Skip to main content

Help us improve the Digital Marketplace - send your feedback

Zoocha Limited

Drupal Backdrop Cloud CMS

Backdrop CMS is a simple, lightweight, and easy-to-use Content Management System built using Drupal 7 and provides a credible alternative for organisations whose website is powered by Drupal 7, but who do not want to upgrade to Drupal 9+.

Features

  • Low cost long term alternative for Drupal 7 websites
  • Expert Backdrop/ Drupal module evaluation based on requirements
  • Remote access to your Backdrop/ Drupal Cloud CMS
  • Customisable responsive Drupal template design
  • Drupal Multi-lingual Capability
  • Drupal publishing workflows and content versioning
  • Cyber Essentials Plus Certified
  • ISO 27001 Certified
  • ISO 9001 Certified
  • Drupal Association Gold Certified Partner

Benefits

  • Security compliant for peace of mind
  • Fully managed Drupal hosting on AWS
  • Choose from thousands of Drupal Association approved modules
  • Work with UK based expert Drupal Development team
  • Rely on over 25 Certified Drupal Developers
  • Access to 12 Triple Certified Drupal Experts
  • Integrate with other 3rd Party Systems
  • Accessible Interface for easy content publishing
  • Customisable publishing workflows tailored to each team
  • Flexible pricing for maximum return on investment

Pricing

£2,000 an instance a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@zoocha.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

8 5 8 8 2 7 0 6 0 1 8 4 8 3 5

Contact

Zoocha Limited William Huggins
Telephone: 441992256700
Email: info@zoocha.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Backdrop/ Drupal is primarily a standalone CMS but can also be used as a software component within a microservices architecture, as a headless CMS or as part of a wider digital marketing communications stack.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
N/A
System requirements
  • Drupal 7
  • PHP

User support

Email or online ticketing support
Email or online ticketing
Support response times
15 minutes for critical support (24/7/365).

Our standard support hours are 9am to 5.30pm Monday to Friday, exluding bank holidays. Zoocha also offers extended support hours from 7am to 9pm Monday to Friday, exluding bank holidays.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Zoocha provide a multi tier support service which is contracted as 'support days per month' @ £700 per day and utilisation against contracted support time is reported monthly. Contracted support time can be increased or decreased (to a minimum of 1 day per month) at any time during the contract, by providing 30 days notice.

Our standard support hours are 9am to 5.30pm Monday to Friday, exluding bank holidays. Zoocha also offers extended support hours from 7am to 9pm Monday to Friday, exluding bank holidays.

Critical support can be provided on a 24/7/365 basis at an additional cost of £250 per month, which guarentees a 15 minute response and 2 hour resolution of all critical issues.

Service level agreements (SLA's) cover uptime, incident response and incident resolution.

Each client will have a named Client Services Manager, who will be their main point of contact and will be responsible for the monthly service reviews.

Zoocha's support service is ISO certified to a UKAS rated standard for 9001:2015, 14001:2015, 22301:2019, 27001:2022.

Note: Overages (support time used above the contracted amount) is charged at £150 per hour.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The onboarding process starts with a kick off meeting to introduce the team and familiarise the key stakeholders with Backdrop/ Drupal and the support interface/ processes. These meetings are typically conducted online, although face to face meetings and training can be offered if required.

User documentation is provided via the online knowledge base (using Confluence).

Additional Drupal CMS training is provided as a separate service. Zoocha also provide agile training for Product Owners.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data may be copied out using OS-level tools (such as xopy or rsync).
End-of-contract process
Zoocha will provide an off-boarding plan as part of the contract, including secure transfer of all data. Zoocha will not erase customer data for 30 days following an account termination. After 30 days, all customer data will be securely and permanently deleted from all Zoocha systems.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Fully responsive web inteface.
Service interface
Yes
User support accessibility
WCAG 2.1 A
Description of service interface
Backdrop CMS has a user friendly editor interface, including help text. An online knowledge base (using Confluence) is also provided as well as a service desk portal to raise questions or issues to the support team.
Accessibility standards
WCAG 2.1 A
Accessibility testing
N/a
API
Yes
What users can and can't do using the API
All content and functionality can be exposed via an API.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
All of the following can be customised by the customer (assigned admin permissions): Content Types; Taxonomies; Role Types; User Permissions; Workflows; Menus/ Navigation

Scaling

Independence of resources
Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them. Services which provide virtualized operational environments to customers (i.e. EC2) ensure that customers are segregated via security management processes/controls at the network and hypervisor level.

AWS continuously monitors service usage to project infrastructure needs to support availability commitments/requirements. AWS maintains a capacity planning model to assess infrastructure usage and demands at least monthly, and usually more frequently.

In addition, the AWS capacity planning model supports the planning of future demands to acquire and implement additional resources based upon current resources and forecasted requirements.

Analytics

Service usage metrics
Yes
Metrics types
Zoocha provide a monthly service report including uptime metrics, support SLA performance and any other metrics agreed within the scope of the contract.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Other
Other data at rest protection approach
Zoocha use AWS, which adheres to independently validated privacy, data protection, security protections and control processes. (Listed under “certifications”). AWS is responsible for the security of the cloud; customers are responsible for security in the cloud. AWS enables customers to control their content (where it will be stored, how it will be secured in transit or at rest, how access to their AWS environment will be managed). Wherever appropriate, AWS offers customers options to add additional security layers to data at rest, via scalable and efficient encryption features. AWS offers flexible key management options and dedicated hardware-based cryptographic key storage.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users with administrative access to the Drupal Backdrop Cloud CMS are able to export data directly from the admin interface.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
Other
Other protection within supplier network
Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them. AWS enables ownership and control over their data/ content by design through simple, but powerful tools that allow customers to determine how their content will be secured in transit. AWS enables customers to open a secure, encrypted channel to AWS services using TLS/SSL, and/or IPsec or TLS VPN (if applicable), or other means of protection the customer wish to use. API calls can be encrypted with TLS/SSL to maintain confidentiality; the AWS Console connection is encrypted with TLS.

Availability and resilience

Guaranteed availability
Availability SLA is 99.95%. Failure to meet agreed level of availability will result in service credits awarded to to the customer.
Approach to resilience
Zoocha is certified to ISO 22301:2019 for Business Continuity to a UKAS rated standard. The scope of this certification covers all Zoocha services.

Zoocha cloud infrastructure is build on AWS. The AWS Business Continuity plan details the process, in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that system recovery and reconstitution efforts are performed in a methodical sequence, minimizing system outage time due to errors and omissions. Zoocha have implemented a robust continuity plan, including the utilization of frequent server instance back-ups, data redundancy replication, and distribution of instances/ data stores within multiple geographic regions across multiple Availability Zones.
Outage reporting
A key component of Zoocha’s service is real-time monitoring and proactive alerting (emails) and intervention across both the infrastructure and application stack.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
IAM provides user access control to Zoocha services, APIs and specific resources. Other controls include time, originating IP address, SSL use, and whether users authenticated via MFA devices.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
SOCOTEC
ISO/IEC 27001 accreditation date
08/11/2023
What the ISO/IEC 27001 doesn’t cover
N/a
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials Plus
  • ISO 27001
  • ISO 22301

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials PLUS
Information security policies and processes
Zoocha is certified to ISO 27001:2022 for Information Security Management to a UKAS rated standard. The scope of this certification covers all Zoocha services.

Zoocha implement formal, documented policies and procedures that provide guidance for operations and information security within the organisation. Policies address purpose, scope, roles, responsibilities and management commitment. Employees maintain policies in a centralised and accessible location. Leadership involvement provides clear direction and visible support for security initiatives. The output of Leadership reviews include any decisions or actions related to:
• Improvement of the effectiveness of the ISMS.
• Update of the risk assessment and treatment plan.
• Modification of procedures and controls that affect information security to respond to internal or external events that may impact the ISMS.
• Resource needs.
• Improvement in how the effectiveness of controls is measured. Policies are approved by Zoocha leadership at least annually or following a significant change to the infrastructure.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Changes to Zoocha services and features follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is via explicit access system requests, subject to owner review and authorisation. Teams set bespoke change management standards per service, underpinned by standard Zoocha guidelines. All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), final approval by authorised party. Emergency changes follow Zoocha incident response procedures. Exceptions to change management processes are documented and escalated to Zoocha management.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Zoocha perform vulnerability scans on the host operating system, web applications, and databases in the AWS environments. Approved 3rd party suppliers conduct external assessments (minimum frequency: annually). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities. Zoocha monitor newsfeeds/vendor sites for patches. Zoocha are responsible for all scanning, penetration testing, file integrity monitoring and intrusion detection for customers instances/ applications.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Zoocha use monitoring devices to collect information on unauthorized intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor:
• Port scanning attacks
• Usage (CPU, processes, disk-utilization, swap rates, software-error generated losses)
• Application metrics
• Unauthorized connection attempts Near real-time alerts flag potential compromise incidents, based on set thresholds.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Zoocha Drupal Backdrop Cloud CMS incident management process is:
Logging (creating a story for the incident in the dashboard and assigning severity level);
Validation (review and clarification by the support team);
Assignment (assigning story to relevant team member);
Analysis (estimate of time required to resolve); Resolution (completion of the story ready for acceptance by the Client);
Tracking (assignment of unique reference number and ability for Client to follow each ticket in order to receive notifications of any changes to the ticket);
Escalation (recorded method of escalating to Directors);
Acceptance (closure of the ticket via ‘one click’ acceptance by the Client).

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Zoocha are proud to be certificated to the ISO 14001 standard (by a UKAS rated accreditation body) since early 2023. This internationally recognized standard for Environmental Management Systems (EMS) helps organisations such as Zoocha in identifying, managing, and continually improving their environmental performance.

While ISO 14001 doesn't explicitly target carbon emissions, it supports the reduction of a variety of practices, such as Zoocha’s environmental policy which outlines our commitment to reducing environmental impacts, including carbon emissions.

Zoocha's services are also 'Green Mark' certified.

Zoocha has an established EMS, which includes plans, procedures, and practices to achieve our objectives and targets. This included the development of strategies to reduce energy consumption, improving process efficiency (such as in hosting environments), and switching to low-carbon energy sources.

Tackling economic inequality

At Zoocha, we understand the profound impact that economic inequality can have on communities and industries alike. Our approach to tackling this issue is multi-faceted, rooted in our core values of People, Trust, Value, Quality, and Success. We strive to create opportunities and foster an inclusive environment where everyone has the chance to thrive.

Firstly, we ensure that our hiring practices are fair and inclusive, offering equal opportunities for people from diverse backgrounds. This is crucial in the tech industry, where diversity can drive innovation and creativity. By building a team that reflects a wide range of experiences and perspectives, we not only enhance our own services but also contribute to reducing the skills gap in the technology sector.

We also extend our commitment to economic equality through our work with clients in the higher education, public sector, health, and Charity/NGO sectors. By delivering high-quality digital solutions that improve accessibility, efficiency, and engagement, we help these organisations serve their communities more effectively, indirectly combating economic inequality by providing better access to essential services.

Finally, our contributions to the Drupal Open Source project reflect our belief in the power of technology as a force for good. By supporting the Drupal community through financial support, code contributions, and knowledge sharing, we help ensure that cutting-edge technology is available and accessible to all, democratizing access to digital tools that can empower individuals and organizations worldwide.

In these ways, Zoocha actively works towards a more equitable world, leveraging our expertise and resources to make a difference in the communities we serve and beyond.

Equal opportunity

The Zoocha culture, policies and processes explicitly ban any discrimination including (but not limited to) on the grounds of age, disability, gender reassignment, marriage/civil partnership, pregnancy/maternity, race, religion or belief, sex or sexual orientation. Zoocha aspires to provide a diverse workforce, a composition of which reflects that of the broader community.

In accordance with our policy, Zoocha is totally committed to the principles and practice of equal opportunities as an employer. Our directors and members of senior management are empowered to recruit and manage employees, advocate our policies and make every effort to ensure that all actions and decisions have equity at their core.

Wellbeing

At Zoocha, our employee wellbeing is our top priority and we offer a number of services to accommodate this. Our benefits scheme includes birthdays off, 25 days of annual leave per year, gym memberships, mental health support and private health care. These are offered to our employees to ensure that we are able to provide a comfortable, secure work space that everybody can enjoy.

We also offer all of our employees the opportunity to take advantage of a flexible working schedule which allows them to work from any location and attend to any needs throughout the day. While we encourage the onboarding of local employees to support employment opportunities, we are more than happy to accommodate our remote employees, supplying any equipment needed in order to create a comforting home office space, as well as booking hotel stays if they want to visit the office for a more sociable atmosphere.

Pricing

Price
£2,000 an instance a month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@zoocha.com. Tell them what format you need. It will help if you say what assistive technology you use.