WordPress Cloud Content Management System (CMS)
The Other Media provide full UK based WordPress SaaS capabilities for rapid cloud deployment of World Class content management websites within a totally flexible development environment. Highly secure content editing, seamless integration with existing back office software, and fully responsive design make this a compelling CMS offering.
Features
- Real-time reporting
- Browser-based system management for streamlined publishing
- Responsive design for unlimited front end look-and-feel
- Enterprise-ready with a global support community
- Full customisation and extensibility through community marketplace
- Effective system integration with existing back office solutions
- Full content management system (CMS) capabilities
- Multiple content types supported; images, videos, text, social media
- User centred design and development solution with standards compliant output
- Rigorous QA processes
Benefits
- Scalable platform to support growth
- Proven customer conversion capabilities
- Custom data migration available to suit needs
- Editorial workflow, and content staging if required
- Rapid solution deployment to achieve MEAT objectives
- 20 years of agency experience to support customers
- Open Source and fully customisable your customer needs
- On-site training provided
- World class front end design and development support
- Platform optimisation
Pricing
£650 to £1,150 a virtual machine
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
7 2 7 3 5 2 5 1 3 0 5 3 0 5 0
Contact
The Other Media Limited
Matthew Jeoffroy
Telephone: 020 7089 5959
Email: matt.jeoffroy@othermedia.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- No
- System requirements
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Within 15 minutes for P1 issues, 1 hour for P2 & P3, and this is the same at weekends if that cover is requested
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Priority: 1
Definition of priority: Critical failure; Website inoperable or no e-commerce transactions possible
Time to respond: Within 15 mins
Estimated time to resolve: 80% typically resolved within 4 hours
Priority: 2
Definition of priority: Visible issue but not a critical failure
Time to respond: 1 hour
Estimated time to resolve: 80% typically resolved by next sprint release within 2 weeks
Priority: 3
Definition of priority: Non urgent work
Time to respond: 1 hour
Estimated time to resolve: 80% typically resolved by next general software release within 1 months - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
There are 3 ways to help users get started on the system.
1. Onsite training where we like to keep the groups small to make the most impact, and ideally for us to 'train the trainer(s)'
2. Accompanying documentation that should be used during the training and then used for reference afterwards
3. Help desk, where users can either call or create a ticket in JIRA for assistance - Service documentation
- Yes
- Documentation formats
-
- ODF
- Other
- Other documentation formats
- Word
- End-of-contract data extraction
- Data can be provided as XML, CSV, or as a SQL database dump.
- End-of-contract process
- At the end of the contract the client data will be handed over, and if migration is required to a new service then this will be specified, agreed and planned in for completion. If assistance is required to be given to a new system provided then this will be done as required.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The service can be purely responsive (same content on desktop and mobile), or it can be adaptive (different content on mobile devices), with both versions using the same template layout, common stylesheets, and common code base.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AAA
- API
- No
- Customisation available
- Yes
- Description of customisation
-
What can be customised - colours and font sizes
How users can customise - via a settings option within the interface
Who can customise - all logged in users
Scaling
- Independence of resources
- Service performance is guarenteed through allocation of virtual machine resources that have been determined with the client during on-boarding. Each client has an optimal performance window (memory and CPU usage), and if usage approaches the SLA then the allocation will be increased to ensure that user service remains consistent.
Analytics
- Service usage metrics
- Yes
- Metrics types
- User access, traffic, popular pages, time spent logged in, last log in, number of posts, number of files, time on site
- Reporting types
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
Users are able to export items that that have added into the system, i.e. posts, via XML, CSV, and SQL data dump. This data is restricted to only what they have added, and they will not be able to export other users data unless it is a comment that has been made on a post.
Typically system administrators would export data rather than individual users, and this is achieved via XML, CSV, or SQL data dump as above, but can be achieved on a company rather than individual basis. - Data export formats
-
- CSV
- Other
- Other data export formats
- XML
- Data import formats
-
- CSV
- Other
- Other data import formats
- XML
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Unavailability up to and including 4 hours consecutively in any calendar month: 1 day's Service Credits;
Unavailability greater than 4 hours but less than 8 hours, consecutively in any calendar month: 5 day’s Service Credits;
Unavailability greater than 8 hours but less than 16 hours, consecutively in any calendar month: 10 days' Service Credits; and
Unavailability equal to or greater than 16 hours, consecutively in any calendar month: 1 month's Service Credits. - Approach to resilience
- Available on request
- Outage reporting
- Email, SMS, API
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Public key authentication (including by TLS client certificate)
- Username or password
- Access restrictions in management interfaces and support channels
- User permissions within the system determine the level of access to management interfaces and support channels. This is in addition to the system access that is put in place for all users, i.e. IP lockdown and physical entry.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Self Certified
- PCI DSS accreditation date
- N/A
- What the PCI DSS doesn’t cover
- We have certified to SAQ-A-EP
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- Cyber Essentials
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- Cyber Essentials
- Information security policies and processes
-
Information identified as sensitive which has been collected, and not generated, as part of business activities should only be collected if there is a very specific reason to do.
Any information identified as sensitive must be stored only within environments that are secured by user access control policies. Those access control policies must take into account that the system they govern contains such sensitive information.
Sensitive information must always be encrypted during transmission, for example using HTTPS or SSH. Where possible, the data should be used only within the system or location it is stored. Downloading data for offline processing should be avoided wherever possible as it introduces additional risks that must be considered.
The collection, storage and transmission of financial information are heavily regulated. All systems involved must have a System Specific Security Policy that meets the identified PCI requirements.
The Commercial Director must approve all System Specific Security Policies.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All service components are tracked and versioned in a code repository. Prior to deployment code is peer-reviewed, code audited, put through QA on local, development, and continuous integration servers before it is able to be deployed to production machines. As part of the QA process each service component is 'hardened' to ensure compliance and security, with any public facing systems being regularly penetration tested.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Our service is monitored 24 x 7 using a range of tools such as New Relic, Pingdom, Cactii, as well as IDS services from our data centre provider. As soon as vulnerabilities are announced, (either through our datacentre provider, software provider, or security bulletins that we subscribe to), then we will plan a fix - immediate for pervasive and immediate threats, and prioritised for less critical issues that have been flagged, but typically within the next software cycle.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Our service is monitored 24 x 7 using a range of tools such as New Relic, Pingdom, Cactii, as well as IDS services from our data centre provider. As soon as vulnerabilities are announced, (either through our datacentre provider, software provider, or security bulletins that we subscribe to), then we will plan a fix - immediate for pervasive and immediate threats, and prioritised for less critical issues that have been flagged, but typically within the next software cycle.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Incidents typically follow patterns and we have pre-defined response types for each. Incidents are registered in our ticket tracking system (JIRA), either directly by the client or indirectly by the account manager when the client has called the office. If an incident is noted by a member of Other Media it will be registered in the same way. Incident reports follow a standard template with the details provided by the client being captured and included on this form, and all responses recorded alongside. This report is then saved as PDF and emailed to the client.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
N/A - Covid-19 recovery
-
Covid-19 recovery
N/A - Tackling economic inequality
-
Tackling economic inequality
N/A - Equal opportunity
-
Equal opportunity
N/A - Wellbeing
-
Wellbeing
N/A
Pricing
- Price
- £650 to £1,150 a virtual machine
- Discount for educational organisations
- Yes
- Free trial available
- No