e3 media ltd t/a Great State

Cloud Content Management System (CMS) services

This service includes the provision of open source and enterprise content management systems (CMS) deployed to cloud infrastructure, including (but not limited to) Adobe Experience Manager (AEM), Sitecore Experience Platform, Sitecore XMCloud, Umbraco, Umbraco Heartcore, Magento, Sitefinity, Optimizely, Squidex, Prismic and Contentful.

Features

• Supported cloud hosting providers: Azure, AWS, Google(GCP), MODCloud, D2S
• Strategic technical consultancy, planning, architecture, road mapping, implementation and support
• Specialising in .NET(Core), SQL, React (Native), Javascript, Next JS
• Supported CMS platforms, Sitecore, Adobe (AEM), Umbraco (Heartcore, Cloud), Contentful
• Intelligent, scalable search (Solr, SearchStax, Lucene, Coveo, Azure Search), Elastic
• Sitecore specialists: XP/XM, Order Cloud, Content Hub, CDP, Personalise, XMCloud
• CMS procurement and business case support, CMS audit and evaluation
• Data cleansing, content migration, ETL data mapping and system Integration
• Testing & quality assurance: benchmarking, automation, performance, security, code quality
• Implmentation of Digital Experience Platforms (DXP), Digital Asset Management (DAM)

Benefits

• Information security assurance and compliance (ISO 27001, Cyber Essentials Plus)
• Alignment to Government Digital Service (GDS) Standards and assements
• UK Technology Code of Practice, GDPR, Secure by Design compliant
• Specialist multi-discipline team experienced delivering Discovery, Alpha, Beta and Live
• Delivered by Sitecore and Microsoft Gold Partner, Umbraco Platinum Partner
• A, AA, AAA Web Content Accessibility Guidelines (WCAG) 2.1/2.2 compliance
• Provide enhanced, intelligent customer/user experiences (CX/UX)
• Technical/user training, mentoring and support of new cloud infrastructure/application(s)
• ISTQB-BCS Certified (ISEB), SC/BPSS cleared test analysts & infrastructure/DevOps/software engineers
• Comprehensive quality management services aligned to ISO:9001, ITIL4, ISTQB Gold

£650 to £1,500 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@greatstate.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

693099044526154

Contact

Public Sector Team
01179021333
publicsector@greatstate.co

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Agile project delivery: Full digital service development and continuous improvement
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Cloud service uptime SLAs will be provided inline with SLAs provided by Azure, AWS and Google Cloud.
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 30 mins, 60 mins or 2 hrs (depending on priority), Weekends or bank holidays under a 24/7 SLA will be 2 hrs across across all priorities.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide robust, responsive ITIL 4 incident management, problem, and change management. Proactive maintenance, technical debt remediation, patching & backup and test automation. Flexible hours of operation 24/7, 9-5 (UK business working hours) and provide multi-disciplinary support teams and points of escalation. We can provide a Service Level Agreement (SLA) to ensure that any issues which arise can continue be dealt quickly and efficiently. This comprises of two elements; proactive monitoring - of services to identify and isolate potential problems before they become issues and Reactive response - to resolve any unforeseen problems which may arise. Support includes the following key elements: • Event management access management • Request fulfilment • Applications management • Problem management • Support service desk for telephone and email support • Website monitoring • Incident management • CMS platform support and maintenance • Solution support and maintenance • Monthly reporting
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will carry out comprehensive onboarding onto the service.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers can be given access and support (where required) to extract data at the end of a contract. Any additional support required to extract or transfer the data may be chargeable at an additional cost.
• End-of-contract process: In the event of service termination, the end of contract process will be to remove all access to the services and stopping of all resource and services.; ; The responsibility of migrating services and data will be with the customer.; Any work or support required to handover to another party or client, extract or transfer data or migration of infrastructure and services will need to be planned in and executed as a separate project and chargeable at an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Customers will be able to manage the every aspect of the service(s) through the web portal(s) provided by Sitecore, Umbraco, Contentful, Primsic, Microsoft Azure, AWS and Google Cloud
• Accessibility standards: None or don’t know
• Description of accessibility: The accessibility of the portals / platforms are managed by Sitecore, Umbraco, Contentful, Primsic, Microsoft Azure, AWS and Google Cloud
• Accessibility testing: The accessibility of the portals / platforms are managed and tested by Sitecore, Umbraco, Contentful, Primsic, Microsoft Azure, AWS and Google Cloud
• API: Yes
• What users can and can't do using the API: All aspects of the Sitecore, Umbraco, Contenful, Prismic, Microsoft Azure, AWS and Google Platforms can be managed via APIs
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: This service can be customised and extended to meet the customers specific requirements, the exact nature of this will be discussed with the customer during the onboarding process.

Scaling

• Independence of resources: The service will be designed so that there are multiple levels of isolation and segregation including network, compute and storage to ensure that users are not affected by the demand of other users on the service.

Analytics

• Service usage metrics: Yes
• Metrics types: We will provide monthly reports providing a measurement of performance against agreed service levels and conduct a quarterly review with an operational and strategic focus, aimed at continual improvement. ; ; Server infrastructure performance: including CPU, Disk, HTTP request and response status, Memory, Network, Number of active instances.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Sitecore, Umbraco, Contentful, Prismic, Microsoft Azure, AWS, Google Cloud

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There is data/content export functionality available in the CMS Platforms.; ; Customers can be given access and support (where required) to extract data at the end of a contract. Any additional support required to extract or transfer the data may be chargeable at an additional cost.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9%
• Approach to resilience: This information is available on request.
• Outage reporting: Public dashboard and email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is restricted through in different ways including username and passwords, multifactor authentication and IP restrictions.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 19/07/2023
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: We are accredited for ISO 27001:2013 by QMS International. Cyber Essentials (Plus) certification and annual penetration testing by mti.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our change management process controls the lifecycle of all changes, enabling beneficial changes to be made with minimum to no impact to services being provided. Changes to systems include additions, modifications, and removal of anything that can impact the IT services provided. The change could impact architecture, services, processes, people etc.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We perform regular maintenance and housekeeping tasks including: • Event scheduling and administration: scheduling and executing of system events such a batch processing, system back-up or mass data transfers. • Emergency patches and upgrades: process for dealing with emergency patches as and when they are provided by vendors. • Preventive maintenance: actions performed in an attempt to retain an application software item in a specified condition by maintaining updated OS and security patching, measuring performance and utilisation, conducting systematic inspection, and running diagnostic tests to detect incipient failure or degradation and to prevent these where possible at application management level.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All components and services are constantly monitored as part of the managed service monitoring solution (reactive and proactive). Proactive monitoring is based on triggers being set at different thresholds against key metrics such as CPU usage, memory and diskspace. Depending on the severity of the event identified we will respond appropriately and in accordance with agreed service response times.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management is always preceded by either an event, detected automatically via monitoring or a call/ticket being raised (by phone, direct ticket or email) to the service desk. This team will provide initial categorisation and triage where appropriate, and will handle all communications via the ticketing system, status page and notifications. This team will also, using the comprehensive runbook developed, undertake immediate set actions or escalations as required to resolve the incident. We provide monthly reports providing a measurement of performance against agreed service levels and conduct a quarterly review with an operational and strategic focus, aimed at continual improvement.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Through our ISO 14001 accreditation, which we have held for 8 years, we work within the ISO environmental management system framework to identify the key aspects where we could have a negative impact on the environment. As a result, we have a detailed policy and systems in place to reduce our impact. Primarily through the areas of air emissions, water discharges, waste management, land contamination, sustainability of natural resources use, local and community environmental issues and technological options. Some of the areas we are working on currently are:; - Working to maintain our carbon neutrality by reducing our direct carbon footprint through the reduction of emissions, discharge, contamination and corporate travel. Having had a third party audit our carbon footprint data, we are now working towards our goal of maintaining our carbon neutrality.; - Looking at our wider indirect carbon footprint and working with our suppliers, through an assessment process and questionnaire, to ensure we are working with likeminded partners.; - Encouraging our employees to decrease their personal carbon footprint through the promotion and use of car-sharing, public transport, our EV scheme and our cycle to work scheme, ultimately leading to a reduction in air emissions.; - Choosing a landlord that has B Corp status to support our goals.; - Offsetting anything that cannot be reduced through recognised and legitimate partnerships.; - Reducing energy usage through using modern energy efficient equipment.; - Moving technology to the cloud to decrease carbon footprint and emissions and increasing the use of renewable energy.; - Reducing raw material usage by digitising where possible.; - Minimising waste by heavy promotion of reuse and recycling; - Researching the benefits of B Corp status for ourselves.; - Spreading the reach to our clients by educating them about sustainable code, through a series events and workshops.

  Tackling economic inequality

  We work towards tackling economic inequality in any way we can, at the moment we are focusing on employment, education and training, development of scalable and future-proofed new methods, and identifying and managing cyber security risks through:; - Developing programs that support flexible working conditions, including remote work opportunities. This can make employment more accessible to individuals in remote or underserved areas, or to those with additional responsibilities, helping to spread economic opportunities more evenly across regions.; - Incorporating health and wellbeing programs that support employees' mental and physical health this also addresses economic inequalities by providing support that might not otherwise be available to lower-income employees.; - Implementing inclusive hiring policies that actively seek candidates from diverse backgrounds.; - Support for underrepresented candidates by providing careers advice, including mentoring, mock interviews and CV advice, and opportunities for in-work progression and career development into known skills shortages or high-growth areas.; - Offering opportunities for work experience or similar activities.; - Providing apprenticeships and industry placement opportunities.; - Support for educational attainment resulting in recognised qualifications.; - Activities to support relevant sector-related skills growth in the workforce, for example, careers talks, curriculum support, literacy support, safety talks, and volunteering.; - Partnerships with non-profits to extend the reach of our programs, especially in underserved communities.

  Equal opportunity

  We promote equal opportunity to our potential and current employees in many ways and we are constantly working on the following:; - Working on internal unconditional bias through discussion, training and process changes.; - Ensuring our job ads are not discriminating and don’t use any stereotypes or biased language.; - Ensuring that everyone in the company feels that they are in a safe place and their voices are heard and respected and feel safe in the knowledge that they will never face retaliation for a complaint or raising a concern.; - Giving numerous escalation and support channels; - Providing resources and educational material that include examples of different types of discrimination – whether this is indirect discrimination, unconscious biases or offensive. language. Helping our employee’s awareness of issues they may not have recognised as discrimination before.; - Celebrating differences and gaining advocates from other parts of the business, such as with our Great Women initiative.; - Ensuring leadership promotes, internally or externally, who we are as a company and who we want to be.; - Bringing guest speakers in to talk to our employees helps to bring new viewpoints and conversations around the question of diversity to our workforce.; - Employees are able to balance their work and their life in a way that suits them allowing differences to be catered for equally.; - Every employee works with their line manager on clear expectation setting aligned with goals that are both achievable and challenging (SMART objectives). Supported by training and development and regular 121s with their manager.; - Carrying out company surveys to ensure staff members feedback is heard.

  Wellbeing

  The wellbeing of the people that work for Great State is a key focus for us as a business – we have therefore implemented a range of initiatives, including: ; - Providing access to and funding Private Healthcare which includes confidential counselling, discounted gym memberships and discounts on everyday retail items.; - Supporting employees to achieve their goals by providing 121’s, objectives and training to encourage mental wellbeing.; - Setting up friendly fitness challenges to motivate employees to care for their physical health and develop our company’s interpersonal relationships.; - Offering salary sacrifice schemes to aid financially, whilst encouraging more sustainable commuting with the EV and Cycle to Work scheme.; - Arranging regular get-togethers to aid healthy relationships with colleagues to enable mutual support and trust.; - Creating a comfortable work environment to improve physical and mental health, with standing desks, healthy food and drink options, ergonomic seating and wellness and social spaces.; - Recognising and rewarding employees for hard work, increasing confidence and making people feel valued for their contribution, through kudos on our HRIS, rewards, etc. ; - Encouraging staff to take responsibility for their own wellbeing by creating a culture that talks about health and wellbeing and supporting employees to take steps to improve themselves. ; - Providing wellbeing workshops, such as yoga.; - Offering flexible working to suit different working styles, schedules and preferences.; - Offer annual flu shots to keep the workforce healthy.; - Offer employees the option to take a sabbatical leave after a certain period of employment. This can be used for personal development, volunteering, or simply to take a break, which can significantly improve mental and emotional health.

Pricing

• Price: £650 to £1,500 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@greatstate.co. Tell them what format you need. It will help if you say what assistive technology you use.