Skip to main content

Help us improve the Digital Marketplace - send your feedback

Nomensa Ltd

Public Sector website design and build service

A new website for your executive agency/arms-length body and its major projects. Covering citizen information, director blog, news. Tailored content management system, aimed at providing excellent value for the public sector, and wide experience across government.

Features

  • Step-by-step process pages, news, events and more
  • Directories showing local offerings on a map and in search
  • Custom forms with wide range of integrations
  • Custom tools/visualisations relevant to your needs
  • Widely used with community of practice and dedicated slack
  • Organisational branding and styling, from GDS-style to bespoke
  • Integrate with your organisation's single-sign-on, including ActiveDirectory
  • Content migration from previous platform

Benefits

  • Reduce carbon emissions with highly green sustainable sites
  • Highly experienced developers, with years of relevant experience
  • Content management system designed to meet PSB needs easily
  • Deep experience in user needs and GDS approach
  • World leaders in accessibility, contributing to the WCAG standards
  • Advice on content management strategy and tone of voice
  • Security/quality certifications - ISO 27001, ISO 9001, Cyber Essentials Plus
  • Hosted in your choice of Azure, AWS or GCP
  • Web application firewall and role-based access control
  • Fully managed service, but open-source. No vendor lock-in.

Pricing

£500 to £1,500 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@nomensa.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

9 5 1 2 6 1 6 6 2 7 8 9 6 6 4

Contact

Nomensa Ltd Stuart Pollock
Telephone: 0117 9297333
Email: gcloud@nomensa.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
NA
System requirements
Solution specific - to be confirmed with client

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 hour
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We provide three tiers of support, offering in-hours service, out-of-hours for P1 incidents only and out-of-hours service. These include all appropriate skills and is based on the 'Live Service' lot 3 service and the SFIA rate-card.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We conduct a discovery to identify user needs, functionality requirements, NFRs etc.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • PPT
  • Diagrammatic
End-of-contract data extraction
We will export data and transmit this to you, or work with a new supplier to transfer directly.
End-of-contract process
An export of customer data is included. Additional engineering time follows our SFIA rate-card. Any additional services would be agreed in advance.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile compatible accessible designs
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Accessible, simple to use
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
WCAG 2.1AA compliant - user testing with users of assistive technology
API
No
Customisation available
Yes
Description of customisation
Bespoke to client needs

Scaling

Independence of resources
We use automatic horizontal scaling of compute and IO, coupled with monitoring of databases to manually scale vertically. We use a CDN and caching to minimise load on services.

Analytics

Service usage metrics
Yes
Metrics types
Though optional analytics

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
In-house
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
The underlying hosting fabric manages the physical security of data. Any aspects held by Nomensa, such as infrastructure as code and contract administrative are stored on encrypted drives.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
We will export data and transmit this to you, or work with a new supplier to transfer directly.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We pass on guarantees of underlying hosting service
Approach to resilience
We use containerisation to supply self-healing compute, which automatically restarts in the event of issues. We use infrastructure as code to allow disaster recovery to alternate zones or regions, in the event of major outages. More details are available on request.
Outage reporting
We produce monthly reporting on outages. We can offer email alerts or more frequent notification if requested.

Identity and authentication

User authentication needed
Yes
User authentication
  • Username or password
  • Other
Other user authentication
Service is fully managed, all access is through support channels.
Access restrictions in management interfaces and support channels
We use Jira Service Desk's accounts system to restrict access to open tickets.
Access restriction testing frequency
Never
Management access authentication
Other
Description of management access authentication
No direct management access

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
01/11/2023
What the ISO/IEC 27001 doesn’t cover
Our ISO27001 accreditation covers all of our services
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
No
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We hold CyberEssentials Plus and ISO27001. We have an ISMS that is responsible for managing security policies and processes. We internally and externally audit our compliance.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Infrastructure is defined as Infrastructure-as-Code, which follows our secure development policy and is versioned. Security impact is evaluated through a combination of expert review and automated checkers.
Vulnerability management type
Undisclosed
Vulnerability management approach
We use software bill-of-materials generation and scanning to evaluate threats. We will work with you to ensure that vulnerabilities are patched or mitigated according to severity and priority.
Protective monitoring type
Undisclosed
Protective monitoring approach
Client-specific monitoring as agreed.
Incident management type
Undisclosed
Incident management approach
Incident management through support-desk.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Tackling economic inequality
  • Equal opportunity

Tackling economic inequality

Tackling economic inequality: Nomensa are gold-accredited Investors in People, demonstrating our emphasis on learning and development and ensuring this has impacts beyond our business and into the local community. We continue to work closely with local schools, colleges, universities and other organisations to help build the local digital skills economy for the current and next generation. Recognising the benefits of a diverse workforce, we’re committed to creating employment opportunities, particularly for those facing barriers to employment. Each year, two interns join us as part of Hargreaves Lansdown’s Strive Internship, which offers paid internships to BAME students. Organisational growth has enabled us to increase the number of apprenticeship, graduate and internship roles we offer. Since 2013, 52 apprentices, interns and graduates have developed their skills and progressed their careers with us. We also partner with charity Envision, who work with young people from less advantaged backgrounds to “make change happen whilst building their skills beyond the classroom”. Envision is a UK based charity that empowers young people from less advantaged backgrounds who are underrepresented in the world of work to develop essential skills and confidence through tackling social issues affecting their community. This year our mentor team won Mentors of the Year across the programme as well as the group of young people winning the overall award for Envision finalists 2023/24. As part of our commitment to social responsibility and community involvement, we have our Employee Volunteer Day initiative. Employee Volunteer Day is an opportunity for all employees to take a day off from work to support a charitable cause of their choice. So far, our volunteering hours include: • Supporting Bristol University outreach to school’s program providing coding and development support to events for school children. • Volunteering at career days. • Support on steering groups for Vocscur’s LGBTQ+ partnership.

Equal opportunity

Equal Opportunity: We recognise the importance of a diverse workforce and are committed to providing a working environment that is free from discrimination. We promote the principles of equality and diversity across everything we do and work to ensure that our workforce is not only representative of UK population but treated fairly and equally. As part of our E&D policy, we encourage applications and provide the support for candidates regardless of sex, race, disability, age, sexual orientation, gender reassignment, religion or belief. We know our work to meet this ambition is never finished and constantly strive towards identifying improvements to our people, processes, supply chains and environment. We continue to proactively monitor, evaluate and improve our offering, but we currently have in place the following processes: • Inclusive recruitment training and use of inclusive practices, including blind CVs, utilising alternative recruitment networks that aim to support underrepresented groups (e.g. Technojobs) and providing specialist support throughout the recruitments process, being recognised as a Disability Confident Committed company. • Early careers paths established using apprenticeship route (Level 3-Level 6) and exploring opportunities for structuring new and existing roles in line with T-level and higher apprentice frameworks. Attracting typically under-represented groups within the sector, our initiatives have already seen 52 Graduates/Apprentices since 2013. • Intern schemes, including already participating in Hargreaves Lansdown’s Strive Internship, which aims to offer up to 75 paid internships to minority ethnic students, alongside the Envision mentoring scheme, where we provide mentoring to local schools, recently winning mentors of the year 2024 and the group of young people we mentored from Digitech winning the overall event. • Employee-led working groups and assigned individuals leads, including a equality diversity and inclusion group, who proactively monitor, plan and implement new initiatives, schemes and processes.

Pricing

Price
£500 to £1,500 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@nomensa.com. Tell them what format you need. It will help if you say what assistive technology you use.