Isotoma Ltd

Wagtail hosting

We provide secure, resilient, highly available UK based public cloud hosting for sites developed using the Wagtail CMS. The service is hosted at Amazon Web Services and is specifically designed for Wagtail. Our team is made up of experienced Wagtail developers and Certified AWS Architects.

Features

• Fully resilient. No single point of failure
• Highly available. Automatic failover of any failed component
• Scalable. Our cluster grows with your traffic. No limits
• Secure. Web Application Firewall tuned specifically for Wagtail
• Secure. DDoS protection built in
• Real time monitoring of web site performance
• Everything open. No proprietary components
• Stage environment included by default
• Developers in control. Deploy from the command line
• All major releases of Wagtail supported

Benefits

• Be sure of your site’s stability regardless of load
• Get the benefits of public cloud without the hassle
• Easily meet all your security requirements
• Deploy new versions of your site with ease
• Get support from a highly experienced team
• Integrate security and load testing into your development lifecycle

£250 an instance a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@isotoma.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

601479599458785

Contact

Andy Theyers
01904313980
enquiries@isotoma.com

Service scope

• Service constraints: This service is designed for hosting Wagtail based websites. All production versions of Wagtail are supported.
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLA dependent
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Service monitored 24x7. Telephone and email support available UK office hours only. 99.9885% availability. Critical incidents responded to 24x7. Non-critical incidents responded to within 4 working hours.; ; Technical account manager included as part of the service. Cloud support engineer included at take on and contract end. Cloud support engineer available on request (at standard hourly rate) throughout contract.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will liaise with your development team to guide them through any changes necessary to make their Wagtail system deployable to our environment. This liaison is included in our standard costs and we guarantee that the changes we ask them to make will not affect their ability to continue development.; ; Liaison is done via video conference and email.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: All volatile data is made available in a dedicated S3 bucket that the user has access to at all times. This includes database dumps and all media assets.
• End-of-contract process: Users are encouraged to renew, however if they wish to migrate to an alternative provider all assets required for the new provider to take on the service are automatically available to the user. 4 hours of consultancy is included - any additional consultancy is charged at our standard hourly rate.

Using the service

• Web browser interface: No
• API: Yes
• What users can and can't do using the API: Users may make deployments to both the stage and production instances of their web site via the API
• API automation tools: Other
• Other API automation tools: CloudFormation
• API documentation: Yes
• API documentation formats: ODF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Users may make deployments to both the stage and production instances of their web site through the command line

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Each user is partitioned from all other users, and each user is placed in their own AWS AutoScaling Group (ASG)
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • HTTP request and response status
  • Number of active instances
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Amazon Web Services

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • All volatile data relating to the operation of the service
  • The content database
  • Media assets
• Backup controls: Backups are performed once every 24 hours between 0200 and 0600 UK time. Users can request alternative schedules at no additional cost.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: IPsec or TLS VPN gateway
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We guarantee our infrastructure to be available 99.9885% of the time, calculated annually. This equates to 1 hour of unplanned downtime per year. Service is credited at 2% of the annual fee per complete hour outside this target.
• Approach to resilience: Our infrastructure is 100% resilient, with every single component in more than one AWS Availability Zone. The exact configuration is available on request.
• Outage reporting: Users will receive email notifications should their service fail, and then regular emails until the service is restored.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
• Access restrictions in management interfaces and support channels: Our service implements role based access control. Users and roles are defined by customers as part of service take on
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Other
• Description of management access authentication: We are hosting your application, so can support any authentication method your application supports
• Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 25/10/2021
• What the ISO/IEC 27001 doesn’t cover: ISO 27001 covers our entire business
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have a Information Security Policy which is available on request. We have rigorous induction and training methods which ensure policies are followed. Reporting Structure is also available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management processes, including component life cycle tracking and security impact assessments, are aligned with the ITIL v3 Framework Guidelines.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We monitor for potential threats through multiple sources, including external repositories and vendor feeds. Each patch and hotfix is assessed by severity, client requirements and/or vendor recommendations.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We rely on AWS GuardDuty for intrusion detection and regular automated vulnerability scanning for potential threats. Every incident is responded to within 4 hours, regardless of time of day or night.
• Incident management type: Supplier-defined controls
• Incident management approach: Users can report incidents via telephony, web and email. We have predefined processes for common events and leverage the guidelines defined by the ITIL v3 Framework.; ; Incident reports are delivered as ODF documents as agreed with the user on a case by case basis, depending on severity and user requirements.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: Docker containers
• How shared infrastructure is kept separate: Docker containers are used to separate each instance of users' applications, and network access policies are applied within the hosting cluster to ensure users are unable to access each other's data or applications.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: https://aws.amazon.com/about-aws/sustainability/

Social Value

• Equal opportunity:

  Equal opportunity

  Our employment decisions are based on the principle of equal employment opportunity.; ; Accordingly, we do not discriminate on the basis of race, colour, creed, gender, national origin, disability, age, veteran status, citizenship, marital status or sexual orientation.; ; To support this policy we do the following:; ; All vacancies within the organisation are advertised both internally and externally, and equal weight is given to internal candidates as to those applying from outside the organisation; ; There is a published career progression pathway for each role within the organisation, and all staff are actively encouraged and supported to progress along their chosen pathway; ; All staff are encouraged to promote the vacancies to any and all social spaces and professional communities - both physical and virtual - that they belong to, to encourage a diverse range of applicants; ; All vacancies are promoted to those professional communities within the York and Yorkshire regions that provide support to sections of the community that do not usually have access to software development (and related) roles; ; The wording of each job advert is assessed to ensure that it does not include unconscious bias in the expectations it sets for applicants; ; Equal weight is given to those applicants with life experience rather than formal qualifications; ; We actively encourage applicants who are undergoing a career change through relationships with local retraining organisations

Pricing

• Price: £250 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@isotoma.com. Tell them what format you need. It will help if you say what assistive technology you use.