Webcurl Ltd

Self Service and CRM Portal Solutions

The configurable web portal exposes Microsoft Dynamics 365 or Open Source CRM data via its intuitive portal technology (Drupal CMS). We have vertical template solutions ranging from Customer Service, Partner portals and Case Management frameworks. This easy to use solution can enable digital collaboration with customers, partners and many more…


  • Create a fully flexible Portal with point and click configuration
  • Full control on CRM data with drag and drop configuration
  • Open-Source CMS Platform with a large selection of additional modules
  • Strong experience in delivering Portal integration to additional external systems
  • Two-way data exchange enabling a complete picture of your customer
  • Provide powerful online self-service mechanism for customers
  • Flexible presentation styles with rich and personalised user experiences
  • Clear and Easy UX for strong Customer Experience
  • Examples: Case Handling, Enquiry Management, Information Exchange (Case Studies Available)


  • Built on flexible open source Drupal CMS platform
  • Developed specifically to deliver better services to the public
  • Web applications modelled for your unique business processes
  • Drive channel shift and provide 24/7 service to your customers
  • Give secure portal access to any CRM data
  • GDPR compliant and ISO 27001 accredited provider
  • ISO 9001 certified provider


£6,000 to £20,000 an instance a year

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 12

Service ID

2 4 6 1 3 5 2 8 5 3 6 2 6 4 3


Webcurl Ltd Colin Sherry
Telephone: 01865 741762
Email: colin.sherry@webcurl.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Drupal, sugarCRM CE, Microsoft Dynamics 365
Cloud deployment model
Hybrid cloud
Service constraints
Cloud based Software as a Service but may be available on-premise for larger enterprise customers.
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
2 hours - Monday - Friday, 24/7 online portal, Out of hours support available for critical issues.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
Our support packages are based on time used and is billed in 15 minute increments. The cost of a support contract is determined by the amount of time purchased in advance and is detailed below.

Time Block Cost per block

10 Hours - £ 1,100
20 Hours - £ 2000
30 Hours - £ 2,800
50 Hours - £ 4,500
100 Hours - £ 8,400
200 Hours - £ 15,000

Webcurl provides an initial response within 2 hours for critical tickets with a proposed action and resolution timescale being posted within 4 working hours. Other tickets will be acknowledged within a maximum of 4 hours with a proposed action and resolution timescale being posted the same day.

Webcurl provide help-desk support via telephone, e-mail and the online portal during the hours of 9.00am to 5.00pm UK time (excluding weekends and days which are public holidays in England).
Support available to third parties

Onboarding and offboarding

Getting started
Training and documentation are provided for the solution.

Development work and training is provided on an ad-hoc basis and is for a set amount of days.

Additional help is provided via our support agreement and is detailed further in the support agreement document.
Service documentation
Documentation formats
End-of-contract data extraction
All data will be returned to the customer via a backup of the MYSQL database and the supporting software, excluding the portal connecter software, which is located in our GIT repository, This extraction can also be performed on an on going basis by the end user at any point of the contract lifecycle.

As we use open source technology, the system can be restored freely on a new platform by another vendor or the end user. The connection to CRM data will no longer function if the SaaS is terminated.
End-of-contract process
When a project contract ends, we normally enter into a support contract with our clients, which includes security, hosting, maintenance and ticket management.

In the case a client wishes to seek services elsewhere, a handover meeting is booked in with the new agency and we collaborate with them to ensure smooth transitioning.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Mainly layout and re-organisation of data on screens.
Service interface
Customisation available
Description of customisation
Drupal is an open source Content Management Framework, unlike a typical Content Management System (CMS) it is geared more towards customisation and configurability.

Business users can easily author and edit content with no technical experience required.

Out of the box Drupal (7 and 8) provides key features to meet most common requirements such as users, roles, permissions, content management, workflow, clean URLs, a multi-level menu system, user registration & authentication and search etc.

These ‘out of the box’ benefits mean we can focus your budget, not on creating core functionality, but on customising and creating a great user experience and creative design for your audiences.


Independence of resources
Due to our services being in the cloud we can add additional resources to a tenant as and when required.

Other tenants on the same platform are restricted to a set amount of resources.


Service usage metrics
Metrics types
Visitors and access to the site, last logged in etc.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Client data & information is securely held on the communication platform we use.

A full backup of docs, xls, csv, pdf, png, xml, json, the MYSQL database and any other appropriate files will be provided on demand.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Mysql Backups
  • Json
  • XML
  • XLS
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Mysql backup
  • Json
  • Xml
  • XLS

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Webcurl agrees to provide Licensee with access to the currently published SaaS version of the Licensed Software via the Internet. During any calendar month, the Licensed Software shall be available to Licensee 99.9% of the time via the Internet except for:
(i) the time during which the Licensed Software is unavailable so that Webcurl or the hosting provider can perform maintenance for security and system integrity purposes and provide Upgrades, also known as "Planned Maintenance Downtime";
(ii) downtime caused by circumstances beyond Webcurl’s control, including without limitation, acts of God, acts of government, flood, fire, earthquakes, acts of terror, war, third party strikes and other labor problems, or other events of force majeure;

iii) general Internet outages, failure of Licensee's infrastructure or connectivity, computer and telecommunications failures and delays not within Webcurl’s control; and

(iv) network intrusions or denial-of-service attacks.

In the event that Webcurl fails to maintain the foregoing availability of the Licensed Software during any calendar month of the subscription, Licensee's sole and exclusive remedy shall be to request a service credit in the following percentages of
the prorated monthly fees
99.9%, but greater than 99.5% 10%;
99.5%, but greater than 99.0%25%;
99.0%, a service credit of 50%.
Approach to resilience
Available on Request
Outage reporting
Via a pro-active monitoring tool available for access by our clients.

This provides downtime, current issues and previous outages.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Management interfaces and support channels require user authentication via google or by username and password.

Access is usually restricted via a 2 factor authentication process to our software solutions.

We further control levels of access within the application with the use of user roles.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Our whole service provision is covered by ISO/IEC 27001 certification.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
All policies are documented and explained to staff during the on-boarding process.

A clearly defined escalation path is documented to handle non compliance

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All our change management is handled by the software repository GIT. This provides us with documented evidence of when changes were processed and who completed the change.

All changes are run through standard security tests before being deployed in a live environment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Threats to our system are assessed by our security team.

As we are extending third party software we are reliant to some degree of them notifying us of issues. The Open Source community is very good at releasing security updates, usual weekly, and these are applied automatically to our solutions.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We actively monitor and are notified of any security issues from all the technology vendors we have in our stack.
Incident management type
Supplier-defined controls
Incident management approach
All security incident resolution is fully documented and actioned immediately.

Users can report incidents via the help desk portal and these will be reviewed and categorised accordingly.

Reports are available via our portal on all incidents past and present.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£6,000 to £20,000 an instance a year
Discount for educational organisations
Free trial available
Description of free trial
No limitations, access to the full software will be given for 90 days

Service documents