Price: £90 a unit an hour
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer one month free access to a LocalGov Drupal installation hosted on the Cloud, for members of your team to explore, test and experiment with.
• Link to free trial: https://www.orionweb.uk/localgov-drupal

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@orionweb.uk. Tell them what format you need. It will help if you say what assistive technology you use.