The Education Company Ltd

Umbraco Content Management System (CMS) - education suppliers

Umbraco is a cloud-hosted CMS for websites and digital services. Our Azure-hosted, GDPR-compliant Umbraco CMS platform toolkit includes features for education audiences, including education-eCommerce and a Learning Management System. Integrates with CRM, SSO and marketing packages. Umbraco is open-source, easy to use, mobile responsive and data-driven.

Features

• Umbraco CMS consultancy, website development, configuration, design and deployment
• All site pages fully content manageable within Umbraco CMS
• Integrated Learning Management System (LMS) with white-labelled Moodle platform
• Integrated education sector database for registrations and account verification
• Separation of CSS and CMS meaning content management is non-technical
• Educational-based navigation and search tools including challenge and curriculum led
• Education-sector eCommerce system serving individuals, schools, MATs and LEAs
• In-built SEO tools and plugins to maximise performance
• Provides versioning of content, publishing to UAT and permissioning system
• Certified Umbraco partner with Umbraco-qualified website developers

Benefits

• Optimise performance with education sector audiences - LA Traded Services
• Separate CSS and CMS. Non-technical users publish beautiful content
• Manage multiple microsites from within one Umbraco CMS
• An intuitive interface that is easy to use and train
• Serve relevant content to visitors based on their profile
• Mobile responsive websites. Device previewing tools
• Attractive, expertly-designed customer-specific templates
• Seamless integration with third-party systems including CRM
• Azure-hosted which is scalable, ISO 27001 compliant
• UK-based agency using in-house skills for all aspects

£650 to £750 a unit a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jason.gould@education.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

927568594762330

Contact

Jason Gould
01634 729888
jason.gould@education.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The Education Company also provides a CRM platform for organisations working with the education sector which integrates seamlessly with Umbraco CMS and enables a wider range of functionality and analytics. This includes access to a master database of educational organisations and contacts.
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: Umbraco should work with all modern browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 hour, if not sooner. Tickets requiring urgent attention should be telephoned through to ensure they are dealt with immediately.; ; Out of hours ticketing service available - 24/7/365 coverage.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: A project manager is provided as a primary point of contact. Their role is to manage the strategic relationship with the client, to the scope and coordinate enhancements, train users and ensure the solution delivers ROI. They will deliver some system configuration, will troubleshoot issues, design solutions and work across our technical workforce.; ; The first line support team is always available during working hours for issue raising, user queries and any other questions that require quick answers. They will coordinate the delivery of raised tickets with second-line support where required.; ; The above services are included within your contract price.; For clients requiring an extended level of service, we can provide an out-of-hours service covering 24/7/365. A small additional cost will apply.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide onsite and online training, relative to customer requirements. During implementation, detailed face-to-face training will be delivered to users. Remote training can be provided when face-to-face is impractical or undesirable.; ; Our maintenance contracts include access to your project manager who can support with ongoing training and user adoption.; ; Documentation can be created for customer-specific processes. Umbraco has a wealth of documentation available. We will also produce small screen-share videos for the revisiting of pieces of training.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: Word
• End-of-contract data extraction: We will provide full access to CMS software code. We will provide full access to the database and files on your server environment. We can extract this for you and securely transfer it via sFTP or ShareFile.
• End-of-contract process: Providing access to your data and files on your server is included.; ; Additional costs apply if liaison is required with your new partner.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Very little - the layout of content is optimised for mobile usage. The service is designed to the users requirements.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Umbraco has many available open-source and configurable APIs for the recalling and consumption of data. This means that web content can be updated programmatically. Umbraco's API also allows content within the CMS to be accessed through third-party platforms.; ; Your in-house teams or our teams can support the integration of third-party systems, including CRM systems and SSO.; ; Our wider portfolio of products includes a CRM solution (SPIRIT) that seamlessly integrates with Umbraco, and provides access to a master database of educational organisations, contacts and profiling attributes.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Umbraco's public-facing front end and administration screens can be entirely customised with very few limitations.; ; Subject to the nature of your CMS implementation, customisation includes:; • Modules and Plug-ins; • CMS software settings and pages; • Coding using HTML and CSS (and CMS dependent configurations); ; We can provide full access to the Admin system, which we would advise where the client has the necessary skills to configure and customise the solution in place.

Scaling

• Independence of resources: Services use an Azure-hosted public cloud-based virtual machine. Azure provides scalability of resources to ensure web performance is not affected by demand elsewhere. Clients have their own instance of Umbraco CMS. Client environments are logically separated.

Analytics

• Service usage metrics: Yes
• Metrics types: Our recommendation would be the Google Analytics packages:; • Google Analytics 360 Suite; • Google Analytics; • Google Tag Manager; • Google Optimize; • Google Data Studio; ; If you prefer an alternate package, we can work with that.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: A request is made to the project manager/support team who will arrange for the full extraction of data and securely transfer, as per client preferences.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • SQL
• Data import formats:
  • CSV
  • Other
• Other data import formats: XLS

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The Umbraco CMS platform is hosted with Azure, which guarantees 99.95% uptime.; ; We provide a 99.5% uptime guarantee, excluding planned downtime for maintenance and upgrades. This is conducted outside of core business hours where possible, or within an agreed window with the client.; ; Failure to meet this SLA will enable clients to claim a percentage of their monthly subscription fee against future invoices. The percentage is dependent on the severity of the downtime.
• Approach to resilience: Everything is hosted in Microsoft Azure and is globally resilient.
• Outage reporting: Direct email alerts to customers.; We can provide access to a public dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Only users with access to the software are able to raise support tickets.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: Our services are broadly aligned to ISO27001 and our hosting provider and major software partners are accredited.; ; Our privacy policy (https://www.educationcompany.co.uk/privacy-policy/) explains how we capture and maintain our data, what information is stored, and how our customers use it. This is sent to any new data subjects that are added to our database.; ; As part of our commitment to transparency, we also include a list of the organisations that have access to the data that we capture.; ; We regularly review customer usage of our data to ensure our clients are acting in a compliant and respectful manner.; ; Data that is not relevant is removed from the relevant client database to minimise the risk of accidental errors.; ; We only capture corporate subscriber data, i.e. never any personal (consumer) data. We have processes that automatically identify any bad data (e.g. an @gmail.com email address), remove it from the database and flag to the research team manager that additional training may be required.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Everything is employed to UAT and signed off prior to release.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We used the Microsoft Azure security centre to monitor and alert for potential threats.; Critical patches are deployed immediately upon availability.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use the Microsoft Azure security centre to monitor and alert for potential threats. Critical patches are deployed immediately upon availability.
• Incident management type: Supplier-defined controls
• Incident management approach: All incidents are reported through our helpdesk and categorised for severity.; Monitoring systems alert key users outside of hours.; Incident reports are sent to the customer and internally as necessary.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Wellbeing:

  Wellbeing

  Our CMS platforms are designed to support organisations and their employees to invest their time in the most productive activities by limiting the amount of time they have to invest in low-value administration tasks and workload. By providing a system that provides accurate data, and insightful reporting that can integrate into other sales, marketing and finance tools we hope to ease the administrative burdens and support better workplace wellbeing.

Pricing

• Price: £650 to £750 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jason.gould@education.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.