Drupal
ISO27001 certified Drupal platform and Drupal upgrades - Drupal cloud hosted CMS for digital services and websites. S8080's compliant Drupal platform securely handles multilingualism, CRM, integrations, single sign-on, forms and workflow. Drupal content management system is open-source, easy to use, yet powerful. Mobile, accessible and designed around user’s needs.
Features
- UK Drupal consultancy, digital services and websites, 22 years experience
- Drupal 7, Drupal 8 upgrades, Drupal 9 deployment and development
- Drupal migration and Drupal updates and configuration
- Drupal security hardening and patching
- Mobile optimised Drupal templates (Including LocalGov Drupal)
- LocalGov Drupal platform deployment
- Drupal content versioning, audit and rollback
- Powerful search options including Apache Solr, Funnelback and Elasticsearch
- Drupal UK cloud hosting options, fully managed, public or private
- Drupal multilingual publishing and Welsh Language Standards compliant
Benefits
- IA, user centred design, user testing and Alpha rapid prototyping
- Drupal has no vendor tie-in and no licence fees
- Complex Drupal back-office and CRM integrations, with single sign-on
- ISO 27001 certified and ISO 9001 certified Drupal services
- Cyber Essentials and Cyber Essentials Plus certified Drupal services
- 24/7/365 support with direct Drupal developer access
- Accessibility testing to WCAG 2.1 AAA
- Clients include No.10, ministerial departments, emergency services, local authority, education
- UK based agency, Drupal team and hosting provision. No contractors/freelancers
- Exploitation Security - Anti DDOS measures and PEN testing options
Pricing
£665 to £770 a unit a day
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
7 9 1 9 4 8 3 8 1 7 9 5 1 4 1
Contact
S8080 Limited
Matt Howard
Telephone: 01792 398266
Email: matt@s8080.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
- If you'd like us to migrate or support a CMS, website or digital service that has been built by another provider, we will need to check a few things first to validate existing compliance, security, accessibility and usability.
- System requirements
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Support availability is 24/7 - 365 days a year. Support response times within 30 minutes, (but usually immediate).
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- Validation from web chat SaaS provider.
- Onsite support
- Yes, at extra cost
- Support levels
-
Together with a fully managed hosting provision, we offer two support options. Your S8080 technical project manager will be your single point of contact for the duration of your support, who will liaise with developers and engineers on your behalf.
• Standard Support
Work is billed to the nearest 10 minutes and charged at our standard rates with no surcharges. Support will be provided during office hours, Monday to Friday, 9.00 to 5.00pm. For extended cover, see our 24/7/365 support below. Support time can be used for absolutely anything, it's very flexible.
• 24/7/365 Support
For clients who demand an extended level of service. It’s 24 hours a day, seven days a week, 365 days a year and available as an addition to our Standard Support. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Our training sessions for your software or digital service typically last between half a day and a full day, depending on functionality. You will be trained by your S8080 project manager and the lead developer for your project. These two people will have been intimately involved in your project from inception and will have a detailed understanding of every aspect.
They will prepare easy to read, concise documentation for you and your team and also brief video tutorials for common tasks. These videos will always be available to you as 'reminders' for tasks that you may only perform occasionally.
We encourage a 'train the trainer' approach to keep your training costs low, and we'll typically train up to six members of your team in the session. If you'd like larger groups trained, we may split the training into several smaller groups to retain the ideal trainer/trainee ratios. - Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- Other
- Other documentation formats
- Brief video tutorials for common tasks
- End-of-contract data extraction
- We will provide full access to software code. We will also provide full access to the database and files on your server environment. We can also help with extracting this for you if required.
- End-of-contract process
-
If we have arranged hosting for you, you can arrange to continue the arrangement with the hosting provider or move to another hosting provider.
We will provide full access to software code. We will also provide full access to the database and files on your server environment.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The layout of content is optimised for mobile delivery.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- Service administration screens are browser based and can be customised almost without limit.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
-
Tested with Total Validator software.
Also, if it's a requirement, your website / digital service can undergo online or lab-based user testing, and pan-disability user testing.
Each testing team is made up of individuals who have different types of disabilities and all of whom use assistive technology to access computers.
We test to ensure accessibility for those people with:
• Blind
• Low vision
• Colour-blind
• Dyslexia
• Learning disabilities
• Mobility impairments
• Deaf
• Asperger’s
• Epilepsy
• Anxiety/Panic disorder - API
- Yes
- What users can and can't do using the API
- Drupal has over 30 available open-source, off the shelf configurable APIs. Full details can be found at Drupal.org: https://www.drupal.org/docs/drupal-apis
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- ODF
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The public-facing front end and administration back end screens can be customised almost without limit.
Depending on your software implementation, customisation can be achieved through:
• Software settings
• Coding
• Modules and Plug-ins
Software settings customisation can be undertaken by a trained user.
Scaling
- Independence of resources
- The service is hosted on a fully managed public or private (single tenant) cloud-based virtual machine. You have your own instance of the application and supporting infrastructure. You do not share resources or software with anyone else.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
The full range of insights and analytics that Google Analytics provides in:
• Google Analytics 360 Suite
• Google Analytics
• Google Tag Manager
• Google Optimize
• Google Data Studio
Or we can integrate other analytics packages that your organisation uses. - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Depending on the type of data you need from the system, we can automate secure data exporting for you.
We can also provide full access to software code together with full access to the database and files on your server environment.
We can also help with extracting data for you as part of your support package. - Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
99.99% availability.
Users are refunded on a pro-rated basis for unavailability of service. - Approach to resilience
- Depending on your requirements, our service can be deployed across a number of sites, regions and zones. Each zone is designed to eliminate single points of failure (such as power, network and hardware) to ensure service continuity should a failure, incident or attack occur.
- Outage reporting
-
All outages will be reported via the service status pages on the hosting provider's status dashboard in real-time. Our team receive instant alerts.
Instant alerts are available via Pingdom or StatusCake.
We also offer 24/7/365 monitoring and issue resolution support for clients who demand an extended level of service.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
-
To access management interfaces, all users are required to have a unique username, password (and memorable information if required).
You may also implement 2-factor authentication and IP restriction.
Support is available to named individuals only who are verified via the support portal login or via telephone or email requests. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- UKAS
- ISO/IEC 27001 accreditation date
- 12/04/2022
- What the ISO/IEC 27001 doesn’t cover
- Our whole service provision is covered by ISO/IEC 27001 certification.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 30/03/2012
- CSA STAR certification level
- Level 3: CSA STAR Certification
- What the CSA STAR doesn’t cover
- S8080 do not hold the certification directly, however, our hosting partners have a current CSA Security, Trust & Assurance Registry (STAR) certification, up to Level 3, that covers the security of the service.
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Sage Pay Europe
- PCI DSS accreditation date
- 13/07/2017
- What the PCI DSS doesn’t cover
-
S8080 do not hold the certification directly, however, Sage Pay Europe, our preferred online payment partners, have current Payment Card Industry Data Security Standard (PCI DSS) certification.
• PCI DSS
• PCI DSS v3.2
• PCI DSS v3.2 Level 1 Service Provider
We also integrate with other online payment providers, based on client preferences. - Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- Cyber Essentials
- Cyber Essentials Plus +
- ISO 9001
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- CSA CCM version 3.0
- ISO/IEC 27001
- Other
- Other security governance standards
-
S8080 hold the following certifications:
ISO/IEC 27001
Cyber Essentials
Cyber Essentials Plus +
ISO 9001
Our hosting partners comply with Cloud Security Alliance CCM V 3.0 - Information security policies and processes
-
Our ISO/IEC 27001 statement of applicability (SOA) outlines 114 Annex A objectives and controls, of which 112 are applicable to our scope:
"The protection of client and company sensitive data, network and IT management, products and services used in the delivery of web-based services including development, consultancy and hosting".
Each applicable control defines an information security policy or procedure that is externally audited every 12 months.
As part of our IMS system, we have defined roles and responsibilities for information security, with overall responsibility being held by an S8080 Director.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
S8080 has documented change management policies and processes, which have been implemented, maintained and externally audited in accordance our ISO/IEC 27001 certification.
Formal configuration management activities, including record management and asset reporting, are logged, monitored and validated, and any discrepancies investigated using our Corrective Action Reporting (C.A.R.) procedures.
A process for formal change requests is managed by our project management team in accordance with our ISO 9001 Quality management system. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
S8080's ISO/IEC 27001 approach is based on Cloud Security Principle 5:
If evidence suggests a vulnerability is being actively exploited, we mitigate immediately.
If not:
• ‘Critical’ patches deployed within 2 hours
• ‘Important’ patches deployed within 8 hours (if not sooner)
• ‘Other’ patches deployed within 24 hours (if not sooner)
Drupal sends weekly 'active exploitation' and 'regular' vulnerability notifications for core software and modules/plugins.
We also use automated software to check for module/security patch releases on our deployments. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Following best practice from the National Cyber Security Centre, S8080 protects its platforms with enhanced protective monitoring services (SIEM), at the hypervisor level and below.
This approach to protective monitoring continues to align with the Protective Monitoring Controls (PMC 1-12) outlined in CESG document GPG13 (Protective Monitoring for HMG ICT Systems).
It includes checks on time sources, cross-boundary traffic, suspicious activities at a boundary, network connections and the status of backups, among many others.
All alerts are immediately notified to our 24/7/365 developers for prompt investigation. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
S8080 has an externally audited documented incident management policy and process, which have been implemented, maintained and assessed in accordance our ISO27001 information security certification.
This activity is responsible for the progression of alerts generated by automated monitoring systems, issues identified by S8080 personnel, and incidents identified and reported to by its customers and hosting partners.
All incidents are promptly reported to our 24/7/365 development team, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution, and if appropriate, documented using our Corrective Action Reporting (C.A.R.) procedures.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
We operate a carbon negative business.
We have ISO 14001:2015 Environmental Management certification to ensure every aspect of the environmental impact of our business is considered, audited, and assessed. - Covid-19 recovery
-
Covid-19 recovery
We are supporting our team by enabling remote working for all, whether they are affected in any way by COVID-19, shielding, or not. We have improved our workplace conditions to increase effective social distancing, having adapted our offices to a hybrid workspace. - Tackling economic inequality
-
Tackling economic inequality
We aim to provide suitable social value and community benefits, of a technical leaning, to all appropriate projects we work on, on a cost neutral basis. We procure locally where possible and engage with and support local communities when appropriate.
We actively recruit a small number of ‘first job’ or ‘early career’ graduate designers and developers, giving on the job mentoring from our more experienced team members.
Every year, we offer a local undergraduate a paid internship giving them the chance to learn and develop through mentoring and training.
We support our supply chain through prompt payment. - Equal opportunity
-
Equal opportunity
We promote equality and diversity through our Equal Opportunities and Diversity Policy, and our Ethical Code of Conduct. - Wellbeing
-
Wellbeing
We have ISO 45001:2018 Occupational Health and Safety Management System to ensure our team members and visitors enjoy a comfortable, safe working environment.
We obtained Investors in People to ensure that our team members are at the heart of S8080’s vision and have everything they need to perform to the best of their ability.
We are supporting our team by enabling remote working for all, whether they are affected in any way by COVID-19, shielding, or not.
We support our local University by attending syllabus / course planning meetings and judging student competitions.
Pricing
- Price
- £665 to £770 a unit a day
- Discount for educational organisations
- Yes
- Free trial available
- No