Zengenti Limited

Content Management System (CMS) Contensis

Contensis is a flexible, modern CMS with a headless, API-first architecture and an integrated deployment platform for development using any language. Contensis is the foundation for accessible and responsive websites, intranets, apps and digital systems. It’s used by local authorities, housing associations, higher education institutions, NHS trusts and emergency services.

Features

• User-friendly, fully accessible, form-based editing experience
• Create structured content easily before re-using and publishing it anywhere
• Headless, API-first architecture - develop using any language or framework
• Publish mobile-responsive content to any digital channel
• Validation tools catch mistakes and prevent accessibility issues
• Thoroughly documented and supported APIs allow almost limitless development opportunities
• Comprehensive content scheduling and lifecycle management
• Audit trail, version control, track changes, dual-page previewing
• Productivity features for content authors, tasks lists, reminders
• Workflow: simple, powerful, easy to set up

Benefits

• Develop using your favourite languages and frameworks
• Deliver content to websites, apps and any other digital systems
• Website visitors can access your websites from any device
• Benefit from maximum uptime and resilience on our cloud infrastructure
• Easily comply with, and maintain, WCAG accessibility standards
• Reduce costs and improve customer engagement through digital transformation
• Learn from, and share with, a thriving user community
• Improve content governance with sophisticated workflow and role-based permissions
• Create, translate, and manage content in multiple languages
• Integrate back-office systems to surface important data in one place

£920 to £3,250 an instance a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@zengenti.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

938790834863625

Contact

Stef Robinson / Ola Andersson
01584 824202
tenders@zengenti.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: Contensis has three licence types: Starter, Plus and Enterprise. Each licence type differs in the scale of infrastructure it operates on, the number of separate projects, websites and systems it supports, and the amount of bandwidth, storage and concurrent users it includes. In all other respects, the Contensis software provided at each licence level is identical and provides users with the same functionality.
• System requirements:
  • Users editing in Contensis need one of the following browsers:
  • Chrome (latest)
  • Safari (latest)
  • Firefox (latest)
  • Edge (latest)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The response time SLA for support tickets are - Critical - These are handled 24/7/365, response is within 1 hour and resolution within 8 hours. High - These are handled during business hours between 9am and 5.30pm, response is within 4 hours and resolution within 2 working days. Normal - These are handled during business hours between 9am and 5.30pm, response is within 8 hours and resolution within 3 working days. Low - These are handled during business hours between 9am and 5.30pm, response is within 8 hours and resolution within 3 working days.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The response time SLA for support tickets are - Critical - These are handled 24/7/365, response is within 1 hour and resolution within 8 hours. High - These are handled during business hours between 9am and 5.30pm, response is within 4 hours and resolution within 2 working days. Normal - These are handled during business hours between 9am and 5.30pm, response is within 8 hours and resolution within 3 working days. Low - These are handled during business hours between 9am and 5.30pm, response is within 8 hours and resolution within 3 working days. As part of our G-Cloud service, we also provide an uptime SLA of between 99.9% and 99.99%, depending on the licence type, for all the websites you publish from Contensis. Unlimited support is provided within the licence cost. We provide the same level of support regardless of the licence type. We allocate an engineer to each issue who will communicate with you until the issue is resolved.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Once a call-off contract has been agreed, our engineers will undertake all the work to provision your Contensis environment within 48 hours. Your key CMS users will also be given access to the CMS and to our help desk portal. Zengenti will support you in whatever way you require to get you up and running. For example, you may have in-house developers who will work with the CMS, and we can train them to implement and launch your websites as required. The majority of our training can be delivered remotely online, at your premises, or at our Ludlow headquarters. Extensive user guides and documentation is also available on our contensis.com website to support any formal training. Zengenti also offers a full UX website design and build service via G-Cloud too.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: On request, we can provide a complete export of all content and data stored in the CMS in an agreed format.
• End-of-contract process: The standard export is provided at no cost. We can provide clients who are off-boarding with bespoke exports if required, although this would be chargeable.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Published websites are designed to operate on any mobile device.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Contensis includes a comprehensive, easy-to-use editing user interface based on content types and entries. Contensis is designed for casual use and for users to start using the interface without having completed an extensive training course. With many of our clients we see that the CMS is so easy to use that very little training is required for day-to-day, basic content editing.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We perform manual testing of all user interfaces using JAWS, NVDA and VoiceOver. Contensis has also been independently tested by the Digital Accessibility Centre, who had their staff carry out various content tasks to ensure they can use the system successfully.
• API: Yes
• What users can and can't do using the API: Anything that’s possible to build on the web is possible to build with Contensis. Contensis is a headless and API-first CMS which supports development using any language or framework. Contensis has a number of powerful APIs. The Contensis Delivery API is a platform-agnostic API that focuses on delivering content created in the CMS to your websites or applications. The Management API allows you to import, integrate and manage content between the CMS and any third-party systems. The Image API lets you manipulate and apply image transformations to images stored in the CMS as well as speeding up image delivery and ensuring images are fully optimised for use in your systems. To support multi-channel publishing and API-first content delivery, all content you create in Contensis is stored as well-structured, clean JSON, which can be accessed by our APIs. We have support examples and full API documentation for three different broad technology stacks - .NET, HTTP and Javascript which are all documented on our contensis.com website.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Contensis is an entirely browser-based CMS which enables you to build, publish and manage multiple websites, intranets, apps and digital systems from a single environment. Contensis is a headless and API-first CMS which supports development using any language or framework. All aspects of your websites can be managed using Contensis including the creation and amendment of content and data, uploading of media and assets, metadata and site structure. Users can publish and unpublish any type of content or data, and can undertake content governance and reporting as required. Each Contensis environment can support any number of websites and digital systems, subject to the appropriate licence type. Each website can separate all users, permissions, assets, content types, entries, workflow and configuration as required. Users with the appropriate permissions can easily switch between projects as required and can create and manage any content and data in the CMS.

Scaling

• Independence of resources: Each client environment is deployed to separate physical network segments, with all data segregated to separate virtual disks presented to our VMware infrastructure. The servers you would operate from would be solely for your use. Each environment is also scaled appropriately to handle specific peaks in demand. The level of demand, and appropriate resources, would be discussed and agreed with you at the outset. We have processes in place to monitor for any significant increase in traffic, including DDoS attacks. If traffic exceeds certain thresholds, we isolate the target website, avoiding risk to other customers on our infrastructure.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide website uptime reports, and reports on help desk performance. Users can also access a cloud status dashboard that summarises the current state of the service.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: On request, we can provide a complete export of all content and data stored in the CMS in an agreed format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • JSON
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our G-Cloud services have an uptime of between 99.9% and 99.99%, depending on licence type, for all your published websites, measured on a monthly basis. This includes planned maintenance. If we fail to meet the monthly SLA, service credits are calculated on the basis of the difference between the SLA availability and the actual availability achieved that month. For example, service credits = (100 - a) x b where a = the actual percentage availability of the platform during the relevant calendar month, and b = the charges payable in respect of access to the platform during the relevant calendar month (exclusive of VAT and other taxes).
• Approach to resilience: The service operates from multiple tier 3 data centres, and multiple tier 1 carriers, with multiple entry points into each data centre, and we’re not reliant on a single supplier or location to deliver the service. We also have our own resources at our headquarters in Ludlow, which can be brought into use at short notice if required. The platform is designed with resilience at every aspect from incoming connectivity to switches to firewalls, storage, hosts, load balancers, cache servers, web servers and database servers. This ensures that even if we do have an issue, the service will continue to work with the resilient pair of an item. Varnish cache with an intelligent cache invalidation system and grace period also ensures that even if a catastrophic issue occurs with code, configuration or both that 99.99% of the site will continue to serve stale resources while issues are promptly resolved. The service also has over 400 monitored data points, which gives early warnings and deep insights about any issues before they have any impact on client environments. We also offer (at additional cost) optional disaster recovery environments and extended DDoS protection for clients who require additional resilience.
• Outage reporting: The Contensis service has over 400 monitored data points, which gives early warnings and deep insights about any issues before they impact on client environments. Outages, therefore, are rare, and if they do occur, they typically involve a single client. Our help desk is the first point of contact for any client issues. Any number of users can be set up with access to the help desk to raise tickets on your behalf. Support is available 24/7/365 for any critical tickets. For any wider outages that affect multiple clients, we have an incident management process which includes additional resources to handle both technical and communication aspects. One of our incident managers will keep all parties informed and will provide regular updates, usually via email, so you can give feedback to your teams. We will also update our Zengenti Cloud Status page with details of any service outage. Following the incident, we will also issue an incident report which will include a description of the problem, the timeline and any possible mitigation to avoid a similar issue in the future.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Registering for access to the help desk requires a valid client email address. Once registered, it can only be accessed by registered users who authenticate.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 11 July 2022
• What the ISO/IEC 27001 doesn’t cover: Our ISO27001 certification covers all company operations, including our data centres.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Zengenti has an Information Security Management System of related policies and procedures, based on ISO27001 with regular internal and external audits to ensure compliance. All Zengenti staff take security and data protection very seriously, and have formal training under our ISO27001 system to aid with this. New staff are put on information security and data protection training as part of their induction and refresher courses are delivered annually for all staff. All our staff also undergo baseline security screening and background checks to meet the BS7858:2019 standard.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The platform is entirely managed using configuration management, so all operations are entirely automated with no human time required to deploy and configure infrastructure. Any changes that relate to underlying shared infrastructure are managed in accordance with Zengenti’s change control processes, and we always notify clients of any such changes with two weeks' notice unless it’s an emergency change. Any tickets or requests that require a change to the infrastructure are defined as requiring CAB approval, if not previously agreed with a documented agreed procedure. Our processes can be aligned with a client’s internal change processes where required too.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The platform has many levels of security that provide a barrier to intrusions. These include firewalls, monitoring for DDoS attacks and regular infrastructure patching with security updates. We use internal and external monitoring and perform vulnerability scans on our central infrastructure with each Contensis release. We have regular penetration tests too. We assess potential vulnerabilities through proactive monitoring of logs and via security advisories from the security sector. Whenever a vulnerability is recognised, we make an immediate decision about the potential consequences and how it should be addressed. If a patch was critical, we would apply this immediately.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The platform has over 400 monitored data points, which gives early warnings and deep insights about any issues before they have any impact on client environments. We use enterprise network monitoring tools both internally and externally and have systems in place to monitor for any increase in website and network traffic over specified thresholds, including DDoS attacks or similar. We proactively monitor logs for any unexpected events too. Any potential compromise would trigger our incident management processes.
• Incident management type: Supplier-defined controls
• Incident management approach: The majority of incidents are handled through our help desk helping to streamline incident management, tracking and resolution. For critical issues, we have a comprehensive incident management process used for security incidents, vulnerabilities and outages. The process ensures our clients are regularly notified of what is happening and keeps everyone in the loop. Our incident managers are responsible for client communications, updating our Zengenti Cloud status page, and ensuring the team is following the agreed procedures. As with all our policies and procedures, our incident management process is regularly reviewed and assessed by our ISO27001 auditors.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: NHS Network (N3)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Zengenti has invested in wood chip/pellets from sustainable sources to run our heating and hot water systems. Our biomass boiler helps to reduce energy loss during energy generation and distribution and the heating and hot water for our headquarters are completely supplied via this method. All the electricity that we consume as a company is 100% renewable. Both our data centres run using 100% renewable energy. All the electricity for our headquarters is also 100% renewable. We are currently planning the installation of a solar panel array in the grounds of our headquarters to further reduce the need for electricity from the grid. We have invested in the use of free air cooling in our own data centre at our headquarters, keeping systems cool in a more environmentally friendly way and reducing our power consumption by becoming less reliant on air conditioning units as a primary cooling source. Our staff continue to mainly work from home, which reduces the need to commute into the office, greatly reducing CO2 emissions and any unnecessary travel. The majority of our staff now typically come into the office a few days a month rather than every day.

  Covid-19 recovery

  As a company, our staff continue to mainly work remotely with around 5-10% of the team working from our offices at any one time. We have created more communal areas and casual meeting spaces to support this newer way of working. Supporting our teams to continue to work flexibly and remotely has greatly reduced travel and has reduced the demand on health services, as our teams are far less likely to come into contact with others who may have had COVID-19. We continue to ensure our teams are given the flexibility that they need to help others who might be shielding or who are at high risk from COVID-19. We have offered those who do need to work from the office paid leave if they need to stay away from the office due to illness, which is also helping to reduce the risk of others who are working from the office. Throughout the pandemic and beyond we have always tried to help our team with their mental health. We have a regular section in our weekly staff newsletter on mental health, offer quarterly mental health webinars, access to a paid subscription to the Calm app, and we also have trained mental health first-aiders who are available in the event that someone needs some help. Since the pandemic, we have embraced opportunities to get our teams together, and where we have been able to do so in a safe manner, such as outdoor walks for example. These activities have all been aimed at helping people to get together and encourage people to talk and share experiences.

  Tackling economic inequality

  As a company, we have created many training and development opportunities for young people. This starts with us supporting work experience and often ends with people from the local community joining our team, where we train them from the ground up in the latest technologies. We are one of the very few technology companies in the area, and we have given lots of opportunities to local people, which has helped to develop and diversify the local economy, which otherwise is very agricultural. We donate to charities and initiatives in our community, including sponsoring children with disabilities and low-income families to attend a circus event that they might otherwise not get the opportunity to participate in. We also regularly support our local food bank with donations. In terms of our own supply chain, this is very small and focuses almost entirely on three or four companies that provide our infrastructure services. Outside of these companies, who need scale to provide their services, we do largely use SMEs to deliver our other business requirements. This includes air conditioning engineers for our data centre through to local sole traders helping us deliver lunch for our teams. Working with business startups is something that we have always been willing and excited to do, ensuring that any risks are low enough not to impact any of our existing customers if something goes wrong.

  Equal opportunity

  Zengenti is an equal opportunities employer and has an equal-opportunity policy. The aim of this policy is to ensure that no job applicant or employee receives less favourable treatment on the grounds of gender, race, disability, colour, nationality, ethnic or national origin, marital status, sexuality, dependants responsibility, religion, trade union activity and age (up to 65). Selection criteria and procedures will be kept under review to ensure that individuals are selected, promoted and treated on the basis of their relevant merits and abilities. All employees will be given equal opportunity within the company’s service and will be encouraged to progress within the organisation. To ensure that direct or indirect discrimination is not occurring, recruitment and other employment decisions will be regularly monitored in conjunction with ethnic records of job applicants and existing employees. The company is committed to a programme of action to make this policy fully effective.

  Wellbeing

  We hold regular events as a team to look after our wellbeing and also raise money for charity. Previous events have included bake sales, organised treks, and a week of activities to support Mental Health Awareness Week which included yoga, pilates and running/cycling challenges. We have trained a number of our staff under the MIND courses on mental health awareness and first response, with an aim to help us spot any first signs and issues and offer any help to our teams. We have a #wellbeing channel in Slack for all employees to send uplifting messages, news or share advice. There is also a section in our internal newsletter on mental health and all our teams get involved in order to produce this, helping to raise general awareness as well as delivering advice and suggestions aimed at helping anyone who might be struggling with their mental health. Prior to the COVID-19 pandemic when we were all working in the office, we ensured that we made adjustments to the office space to accommodate team members who struggled with physical issues such as noisy spaces. We continue to ensure we offer wellbeing support in how people work wherever possible. We are planning in the future to support local primary schools with their mental health activities too, by providing access to activities such as yoga and meditation.

Pricing

• Price: £920 to £3,250 an instance a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We can provide a sandbox version of Contensis with all functionality included. Typically, we would expect the trial version to be available for no more than 3 months.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@zengenti.com. Tell them what format you need. It will help if you say what assistive technology you use.