Numiko Ltd

Wagtail Development and Support

Numiko has experience delivering end-to-end cloud hosted Wagtail CMS solutions for organisations such as The National Archives and The British Academy. Whether you’re looking to update and migrate an existing Wagtail website or develop a new, enterprise-level Wagtail website, our UK-based permanent Wagtail experts have the skills to deliver.

Features

• Technical architecture and cloud-hosted infrastructure planning
• UX & design services to support development
• Front end development and accessibility testing
• Wagtail implementation and support for live services
• Content strategy and migration planning
• Tailored training delivered on site or online
• Training documentation provided
• Proactive monitoring and security patching
• Response and resolution SLAs for support
• Performance analysis for continuous improvement

Benefits

• Scalable cloud-based solutions to align with business needs
• High-performant, secure and stable systems
• Transparency in total cost of ownership
• Permanent, UK-based staff
• Named contact for support
• Co-ordination with hosting provider
• Public sector experts with over 20 years’ experience
• Cyber essentials certified continuous improvement against KPIs

£922.50 a unit a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hi@numiko.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

993527964733599

Contact

Mr David Eccles
07919992633
hi@numiko.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: N/A
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our target response and resolution times vary depending on the priority of the ticket. Priority 1 (critical) target response time is <15mins, P2 (major) is <1 hour, P3 and P4 (minor/trivial) is same day. Our service desk is monitored Monday-Friday 09.00 – 17.30 GMT.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: No
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Service includes:; - Critical Support for infrastructure 24/7/365 ; -Application Support within office hours (9-5.30) as standard; - 24/7/365 Application support can be arranged for an extra fee (dependant on application risk profile and complexity); - Critical Support response within 1 hour; - Management & maintenance of hosting & application; - Down alerts/Uptime & application monitoring via Pingdom and New Relic; - Backup and restoration management; - Patch management and security updates as released
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will train your team to use the new Wagtail CMS well before launch date. ; We provide:; - In-person/remote training sessions; - Step-by-step CMS guides
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Wagtail has a fully open architecture and provides a range of different migration options into other CMS.; ; All data is owned and controlled by the client throughout the contract.
• End-of-contract process: When the contract ends, a site management contract will be put in place to cover maintenance, enhancements and security patching.; ; A full exit strategy will be created for handover to the client or another supplier.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Wagtail provides a fully responsive front end and so mobile and desktop experience is the same,
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Wagtail offers a powerful admin and editing interface via any supported browser.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The accessibility team has worked to identify accessibility barriers with Wagtail and worked to resolve them. They've added additional support for Rich Internet Applications by adding some WAI-ARIA support. There have been many improvements to both the visitor and administrator sides of Wagtail, especially:; ; Search engine form and presentation; Drag and Drop functionality; Color contrast and intensity; Adding skip navigation to core themes; Image handling; Form labeling; Removing duplicate or null tags
• API: Yes
• What users can and can't do using the API: Wagtail has off the shelf configurable APIs. Full details can be found at https://docs.wagtail.org/en/stable/advanced_topics/api/index.html
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Wagtail can be fully customised to meet the needs of your organisation:; -Themes can determine the look and feel for the end-user.; -The admin interface can be customised and simplified based on each individual user's requirements and the tasks they need to achieve.; -All public content can be modified.; -Structure of the site can be expanded or modified through a drag and drop interface

Scaling

• Independence of resources: The service is hosted on a fully managed public or private cloud-based virtual machine depending on the agreed tier. You have your own instance of the application and supporting infrastructure. You do not share resources with any other users.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics are supported through the use of Google Analytics.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Wagtail provides a wide range of data extraction outputs via the migrate module (to another CMS, Excel, XML or MySQL database)
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Depending on the level of uptime guarantee required, we can support up to 99.99% uptime. Refunds for loss of service will be issued as service credits.
• Approach to resilience: Highly available, dedicated, triple-redundant architecture replicates every application component across multiple instances. Each instance hosts the entire application stack, delivering superior fault tolerance to traditional N-Tier installations.
• Outage reporting: Status updates via email, SMS and website.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access can be limited to a specific IP address; 2FA can be implemented; Log in can be integrated and restricted via SAML/ Azure AD
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY CertifyPoint
• ISO/IEC 27001 accreditation date: March 22, 2022
• What the ISO/IEC 27001 doesn’t cover: We do not hold the certification directly, however, our hosting partner's data centre (AWS/Azure/Google) is covered by a current ISO27001
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: The security of our systems and how we develop our code securely is hugely important to us, which is why we have a strong security culture and have a documented security framework which applies to all of our decision, working practices, training and behaviour. This policy and associated processes are managed at director level within the company. It also applies to our supply chain and our clients’ own internal security practices.; ; Applications are located within a datacentre operated by AWS and is therefore ISO 271001/ SOC2 Type 2 and PCI-DSS Level 1 certified.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and code changes are assessed and tested for security impact, against testing scripts on representative testing environments, and only deployed to production on documented sign-off. Dependencies are audited regularly automatically and manually.; ; All changes within infrastructure are logged and controlled so they can be monitored and audited. We restrict access to network devices using authentication, based on fine grained access controls. Permissions are set at minimum level and are managed through a central directory for terminations and audits. Runtime and service updates are rolled out periodically to ensure that new versions of every service used are included.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities with the application and its frameworks are monitored and mitigated via regular security patching. Our maintenance updates will highlight any security fixes and patches applied, and the urgency and impact of the issues that these fixes deal with. Numiko is closely tied into the Wagtail community's release process.; ; When we are notified of new updates, we assess the urgency and plan when to apply them within the schedule. Critical updates are applied immediately as soon as they are released. The criticality of other updates is assessed according to Wagtail's process (https://docs.wagtail.org/en/v2.14.2/contributing/release_process.html).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We monitor application layer for uptime and response times, as well as for patterns of suspicious traffic and activities using automated profiling. Our response is tailored to the threat model, and includes measures from traffic blocking by IP/UA through to system isolation and lockdown.; ; Our hosting provider uses an open source host-based Intrusion Detection System. ; Both internal and external security monitoring scans of the underlying instances and infrastructure are run at least quarterly, or after any significant change in the network. The internal scan process addresses all “high risk” vulnerabilities and includes rescans to verify that these issues are resolved.
• Incident management type: Supplier-defined controls
• Incident management approach: Our process establishes an incident’s key features;; 1.Nature and scope; 2.Severity; 3.Target resolution time ; 4.Mitigation ; 5.Log intentional changes from 24 hours prior; 6.Resolution & root cause analysis; 7.Implications and risks ; 8.Managing business impact; 9.Escalation / communication processes; ; Once all the above information is in place, incident management teams work to resolution, to agreed priority levels. ; ; Reporting is via Jira service desk, or nominated phone/email.; ; Upon resolution we provide an incident report; ; • Business impact ; • Root cause analysis ; • Investigation & resolution steps taken ; • Communication review ; • Process review ; • Improvement areas ; • Summary of actions/next steps

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Numiko is actively engaged in efforts to combat climate change by implementing environmentally conscious practices across our operations. Our primary environmental impacts stem from our electricity use, necessary for powering web development hardware, and the disposal of outdated or redundant hardware. To address these, we have committed to a renewable energy tariff, ensuring that all electricity used is sourced from renewable resources. Additionally, we adhere to a strict recycling program that prioritises the recycling of old hardware, significantly reducing the volume of waste sent to incineration or landfill.; Beyond these measures, Numiko is dedicated to promoting sustainability in everyday workplace activities. All paper products are either recycled or reused, and we are diligent about switching off machines and lights when not in use to conserve energy. We also cultivate an eco-conscious culture among our staff, providing education on sustainable practices to encourage environmentally responsible behavior both in and out of the office.; Understanding the environmental impact of commuting, Numiko supports flexible work arrangements, allowing staff to work from home to lessen their carbon footprint. For necessary travel, employees are encouraged to use public transport or participate in our Bike to Work scheme. This initiative facilitates staff in purchasing bicycles in a cost-effective manner through salary deductions, promoting healthier, eco-friendly commuting options. These comprehensive actions reflect Numiko’s commitment to playing a proactive role in environmental stewardship and supporting global efforts towards climate change mitigation.

  Covid-19 recovery

  Numiko is committed to supporting COVID-19 recovery efforts by leveraging our digital expertise to assist organisations in adapting to new realities and enhancing their digital presence. Recognising the critical need for robust digital solutions in the wake of the pandemic, we focus on creating user-centric platforms that facilitate remote interactions, ensuring businesses and educational institutions can continue operating efficiently and safely.; ; Our approach includes developing intuitive and accessible websites and applications that enable seamless remote services, from e-commerce systems to virtual learning environments. We also help organisations improve their online communication channels to maintain engagement with their clients and stakeholders during and beyond the recovery phase.; ; Additionally, Numiko provides strategic consulting to organisations looking to digitise their operations or enhance existing digital infrastructure to better serve their audiences in a socially-distanced world. By implementing advanced analytics and data-driven insights, we assist clients in understanding user behaviour changes due to the pandemic, enabling them to make informed decisions that support recovery and growth.; ; Through these efforts, Numiko aims to play a pivotal role in helping communities and businesses recover from the pandemic, ensuring they emerge stronger and more resilient.

  Tackling economic inequality

  Numiko actively tackles economic inequality by engaging in community-oriented initiatives that support local charities and foster the growth of the digital sector within our region. We understand that economic empowerment is vital and extend our resources—both financial and expertise—to stimulate local economic development and reduce disparities.; ; Our involvement with local charities is multifaceted: we not only donate financially but also commit our staff and management time to these causes. Moreover, we are dedicated to nurturing the future of the digital industry locally. Numiko team members frequently guest lecture at regional schools and universities, sharing knowledge and inspiring the next generation of digital professionals. We also hold events open to the public and invite the community into our offices, making the digital sector more accessible and promoting inclusivity.; Through digital platforms like Twitter and Facebook, we support and amplify the reach of charity events and community projects, leveraging our digital marketing skills to raise awareness and increase engagement. We encourage our employees to actively participate in personal fundraising efforts for charities, supporting them in securing sponsorship from colleagues and the wider network.; ; By integrating our business operations with community support and digital education, Numiko plays a crucial role in addressing economic inequality, ensuring our contributions help pave the way for a more equitable future.

  Equal opportunity

  Numiko is dedicated to fostering an inclusive environment that champions equal opportunities across all areas of its operations, ensuring compliance with diversity principles and preventing any form of discrimination or unfair treatment. Our comprehensive approach includes rigorous policies and practices covering recruitment, procurement, supply chain management, and internal promotions.; ; Our commitment to equality is especially evident in our hiring practices. Numiko's equality and diversity policy is integral to our operations, ensuring that all recruitment decisions are made impartially and free from bias—both conscious and unconscious. To support this, we provide focused training for our staff to recognize and eliminate potential discriminatory practices during the hiring process.; ; Promotion within Numiko is rigorously merit-based. Management is trained to objectively assess each employee's performance and potential, ensuring that all promotion decisions are fair and based on clearly defined, transparent criteria. This practice guarantees that all employees, regardless of their background, have equal access to growth opportunities.; ; Through these efforts, Numiko aims to cultivate a supportive and equitable corporate culture that values and respects the contributions of every individual. This commitment to diversity and equality is not only a moral imperative but also enhances our operational effectiveness and fosters a richer, more creative workplace.

  Wellbeing

  Numiko is deeply committed to fostering the health and well-being of its staff by promoting a supportive work environment and encouraging healthy lifestyle choices. Recognising the importance of work/life balance, we implement flexible and hybrid working arrangements that allow our team members to tailor their work schedules to fit their personal lives. This flexibility supports not only daily productivity but also overall satisfaction and mental health.; In addition to work flexibility, Numiko encourages physical wellness through various initiatives. We organise an annual walking weekend in Cumbria, which is not only a team-building experience but also an opportunity to reconnect with nature and step away from the digital world. For daily commutes, we advocate for walking and cycling, supported by a Bike to Work scheme that makes cycling an easier and more affordable option for our employees. Within the workplace, we offer healthy food options, such as fresh fruit, ensuring that our staff have access to nutritious snacks.; Our commitment to well-being extends into our professional output; user experience design is central to our projects. We ensure that our digital solutions are accessible to all, promoting inclusivity. By co-designing with communities and conducting rigorous testing, we ensure that our services enhance online communities and meet the diverse needs of users, reflecting our holistic approach to well-being in both our internal and external practices.

Pricing

• Price: £922.50 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hi@numiko.com. Tell them what format you need. It will help if you say what assistive technology you use.