Meritec Limited

Umbraco Website Content Management System (CMS)

Our service provides a smart, modern responsive website underpinned by a powerful and flexible Umbraco content management system (CMS). This intuitive platform enables rapid content generation with easy to change presentation templates and interface objects. We develop our websites to focus on the User Experience (UX) and WCAG2.1 compliance.

Features

• Modern, open-source content management system: Umbraco
• Integrates seamlessly with low-code digital platform
• Achieves high scores on accessibility and customer experience ranking engines
• Developed from ground up with mobile rendering in mind
• Optionally can support range of digital forms and workflow processes
• Flexible approach to navigational aids and 3-level design approach
• Compliant with W3C Web Accessibility Initiative (WAI) standards & WCAG2.1.
• Wide experience of designing around the user experience and journey
• Popular WYSIWYG editor and easy to navigate, intuitive menu structure
• Templates and pages can be previewed on different viewports

Benefits

• Smart, modern, agile website and content store enhances organisational image
• Enhanced usability and customer experience
• Can be integrated with key business systems
• Mobile responsive design for accessibility across all devices
• Reduces face to face and telephone contact time
• Fast access to information saves time and money
• Level AA Conformance to Web Content Accessibility Guidelines 2.0
• Follows Government Digital Service design principles and WCAG2.1 compliance
• Content can be easily uploaded and updated
• Supports self-service and integrates with our other digital solutions

£12,600 an instance a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at adam.wilkinson@meritec.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

947092011966502

Contact

Adam Wilkinson
01756 699204
adam.wilkinson@meritec.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Meritec will perform non-essential updates on a defined schedule, normally outside of standard working hours. Customers will be given at least 2 weeks’ notice where possible of scheduled maintenance tasks. Essential updates, e.g. security patches, would be installed at the first available opportunity, to be agreed with the customer.
• System requirements: No specific requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support response times:; Priority level/ Response Time - 1) 30 minutes 2) 1 hour 3) 4 hours 4) 1 day. By agreement for weekends and bank holidays.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: • Standard support level per SLA included in service cost; • Alternative levels of support by agreement; • A service manager is part of our standard service
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A set-up facility and full user documentation is provided. Training (including) online training is available
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: A wide variety of formats and platforms are supported for secure export. Meritec can provide a "data out" policy if required.
• End-of-contract process: • All client data returned to client; • All client access deactivated; • Relevant secure processes fully applied; • Above at standard cost

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Our service interface exposes SOAP & XML web services. The Integration Hub interfaces with any common API platform.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have performed interface testing with client users adopting a combination of CMS features, expert template design and external tools including the inbuilt accessibility checker within TinyMCE.
• API: No
• Customisation available: Yes
• Description of customisation: • Scope for localisation of software; • Customers can use configuration tools; • Users can customise

Scaling

• Independence of resources: Meritec Cloud Software service is supplied on the basis of guaranteed resources. This translates into a solution that is guaranteed to scale when you need it to, rather than when there's resource available to.

Analytics

• Service usage metrics: Yes
• Metrics types: • System availability; • Response times; • Unscheduled outages; • Incident response times; • Incident resolution times
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: A wide variety of formats and platforms are supported for secure data export
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: • Service Availability 99.9% (uptime) per month; • Service Availability Window 7*24 hours (all days) – 24 hours a day excluding 12am - 4am Sunday maintenance period.; • Response time for accessing screens - Should be within 3 seconds (at a minimum) 99% of the time; • Response time for searches Response time for basic system searches for information and return of results system should be within 5 seconds 97% of the time; ; Meritec will work with each of our customers on an individual basis to determine if a recompense model is required to meet the needs of the specific council or public department/ organisation. ; ; We strive to exceed, wherever possible, our SLA targets for service levels. In the unlikely event of failure to meet our SLA targets we would invoke the agreed process which would award an appropriate level of service credits by way of compensation.
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access is restricted via rights and roles permission settings within the relevant area and channel. Often times these are linked to a Directory services such as MS AD.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Our service is role based. Administrator access can only be assigned by another administrator. Access is via username and strong/secure password.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International Limited
• ISO/IEC 27001 accreditation date: 4/11/2019
• What the ISO/IEC 27001 doesn’t cover: There are no exclusions in Meritec ISMS Statement of Applicability (Annex A) ISO 27001:2013 covers all aspects of Information Technology Security.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials
  • Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: • Meritec rigorously applies its comprehensive Information Security Management System (ISMS) – copy available on request.; • Reporting structure is ISMS Manager to Technical Services Director to Director of Service Delivery.; • Policies are applied by staff with continuous monitoring

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Meritec Change Management process adheres to ITIL guidelines. Any Change in Meritec IT environment is processed through Change Control system. A change is logged on the system with following information:; Change Description including the asset number of affected equipment; When Changed; Change Duration; Risk analysis; Regression plan; Security Implications; Change Technician. Details of change are emailed to all Stakeholders. Change is approved or rejected by CAB or its nominee. Technician updates the change stating if change was successful or not. All Meritec IT equipment is recorded on the Asset Register and any change is reflected in the Asset Register.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Meritec:; • monitors information systems to detect attacks and/or signs of potential attacks, including unauthorised network local or remote connections. ; • deploys monitoring devices strategically within information technology environment to collect information security events and associated information.; • protects information obtained from intrusion-monitoring tools from unauthorised access, modification, and deletion.; • monitors inbound and outbound communications traffic to/ from the information system for unusual or unauthorised activities or conditions.; • heightens the level of information system monitoring activity whenever there is an indication of increased risk to Meritec operations, individuals and assets.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Our Protective Monitoring processes comprise a set of control alerts and reports that provide feedback to those with responsibility for monitoring and addressing compromises. This includes such information security control activities as inspecting firewall logs, investigating operating system security alerts and monitoring Intrusion Detection Systems (IDS). Our Protective Monitoring also includes putting in place mechanisms for collecting ICT log information and configuring ICT logs in order to provide an audit trail of security relevant events of interest. Compromises and incidents are immediately logged, analysed and rectified.
• Incident management type: Undisclosed
• Incident management approach: The Meritec ITIL compliant support desk called ServicePoint is responsible for receiving requests and notifications regarding user help and support. Incidents are allocated unique identification and calls are monitored and if necessary escalated as appropriate. The output report(s) provided by ServicePoint provide part of the preparations that the Service manager will use at the next Service Management meeting. Given due authorisation levels it is possible for client staff/management to access the calls database and enquire directly regarding status, progress, etc.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Meritec have recently relocated all of their SaaS services (including this G-Cloud service) from a co-location data centre facility to a state-of-the-art Virtual Private Cloud in one of the newest & greenest Data Centre facilities in the UK. The host Data Centre facility is ISO 50001 (Energy Management) certified and ISO 14001 (Environmental Management) certified.; Furthermore, Meritec has recently switched its HQ energy supplier to be provided by 100% fully renewable energy. Meritec has adopted a fully hybrid-working model which has enabled us to close our office for an additional 2 days per week and massively reduce the amount of carbon emissions used from employee’s commuting to the office much less frequently.; All of the above actions are part of our wider plan to enable us to meet our own, and assist our public sector customers in meeting their, net-zero carbon emission target of 2030.
• Wellbeing:

  Wellbeing

  Meritec take the wellbeing of our valued employees, partners, and customers extremely seriously. We pride ourselves on being a caring employer and enjoy very low staff turnover. We regularly arrange social events including activities to raise money for charities and other worthy causes. We have developed our very own Mental Wellbeing E-Awareness course in conjunction with David Beeney (Breaking the Silence) that all our staff are required to take at least annually and can access throughout the year. We have a number of staff incentives aimed at wellbeing including PerkBox and regular social events. ; We are currently working on a diversity and inclusion e-awareness course and are very fortunate to have a diverse workforce that enjoy working in a caring environment. In March 2022 the whole company committed to the “March for Mental Health” initiative whereby all employees were encouraged to get out and walk as much as possible and log their steps & images of their walks on social media – this was a great initiative that had great engagement across the company whilst also raising £1,170 for the ‘Darby Rimmer Foundation’ and ‘State of Mind.’; Meritec would be delighted to offer a discount on our Mental Wellbeing E-awareness Course for any customers taking this G-Cloud service.

Pricing

• Price: £12,600 an instance a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at adam.wilkinson@meritec.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.