Alcium Software Limited

Umbraco Content Management System (CMS) Development, Implementation, Hosting and Support

Umbraco CMS website design, development, implementation and migration for the public sector. Alcium can design and build intuitive, flexible and customisable Umbraco websites which are responsive, GDPR compliant and optimised for website accessibility. We design, develop, host and support our website solutions.

Features

• Umbraco Content Management System (CMS)
• Open-source CMS for public sector and Local Authorities
• Umbraco CMS support and hosting
• Umbraco CMS migration and consultancy
• Umbraco CMS development
• UK hosted Umbraco CMS websites
• Responsive, mobile-friendly websites
• Intuitive, flexible and easy to use website content editor
• Scalable CMS which can be integrated with other systems
• B-lingual and Multi-lingual Content Management System

Benefits

• Easily manage and update website content
• Multi-lingual CMS
• Easily integrated with other systems
• Responsive previewing - preview website on different devices
• Instant website content updates
• Can be compliant with WCAG 2.1AA, WCAG 2.1AAA accessibility standards
• Open-source, flexible CMS
• Open-source CMS for public sector and local authorities

£595 to £1,200 a unit a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@alciumsoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

822850713196549

Contact

Kevin Grimshaw
0114 349 1294
info@alciumsoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: For new clients with an existing Umbraco CMS website which has been built by another provider, we will need to review the existing code and set-up to confirm if we can migrate the CMS and build on the platform. ; ; The minimum contract period is 12 months.
• System requirements: Internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our helpdesk support service adheres to the ITIL Framework for IT Service Management. Service levels and response times are set out within our Service Level Agreement.; ; Our helpdesk aim to close out all enquiries on receipt of the initial contact. Our helpdesk operate Monday-Friday, 9am-5pm (excluding public holidays).
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our Helpdesk support team are contactable via email and telephone Monday-Friday, 9am-5pm (excluding public holidays). Technical support and bug fixes are included within the annual hosting agreement. ; ; A dedicated Account Manager is also assigned for each client as part of onboarding. Full training is provided as part of the implementation and onboarding process.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full and custom training is provided to educate users on how to use Umbraco CMS and make content edits across the website, based on their roles/permissions, Training can be provided online or onsite, depending on the Client's preferences. ; ; Any staff undertaking training will be part of the full onboarding process, meaning they will understand the full scope of the CMS, client website, client nature of business and customisation. ; ; User guidance is provided via video and written guidance can also be provided if requested. General Umbraco documentation is also widely available online.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Videos / Video guidance
• End-of-contract data extraction: We will extract and securely provide the database and associated files to the Client.
• End-of-contract process: At the end of the contract, we will extract and securely provide the database to the Client.; ; For additional data requests, there may be an associated cost which would be scoped and agreed with the client depending on the request.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our Umbraco CMS websites are responsive and optimised across screen sizes including mobile, tablet and desktop. The preview function of Umbraco CMS allows users to view all pages according to the device it is displayed on to simulate how the page(s) will look on the respective screen size. This allows content editors to preview web pages across all devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The Umbraco CMS admin interface is accessible via internet browsers. Only authorised users are able to access the service interface.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The Umbraco Backoffice complies with WCAG 2.0 Level AA
• API: Yes
• What users can and can't do using the API: Umbraco is able to integrate with APIs for the push and pull of data. We can investigate API integration for clients on provision of a specification / requirement document, or discussion around the specific integration requirement.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Umbraco website front-end (public facing website) is fully customisable. The Umbraco CMS administration system can be customised via settings and permissions. ; Customisation would need to be undertaken by a web developer or developers with Umbraco experience.

Scaling

• Independence of resources: Alcium Software utilise dedicated servers on a cloud hosting platform – Azure, which is hosted and provided by Microsoft. All servers are located within the UK (UK South – London, UK West – Wales). We have our own dedicated environment on Microsoft Azure, i.e. not shared with other Azure customers.

Analytics

• Service usage metrics: Yes
• Metrics types: Websites can be integrated with Google Analytics to provide insight and data on website performance and usage.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Typically data can be exported via CSV for some functions, however any data which requires exporting will be discussed as part of the onboarding process.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We can evidence 99.9%+ uptime for >5 years of service delivery. We do not offer financial rebates for availability related issues
• Approach to resilience: Our infrastructure is hosted on Microsoft Azure. Azure provides enterprise-grade cloud infrastructure which includes physical elements like redundant power, networking and cooling. Our services our deployed using cross region replication (UK South > UK West) and is all hosted within the Azure UK geographic region.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access can be restricted via username and password, 2-factor authentication (2FA), Identity federation with existing provider (e.g. Microsoft)
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certified International Systems Ltd
• ISO/IEC 27001 accreditation date: 04/07/2019
• What the ISO/IEC 27001 doesn’t cover: Certification covers our information security practices
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Alcium Software are ISO27001 certified. Accredited certification to ISO 27001 demonstrates that an organisation is following international information security best practices. We are also Cyber Essentials certified. We follow documented security policies which are regularly reviewed by a board level member.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We use a dedicated change management system where changes are reviewed for quality standards, including security issues/concerns. Changes are tracked and audited in the system. Insecure change requests are rejected. We have separate production and test environments.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We utilise official supplier monitoring tools and blogs to monitor activity and intrusion detection as well as to keep up with latest information on security updates. Examples include but not limited to – MSRC, Security release notes for Microsoft Office, iOS release notes, Azure Status History.; ; Any issues identified would be assigned a priority based on severity.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We utilise official supplier monitoring tools and blogs to monitor activity and intrusion detection as well as to keep up with latest information on security updates. Examples include but not limited to – MSRC, Security release notes for Microsoft Office, iOS release notes, Azure Status History.; ; Any issues identified would be assigned a priority based on severity.
• Incident management type: Supplier-defined controls
• Incident management approach: In line with our ISO27001 accreditation, Alcium Software have a formal documented Information Security Incident and Management Policy. All reported issues via email or telephone are logged on our internal system. Calls are assessed and given a priority status in line with our Service Level Agreement. Our ISIM Policy is reviewed regularly and issued to all employees.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Tackling economic inequality

  Covid-19 recovery

  We work with many organisations in supporting their response to the impact of COVID-19 on local businesses and individuals. We have created websites and digital solutions for many organisations throughout the UK to help manage and deliver support to businesses and jobseekers recovering from the impact of COVID-19.

  Tackling economic inequality

  We have designed and developed websites, and crafted functionality which supports jobseekers into work and aims to reduce and tackle economic inequality in gaining employment.

Pricing

• Price: £595 to £1,200 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@alciumsoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.