Skip to main content

Help us improve the Digital Marketplace - send your feedback

The Education Company Ltd

Umbraco Content Management System (CMS) - education suppliers

Umbraco is a cloud-hosted CMS for websites and digital services. Our Azure-hosted, GDPR-compliant Umbraco CMS platform toolkit includes features for education audiences, including education-eCommerce and a Learning Management System. Integrates with CRM, SSO and marketing packages. Umbraco is open-source, easy to use, mobile responsive and data-driven.


  • Umbraco CMS consultancy, website development, configuration, design and deployment
  • All site pages fully content manageable within Umbraco CMS
  • Integrated Learning Management System (LMS) with white-labelled Moodle platform
  • Integrated education sector database for registrations and account verification
  • Separation of CSS and CMS meaning content management is non-technical
  • Educational-based navigation and search tools including challenge and curriculum led
  • Education-sector eCommerce system serving individuals, schools, MATs and LEAs
  • In-built SEO tools and plugins to maximise performance
  • Provides versioning of content, publishing to UAT and permissioning system
  • Certified Umbraco partner with Umbraco-qualified website developers


  • Optimise performance with education sector audiences - LA Traded Services
  • Separate CSS and CMS. Non-technical users publish beautiful content
  • Manage multiple microsites from within one Umbraco CMS
  • An intuitive interface that is easy to use and train
  • Serve relevant content to visitors based on their profile
  • Mobile responsive websites. Device previewing tools
  • Attractive, expertly-designed customer-specific templates
  • Seamless integration with third-party systems including CRM
  • Azure-hosted which is scalable, ISO 27001 compliant
  • UK-based agency using in-house skills for all aspects


£650 to £750 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

9 2 7 5 6 8 5 9 4 7 6 2 3 3 0


The Education Company Ltd Jason Gould
Telephone: 01634 729888

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
The Education Company also provides a CRM platform for organisations working with the education sector which integrates seamlessly with Umbraco CMS and enables a wider range of functionality and analytics. This includes access to a master database of educational organisations and contacts.
Cloud deployment model
Public cloud
Service constraints
System requirements
Umbraco should work with all modern browsers

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 1 hour, if not sooner. Tickets requiring urgent attention should be telephoned through to ensure they are dealt with immediately.

Out of hours ticketing service available - 24/7/365 coverage.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
A project manager is provided as a primary point of contact. Their role is to manage the strategic relationship with the client, to the scope and coordinate enhancements, train users and ensure the solution delivers ROI. They will deliver some system configuration, will troubleshoot issues, design solutions and work across our technical workforce.

The first line support team is always available during working hours for issue raising, user queries and any other questions that require quick answers. They will coordinate the delivery of raised tickets with second-line support where required.

The above services are included within your contract price.
For clients requiring an extended level of service, we can provide an out-of-hours service covering 24/7/365. A small additional cost will apply.
Support available to third parties

Onboarding and offboarding

Getting started
We provide onsite and online training, relative to customer requirements. During implementation, detailed face-to-face training will be delivered to users. Remote training can be provided when face-to-face is impractical or undesirable.

Our maintenance contracts include access to your project manager who can support with ongoing training and user adoption.

Documentation can be created for customer-specific processes. Umbraco has a wealth of documentation available. We will also produce small screen-share videos for the revisiting of pieces of training.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
End-of-contract data extraction
We will provide full access to CMS software code. We will provide full access to the database and files on your server environment. We can extract this for you and securely transfer it via sFTP or ShareFile.
End-of-contract process
Providing access to your data and files on your server is included.

Additional costs apply if liaison is required with your new partner.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Very little - the layout of content is optimised for mobile usage. The service is designed to the users requirements.
Service interface
User support accessibility
None or don’t know
What users can and can't do using the API
Umbraco has many available open-source and configurable APIs for the recalling and consumption of data. This means that web content can be updated programmatically. Umbraco's API also allows content within the CMS to be accessed through third-party platforms.

Your in-house teams or our teams can support the integration of third-party systems, including CRM systems and SSO.

Our wider portfolio of products includes a CRM solution (SPIRIT) that seamlessly integrates with Umbraco, and provides access to a master database of educational organisations, contacts and profiling attributes.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Umbraco's public-facing front end and administration screens can be entirely customised with very few limitations.

Subject to the nature of your CMS implementation, customisation includes:
• Modules and Plug-ins
• CMS software settings and pages
• Coding using HTML and CSS (and CMS dependent configurations)

We can provide full access to the Admin system, which we would advise where the client has the necessary skills to configure and customise the solution in place.


Independence of resources
Services use an Azure-hosted public cloud-based virtual machine. Azure provides scalability of resources to ensure web performance is not affected by demand elsewhere. Clients have their own instance of Umbraco CMS. Client environments are logically separated.


Service usage metrics
Metrics types
Our recommendation would be the Google Analytics packages:
• Google Analytics 360 Suite
• Google Analytics
• Google Tag Manager
• Google Optimize
• Google Data Studio

If you prefer an alternate package, we can work with that.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
A request is made to the project manager/support team who will arrange for the full extraction of data and securely transfer, as per client preferences.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • SQL
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The Umbraco CMS platform is hosted with Azure, which guarantees 99.95% uptime.

We provide a 99.5% uptime guarantee, excluding planned downtime for maintenance and upgrades. This is conducted outside of core business hours where possible, or within an agreed window with the client.

Failure to meet this SLA will enable clients to claim a percentage of their monthly subscription fee against future invoices. The percentage is dependent on the severity of the downtime.
Approach to resilience
Everything is hosted in Microsoft Azure and is globally resilient.
Outage reporting
Direct email alerts to customers.
We can provide access to a public dashboard.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Only users with access to the software are able to raise support tickets.
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
Our services are broadly aligned to ISO27001 and our hosting provider and major software partners are accredited.

Our privacy policy ( explains how we capture and maintain our data, what information is stored, and how our customers use it. This is sent to any new data subjects that are added to our database.

As part of our commitment to transparency, we also include a list of the organisations that have access to the data that we capture.

We regularly review customer usage of our data to ensure our clients are acting in a compliant and respectful manner.

Data that is not relevant is removed from the relevant client database to minimise the risk of accidental errors.

We only capture corporate subscriber data, i.e. never any personal (consumer) data. We have processes that automatically identify any bad data (e.g. an email address), remove it from the database and flag to the research team manager that additional training may be required.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Everything is employed to UAT and signed off prior to release.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We used the Microsoft Azure security centre to monitor and alert for potential threats.
Critical patches are deployed immediately upon availability.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use the Microsoft Azure security centre to monitor and alert for potential threats. Critical patches are deployed immediately upon availability.
Incident management type
Supplier-defined controls
Incident management approach
All incidents are reported through our helpdesk and categorised for severity.
Monitoring systems alert key users outside of hours.
Incident reports are sent to the customer and internally as necessary.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks

Social Value



Our CMS platforms are designed to support organisations and their employees to invest their time in the most productive activities by limiting the amount of time they have to invest in low-value administration tasks and workload. By providing a system that provides accurate data, and insightful reporting that can integrate into other sales, marketing and finance tools we hope to ease the administrative burdens and support better workplace wellbeing.


£650 to £750 a unit a day
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.