Skip to main content

Help us improve the Digital Marketplace - send your feedback

Townbase

Townbase Cloud Platform for Family of Websites

Townbase Cloud offers fast, reliable and cost effective hosting of Townbase's digital services.

Features

  • Fully managed cloud infrastructure
  • Smart management of digital services world-wide

Benefits

  • Cost
  • Time
  • Reliability

Pricing

£120,000 to £250,000 a licence a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contactus@townbase.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

8 9 3 2 7 2 5 0 4 0 9 6 5 2 3

Contact

Townbase M. J. Lintunen
Telephone: +447551737073
Email: contactus@townbase.com

Service scope

Service constraints
No
System requirements
  • Townbase Platform subscriber (PaaS)
  • Townbase Product subscriber (SaaS)

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Depending on agreed SLA
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
Microsoft Teams
Onsite support
No
Support levels
SLA's depend on client requirements
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Onsite training
online training
user documentation.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Via RESTful API's
End-of-contract process
Set of API's to transfer data.

Using the service

Web browser interface
Yes
Using the web interface
Setting up services using web based tools and systems.
Web interface accessibility standard
WCAG 2.1 A
Web interface accessibility testing
Audited.
API
Yes
What users can and can't do using the API
Set of RESTful API's to build services on or run services
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • HTML
  • PDF
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Manual
Independence of resources
The solution is designed to be able to manage large user volumes. It is built on Amazon Web Services infrastructure, where the load is currently monitored and gets adjusted in case the threshold are exceeded.
Usage notifications
Yes
Usage reporting
  • Email
  • SMS

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Amazon Web Services

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Content
  • Source-code configurations
Backup controls
N/A

Automated
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
SLA agreed per client. We offer multiple options for SLA's per specific use cases and service needs.

Generally provided as: 99%

Platform level : 99,98 % (2021)
Approach to resilience
Resilience is based on the following principles
- User data is transferred only in secured form
- User data is stored securely and backed up into separate availability zone
- User permissions are strongly controlled and limited and all services are built as separate with their own users and data
- Service and operations are governed based on guidelines
- Personnel are trained to be security aware
- Software architecture is built based on security principles
- User and their permissions are managed and controlled 9
- All admin and data related activities can only be accesses by authenticated and authorised individuals
- External interface and scripts are forbidden unless specifically allowed 12. Secure service administration
- Main admin accounts are strongly controlled and limited
- Audit trail is tracked and made available on need basis
Outage reporting
Client has a dashboard to usage statistic which is a real time dashboard. Client can enable email and SMS reports per request.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access to managemt interfaces and support channels are controlled and based on invitations only. The users are regularly reviewed and updated as needed.
Where possible, SSO with MFA is enabled
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
No, it is based on industry best practises and experience.
Information security policies and processes
Following policies are put in place
- Security Policy
- End User Devices Security Standard
- User Identity Management Principles
- Access Management Principles and Controls
- Password Rules and Delivery Instructions
- Cloud Hosting Security Standard
- Security in Software Development Lifecycle
- Information Classification Guidelines

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
1. Identify the change
2. Assess the impact
3. Decide on introducing the change
4. Plan the introduction of the change
5. Implement the change
6. Verify the impact
7. Make corrections, if needed
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Security is an essential part of our software development process and the security needs to be built in, not just tested. We are using open source and third party tools and services to regularly scan potential vulnerabilities. Our services also get audited and tested by our clients.
If any vulnerabilities are found, the patches are made based on the severity and the patch availability. In shortest, the patches can be updated within two hours, but typical deployment time is 48 hours.
Potential threat information is collected from 3rd party suppliers, forums and from our clients.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We are using third party tools and services to regularly scan abnormalities.
If any abnormalities are found, we will analyse the severity and then plan the required actions.

In shortest, the changes can be made within minutes, but typical deployment time is 48 hours.
Incident management type
Supplier-defined controls
Incident management approach
We follow industry standard incident management processes, where certain common event workflows are partially automated.
Users can reports incidents through web form, email, chat and phone.
Incidents reports are provided as agreed in the service governance model with that particular client.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
AWS Frankfurth compliant. 100% renewable energy usage on all cloud operations by 2025

Currently 80% lower carbon footprint than other cloud providers:
https://sustainability.aboutamazon.com/environment/the-cloud?energyType=true

Social Value

Fighting climate change

Fighting climate change

Carbon footprint

Townbase aims to be carbon neutral by end of 2026. We will have fully green energy operations by 2026 and will offsets our office carbon footprint with a tree planting program. We already operate a fully paperless offices and we recycle our computers and other hardware equipment. Our server capacity will be operated with 100% green energy by 2026.
Covid-19 recovery

Covid-19 recovery

N/A
Tackling economic inequality

Tackling economic inequality

N/A
Equal opportunity

Equal opportunity

Engagement & Inclusion

Townbase has engaged with many university students working on problems facing the digital world. University students from partners like Helsinki University of Applied Sciences, Surrey University and Warwick University, school of management have helped us to dig in deeper into challenges in building more digital and accessible societies.

Townbase also support young people getting their first steps in the work life by hiring young professionals via Kick-Start program for paid internships. In these paid internships young professionals learn to apply their knowledge obtained from universities in real life challenges.

As we are a small organisation our diversity guidelines are being drafted. We currently employ both men and women and from varied backgrounds. We celebrate diversity as we believe this will benefit not only us, but our clients as well: different perspectives, points of views and backgrounds build a fertile ground for new ideas, points of views and make our operations more resilient and successful.
Wellbeing

Wellbeing

N/A

Pricing

Price
£120,000 to £250,000 a licence a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contactus@townbase.com. Tell them what format you need. It will help if you say what assistive technology you use.