VerseOne Group Ltd

VerseOne CMS digital transformation solution for self-service customer portals

This is a custom, digital transformation solution for the VerseOne CMS, a powerful, design-led content management platform. VerseOne CMS is the foundation for accessible and responsive websites, intranets and self-service portals. VerseOne is a market-leading online digital transformation solution for housing associations and NHS organisations.

Features

  • Offer traditional services online 24*7 to deliver efficiencies and ROI
  • Designed to complement your website brand with personalised secure content
  • Integrated with your internal system promoting self-service on any device
  • Automated identity validation for low cost and fast take-up
  • Modular design enables phased approach to online service delivery
  • Make it simple for customer to consume your digital services
  • Fully featured content management powers your website and self-service portal
  • Integration with back office systems via APIs or CSV data
  • Reporting Repairs (including self-appointing) to deliver real savings and efficiencies
  • Allow customer to update their details and initiate business processes

Benefits

  • Improve customer satisfaction and deliver stakeholders the services they want
  • Reduce your effort for service delivery by offering self-service options
  • Deliver a measurable return on investment saving per digital customer
  • Integrates with any back-office system today and in the future
  • Offer customers a fantastic experience that they want to use
  • Reduce your effort, offer self-service, utilise your staff more efficiently
  • Provide an intuitive user experience for your customers and staff
  • As digital offering change, configure the solution to meet demand
  • Allow customer to book their own repairs appointments 24*7
  • Enjoy predictable cost of ownership and a true business partnership

Pricing

£1200 to £4000 per instance per month

Service documents

G-Cloud 11

126380416520883

VerseOne Group Ltd

Susan Allder

01483263088

info@verseone.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Planned maintenance and in-version upgrades are included with all service levels.

Active Directory Single Sign-on through ADFS can be hosted in the dedicated private cloud environment.
System requirements
  • VerseOne CMS Editors need one of the following browsers:
  • Internet Explorer 9+
  • Microsoft Edge (any)
  • Chrome (5+)
  • Firefox (2+)
  • Safari (4+)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times All customers are supported in line with a Service Level Agreement. The support service includes a full fault diagnosis and error correction service for all of the applications delivered for the duration of the agreement. Support is available Monday to Friday 09:00–17:30 (excluding UK Bank Holidays):

P1: Target response 30 mins—Time to resolve 4 hours
P2: Target response 30 mins—Time to resolve 1 day
P3: Target response 30 mins—Time to resolve 5 days
P4: Target response 30 mins—Time to resolve 10 days.

See Service Definition document for more.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible VerseOne prides itself on an in-depth knowledge of all aspects of accessibility with regard to design, implementation, content management, and web software design.

VerseOne's experienced Web Accessibility auditor will use adaptive technology, where relevant, to test our sites and software to WCAG AA Level (at least), including for users with: no vision, low vision, colour blindness, dyslexia, deafness, mobility impairment, and learning difficulties.
Web chat accessibility testing VerseOne prides itself on an in-depth knowledge of all aspects of accessibility with regard to design, implementation, content management, and web software design.

VerseOne's experienced Web Accessibility auditor will use adaptive technology, where relevant, to test our sites and software to WCAG AA Level (at least), including for users with: no vision, low vision, colour blindness, dyslexia, deafness, mobility impairment, and learning difficulties.
Onsite support Yes, at extra cost
Support levels All customers are supported in line with a Service Level Agreement. We provide a single, consistently good level of service, which is appropriate to meet the 99.9% uptime commitment in the SLA.

The support service includes a full fault diagnosis and error correction service for all of the applications delivered for the duration of the agreement. Support is available Monday to Friday 09:00–17:30 (excluding UK Bank Holidays):

P1: Target response 30 mins—time to resolve .5day;
P2: Target response 30 mins—time to resolve 1 day;
P3: Target response 30 mins—time to resolve 5 days;
P4: Target response 30 mins—time to resolve 10 days.

As part of our G-Cloud service, we provide an uptime of 99.9% for all the websites you publish from VerseOne. Any issue that affects this is a P1, and is dealt with on a 24/7/365 basis.

Support is provided within the SAAS cost. We provide support to the same high standard for each of the licence levels.

We allocate an engineer to each issue and they stay with it until resolution.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started In addition to our great solution, VerseOne offers support and guidance throughout journey based on our ISO accredited implementation methodology. We offer a wide range of professional services including, stakeholder workshops, user journey mapping, creative and digital design services, project management and training.
VerseOne provides a wide variety of training courses, including ‘Train the Trainer’, to empower users with tools and knowledge to enhance the deployment of their complete web solution. Each course is carefully designed to address your specific content management needs as well as support software users of all skill levels and access permissions.
The training would be tailored to your website and/or intranet requirements, concentrating particularly on document management and content editing, as well as how to modify the look and feel of the site.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction At the end of the contract, VerseOne can provide an extract of the database, and all media held in the CMS. Alternatively, users can download assets (documents, images, video, audio, etc) from within the CMS.

VerseOne CMS has an advanced content search in the interface, which supports building up Boolean search phrases for searching and filtering by attributes including (but not limited to): Content type, Content and individual content fields, Headline, Author, Date created, Date modified, Filename, Categories, Status, Metadata.

All items can be exported as a CSV.
End-of-contract process There are no additional costs when the contract ends, unless the client requests services outside those detailed within the End of Contract data extraction or as detailed in the Call-off contract. VerseOne will work with our customers to ensure a smooth transition.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Desktop service “Mobile first”, responsive web design (RWD) and progressive enhancement principles have been part of VerseOne's DNA since 2010.

Websites, intranets and portals built and maintained through VerseOne CMS are always designed to be fully mobile responsive out of the box, to support mobile, tablet and desktop devices.

VerseOne CMS is a powerful, enterprise-level CMS and whilst it can be used on a mobile phone, the user interface is optimised for desktop and tablet use. VerseOne continue to improve the experience on mobile devices, and these are rolled out in the seamless, free of charge upgrades.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing VerseOne prides itself on an in-depth knowledge of all aspects of accessibility with regard to design, implementation, content management, and web software design.

VerseOne's experienced Web Accessibility auditor will use adaptive technology, where relevant, to test our sites and software to WCAG AA Level (at least), including for users with: no vision, low vision, colour blindness, dyslexia, deafness, mobility impairment, and learning difficulties.
API No
Customisation available Yes
Description of customisation The VerseOne CMS is an entirely browser-based web CMS. It enables you to build, publish and manage multiple websites of every variety.

In a few days, users with HTML and CSS skills can learn to build websites based on structured content types, and VerseOne CMS's unique Dynamic Page Layout Engine—which enables permitted users to manage the content on every area of a Page.

All aspects of the website can then be managed. This includes creation or amendment of pages, upload of content, media and documents, metadata and site structure control. In fact, anything that can be done in a manually built website can be managed more easily in VerseOne CMS.

VerseOne CMS allows trained users to add re-usable styling classes to Content Items, individual Pages, or even to whole Websites—so that users without CSS or HTML knowledge can still take advantage of the designed features.

Users can Publish and Un-publish content (and even pre-schedule Publishing events), undertake content governance and reporting, and manage metadata.

Multiple websites can be supported in a VerseOne CMS instance, with unlimited microsites and URLs.

Subject to their permissions, any authorised user can work in the CMS.

Scaling

Scaling
Independence of resources In line with VerseOne’s ISO 900: 2015 commitment to quality and customer satisfaction across all of its products and services, VerseOne partners with one of the world's largest hosting companies to provision its own private cloud. This secure solution is comprised of dedicated, load-balanced server hardware, dual firewalls, and dedicated SAN storage.

This could environment is suitably provisioned with burstable bandwidth and expandable resources so that VerseOne can ensure that traffic spikes do not affect the resilience or speed of the hosting service.

Any detected issues are dealt with as a P1 support priority.

Analytics

Analytics
Service usage metrics Yes
Metrics types VerseOne CMS captures certain metrics, such as total Content Item hits by date, and document download statistics. As standard, VerseOne CMS displays top Pages (by hits) and the most popular Forms (by number of completions) in the CMS Dashboard.

The Advanced Search within VerseOne CMS can be used to report on the most popular content items across the system, as well as gaining insight into user registrations and monthly active users (MAU) for portals.

Additionally, VerseOne CMS can be easily integrated with Google Analytics, to provide real-time analytical reporting.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach We provide a complete export of all content held in the CMS. This would be used primarily for migration to another CMS.

VerseOne CMS has an advanced CMS search in the interface. It supports building up Boolean search phrases for searching and filtering by;
· Content type
· Content language
· Author
· File size
· Expiry date
· Review date
· Date created
· Date modified
· Date first published
· Date last published
· Filename
· Tags
· Title
· Synchronised content
· Last workflow
· Status
· Metadata
All items can be exported as a CSV.
Data export formats
  • CSV
  • Other
Other data export formats
  • Microsoft Excel
  • SQL backup file
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network Private cloud internal network segment.

Availability and resilience

Availability and resilience
Guaranteed availability VerseOne's hosting partner is a highly regarded supplier and offers 100% guaranteed network uptime.

VerseOne offers 99.9% server uptime, and 99% application uptime (excepting scheduled maintenance).

Any refunds would usually be as credits against other VerseOne Group services.
Approach to resilience In line with VerseOne’s commitment to quality and customer satisfaction across all of its products and services, VerseOne partners with one of the world's largest hosting companies to provision its own private cloud.

This secure solution is comprised of dedicated, load-balanced server hardware, dual firewalls, and dedicated SAN storage.

Private clouds offer vital advantages for reliable hosting, which are passed on to all VerseOne customers:

Virtualised environments—Virtual servers are more cost-effective to configure and maintain, making value-for-money dedicated environments accessible even to limited hosting budgets.

Load balancing—Load balancing helps support speedy loading times for your website or intranet by evening out traffic spikes.

Robust fail-over—A part of the private cloud is set aside for fail-over, so that if the server where your website or intranet is located becomes unavailable, traffic is routed to a new location, maintaining high up-time for your site.

Further details are available on request.
Outage reporting VerseOne uses an internal tool for proactive site and application management. Application and site health is monitored through a dashboard and outages are displayed on a screen within the office, and key staff are simultaneously alerted through email.

For any significant outage, VerseOne will pro-actively contact customers.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Customers can authenticate through their Microsoft Active Directory (AD) Federated Services identity.

Additionally, Single Sign-on can also be achieved through LDAP and Windows Authentication (requires dedicated Virtual Machine attached to the customer network through a VPN).
Access restrictions in management interfaces and support channels Interfaces and support channels Within VerseOne CMS, users must login. Usernames and passwords are salted encrypted—using test practice algorithms.

Restrictions are based on defined user policies, based on role-based Permission Groups. Permissions are based on a "secure by design" model, in which Protected Content is hidden unless the user is given explicit access through the CMS management panel.

Any other management interfaces and support channels require user login, and are governed by their own security policies.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Username or password
  • Other
Description of management access authentication Customers can authenticate through their Microsoft Active Directory (AD) Federated Services identity.

Additionally, Single Sign-on can also be achieved through LDAP and Windows Authentication (requires dedicated Virtual Machine attached to the customer network through a VPN).

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach VerseOne has a full security and GDPR / Data Protection Policy, to which all staff must adhere as a matter of contract of employment.

VerseOne is working towards ISO 27001 Security Standard (anticipated 2019), and models its security governance on the requirements of this standard.
Information security policies and processes The Chief Technical Officer has responsibility for security policies, and reports directly to the Operational Board concerning these issues.

All staff receive a set of standard training sessions at the point they are recruited, and this includes secure work practices; in addition, they are required to read and sign VerseOne's Data Protection and Security Policies, and adherence to these policies is a condition of the contract of employment. In addition, VerseOne staff receive annual refresher training.

As a company we are registered with the Data Protection Registrar.

Where an issue requires escalation, we have a set of identified processes, including phone numbers, so that you can talk directly and express the level of urgency or business challenge. The levels are:
After 1 hour—Head of Support;
After 2 hours—Chief Technical Officer;
3 hours+— Executive Director.
One of the key advantages of working with VerseOne is that we keep the barriers to communication as low as possible—commensurate with delivering services efficiently to our whole client base.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Version control
Vulnerability management type Supplier-defined controls
Vulnerability management approach We assess potential threats through proactive monitoring of logs and security advisories from major partners/suppliers in the security sector.

Customers also regularly carry out Penetration Tests on their VerseOne CMS instances. Any issues are carefully assessed by the VerseOne Technical team, and patches are rolled out to all customer instances.

We can deploy patches in minutes, but we would assess the risk posed by the particular vulnerability and decide the most appropriate schedule. Typically patches are applied monthly.
Protective monitoring type Supplier-defined controls
Protective monitoring approach If we find a potential compromise as part of our ISO 9001 processes, our incident management process would be triggered.

From that point, the speed of response would be agreed between the engineers and the incident manager—but any incident is typically categorised as an "all hands" P1 support issue, escalated to the Chief Technical Officer and, if required, to the Executive Board.
Incident management type Supplier-defined controls
Incident management approach The majority of incidents are handled through the helpdesk. This streamlines incident management, tracking and resolution. Supportive questions help us gather essential information. Users rate the severity via impact on their business processes.

For critical incidents, on-duty incident managers assess the situation and any affected customer(s), and create a communication list for the incident.

They will:
• instigate conference calls
• document a high-level view of problems
• ensure resolution of the issue within SLA
• be involved in the debrief
• provide incident reports on resolution

All communications are available within the service desk portal.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £1200 to £4000 per instance per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑