Skip to main content

Help us improve the Digital Marketplace - send your feedback

The Other Media Limited

WordPress Cloud Content Management System (CMS)

The Other Media provide full UK based WordPress SaaS capabilities for rapid cloud deployment of World Class content management websites within a totally flexible development environment. Highly secure content editing, seamless integration with existing back office software, and fully responsive design make this a compelling CMS offering.

Features

  • Real-time reporting
  • Browser-based system management for streamlined publishing
  • Responsive design for unlimited front end look-and-feel
  • Enterprise-ready with a global support community
  • Full customisation and extensibility through community marketplace
  • Effective system integration with existing back office solutions
  • Full content management system (CMS) capabilities
  • Multiple content types supported; images, videos, text, social media
  • User centred design and development solution with standards compliant output
  • Rigorous QA processes

Benefits

  • Scalable platform to support growth
  • Proven customer conversion capabilities
  • Custom data migration available to suit needs
  • Editorial workflow, and content staging if required
  • Rapid solution deployment to achieve MEAT objectives
  • 20 years of agency experience to support customers
  • Open Source and fully customisable your customer needs
  • On-site training provided
  • World class front end design and development support
  • Platform optimisation

Pricing

£650 to £1,150 a virtual machine

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matt.jeoffroy@othermedia.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

7 2 7 3 5 2 5 1 3 0 5 3 0 5 0

Contact

The Other Media Limited Matthew Jeoffroy
Telephone: 020 7089 5959
Email: matt.jeoffroy@othermedia.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
No
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 15 minutes for P1 issues, 1 hour for P2 & P3, and this is the same at weekends if that cover is requested
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Priority: 1
Definition of priority: Critical failure; Website inoperable or no e-commerce transactions possible
Time to respond: Within 15 mins
Estimated time to resolve: 80% typically resolved within 4 hours

Priority: 2
Definition of priority: Visible issue but not a critical failure
Time to respond: 1 hour
Estimated time to resolve: 80% typically resolved by next sprint release within 2 weeks

Priority: 3
Definition of priority: Non urgent work
Time to respond: 1 hour
Estimated time to resolve: 80% typically resolved by next general software release within 1 months
Support available to third parties
Yes

Onboarding and offboarding

Getting started
There are 3 ways to help users get started on the system.

1. Onsite training where we like to keep the groups small to make the most impact, and ideally for us to 'train the trainer(s)'
2. Accompanying documentation that should be used during the training and then used for reference afterwards
3. Help desk, where users can either call or create a ticket in JIRA for assistance
Service documentation
Yes
Documentation formats
  • ODF
  • PDF
  • Other
Other documentation formats
Word
End-of-contract data extraction
Data can be provided as XML, CSV, or as a SQL database dump.
End-of-contract process
At the end of the contract the client data will be handed over, and if migration is required to a new service then this will be specified, agreed and planned in for completion. If assistance is required to be given to a new system provided then this will be done as required.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service can be purely responsive (same content on desktop and mobile), or it can be adaptive (different content on mobile devices), with both versions using the same template layout, common stylesheets, and common code base.
Service interface
No
User support accessibility
WCAG 2.1 AAA
API
No
Customisation available
Yes
Description of customisation
What can be customised - colours and font sizes
How users can customise - via a settings option within the interface
Who can customise - all logged in users

Scaling

Independence of resources
Service performance is guarenteed through allocation of virtual machine resources that have been determined with the client during on-boarding. Each client has an optimal performance window (memory and CPU usage), and if usage approaches the SLA then the allocation will be increased to ensure that user service remains consistent.

Analytics

Service usage metrics
Yes
Metrics types
User access, traffic, popular pages, time spent logged in, last log in, number of posts, number of files, time on site
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users are able to export items that that have added into the system, i.e. posts, via XML, CSV, and SQL data dump. This data is restricted to only what they have added, and they will not be able to export other users data unless it is a comment that has been made on a post.

Typically system administrators would export data rather than individual users, and this is achieved via XML, CSV, or SQL data dump as above, but can be achieved on a company rather than individual basis.
Data export formats
  • CSV
  • Other
Other data export formats
XML
Data import formats
  • CSV
  • Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Unavailability up to and including 4 hours consecutively in any calendar month: 1 day's Service Credits;

Unavailability greater than 4 hours but less than 8 hours, consecutively in any calendar month: 5 day’s Service Credits;

Unavailability greater than 8 hours but less than 16 hours, consecutively in any calendar month: 10 days' Service Credits; and

Unavailability equal to or greater than 16 hours, consecutively in any calendar month: 1 month's Service Credits.
Approach to resilience
Available on request
Outage reporting
Email, SMS, API

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
User permissions within the system determine the level of access to management interfaces and support channels. This is in addition to the system access that is put in place for all users, i.e. IP lockdown and physical entry.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Self Certified
PCI DSS accreditation date
N/A
What the PCI DSS doesn’t cover
We have certified to SAQ-A-EP
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials
Information security policies and processes
Information identified as sensitive which has been collected, and not generated, as part of business activities should only be collected if there is a very specific reason to do.

Any information identified as sensitive must be stored only within environments that are secured by user access control policies. Those access control policies must take into account that the system they govern contains such sensitive information.

Sensitive information must always be encrypted during transmission, for example using HTTPS or SSH. Where possible, the data should be used only within the system or location it is stored. Downloading data for offline processing should be avoided wherever possible as it introduces additional risks that must be considered.

The collection, storage and transmission of financial information are heavily regulated. All systems involved must have a System Specific Security Policy that meets the identified PCI requirements.

The Commercial Director must approve all System Specific Security Policies.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All service components are tracked and versioned in a code repository. Prior to deployment code is peer-reviewed, code audited, put through QA on local, development, and continuous integration servers before it is able to be deployed to production machines. As part of the QA process each service component is 'hardened' to ensure compliance and security, with any public facing systems being regularly penetration tested.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our service is monitored 24 x 7 using a range of tools such as New Relic, Pingdom, Cactii, as well as IDS services from our data centre provider. As soon as vulnerabilities are announced, (either through our datacentre provider, software provider, or security bulletins that we subscribe to), then we will plan a fix - immediate for pervasive and immediate threats, and prioritised for less critical issues that have been flagged, but typically within the next software cycle.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Our service is monitored 24 x 7 using a range of tools such as New Relic, Pingdom, Cactii, as well as IDS services from our data centre provider. As soon as vulnerabilities are announced, (either through our datacentre provider, software provider, or security bulletins that we subscribe to), then we will plan a fix - immediate for pervasive and immediate threats, and prioritised for less critical issues that have been flagged, but typically within the next software cycle.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incidents typically follow patterns and we have pre-defined response types for each. Incidents are registered in our ticket tracking system (JIRA), either directly by the client or indirectly by the account manager when the client has called the office. If an incident is noted by a member of Other Media it will be registered in the same way. Incident reports follow a standard template with the details provided by the client being captured and included on this form, and all responses recorded alongside. This report is then saved as PDF and emailed to the client.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

N/A
Covid-19 recovery

Covid-19 recovery

N/A
Tackling economic inequality

Tackling economic inequality

N/A
Equal opportunity

Equal opportunity

N/A
Wellbeing

Wellbeing

N/A

Pricing

Price
£650 to £1,150 a virtual machine
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matt.jeoffroy@othermedia.com. Tell them what format you need. It will help if you say what assistive technology you use.