Sitecore Experience Cloud
Sitecore Experience Cloud is a complete digital marketing suite with everything you need to create the most powerful, relevant and individualised customer experiences. The Sitecore® Experience Platform™ (XP) combines the content management power of our market-leading CMS with contextual insights from the Sitecore® Experience Database™ (xDB).
Features
- Built on the market-leading web CMS Sitecore Experience Manager
- Marketing automation
- Sitecore Cortex™ machine learning for optimised business outcomes
- Sitecore® Experience Database™ collects real-time customer data
- Scalable campaign management, advanced analytics, testing, optimisation
- 24x7x365 global operations for maintenance and support
- Interchange data using Sitecore xConnect
- Testing and optimisation capabilities
- Headless option via the Sitecore® Experience Accelerator (SxA)
- Sitecore Experience Commerce (XC) personalised shopping experiences
Benefits
- Deliver omnichannel experiences across print, web, mobile, social, email
- Easy, quick personalisation without months of training or implementation
- Machine learning optimises experience and outcomes
- Incorporates native tools digital marketers need for omnichannel delivery
- Generates real-time actionable insights from customer behaviour
- Scaled service to suit your traffic and content needs
- Deliver spot-on, in-context marketing throughout the customer life cycle
- Integrates with hundreds of third-party marketing solutions
- Connect data between Sitecore and CRMs, POS, ERPs, PIMs, etc
- Omnichannel marketing at scale.
Pricing
£5,000 a licence a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
2 5 0 4 5 2 0 0 7 5 7 7 0 2 0
Contact
CDS
Jonathan Astin
Telephone: 07904 570073
Email: jonathan.astin@cds.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- Usage is subject to an End User Licence Agreement
- System requirements
-
- Content editing requires IE11+, latest Firefox or Google Chrome
- Minimum infrastructure specification applies for Private Cloud option
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- With standard support, 1 business day for high priority, 3 days for low priority. Premium support offers 1 hour (high priority) and 2 business days (low priority).
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Sitecore offers standard (office hours) and premium (24x7) support levels for platform and application. Sitecore support staff include cloud support engineers.
CDS provides 3rd line code support for your specific codebase, subject to agreeing a separate CDS support and maintenance agreement - charged at standard rates based on an agreed time provision. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
CDS undertakes discovery, design and development processes appropriate to your requirements, through to full system testing.
CDS provides tutor-led, on-site training for editors and administrators, and template user guides. Sitecore provides certified training courses and online user documentation for the application. - Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
-
Customers can request termination of a Sitecore Managed Cloud subscription, via a form. https://kb.sitecore.net/articles/257413
Sitecore managed cloud gives direct access to databases, enabling
extract of data when needed.
CDS can provide additional Exit Planning and Management services upon request. - End-of-contract process
- Sitecore managed cloud gives direct access to databases, therefore you can backup and extract data when needed via the API. CDS can provide Exit Planning and Management services to assist in the transition at additional cost, on a capped time and materials basis.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Core content and experience management features are available on mobile. See https://kb.sitecore.net/articles/087164 for details.
- Service interface
- No
- API
- Yes
- What users can and can't do using the API
- Sitecores API's can be found here -https://doc.sitecore.com/developers/90/sitecore-experience-management/en/sitecore-services-client.html
- API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
-
Sitecore can becustomised to fit your communications and technology environment. Through our partner services, CDS will help you understand your needs, design and configure your system and integrate with other systems to automate business processes.
The Sitecore Experience Accelerator (SXA) allows content teams to design, assemble and deploy web content across channels with fewer development resources.
Scaling
- Independence of resources
- Sitecore uses Azure Multi tenant, meaning customers get their own Azure Subscription that is separate from others
Analytics
- Service usage metrics
- Yes
- Metrics types
- CMS activity, e.g. pages published
- Reporting types
-
- API access
- Real-time dashboards
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Sitecore
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- EU-US Privacy Shield agreement locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Other
- Other data at rest protection approach
- Complies with Azure standard trust policies https://www.microsoft.com/en-us/trustcenter/compliance/csa-self-assessment
- Data sanitisation process
- No
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- API's, by default it’s a JSON response
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
- Further details are available here https://doc.sitecore.com/developers/91/platform-administration-and-architecture/en/securing-xp.html
Availability and resilience
- Guaranteed availability
- Up to to 99.9% subject to host configuration.
- Approach to resilience
- CDS helps customers configure and provision their solution to meet the appropriate resilience levels they require. For example this may mean additional instances for high availability or a DR solution. HA and DR plans can be identified through discovery and added to the commissioning and deployment scope. Native host functionality such as auto scaling and deployment slots provide resilience to the solution where available.
- Outage reporting
- Via Azure AppInsights
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
- Other
- Other user authentication
-
The default security authentication and authorization system is based on the Microsoft ASP.NET membership.
ASP.NET membership can implement different providers in order to store and access credentials and user profiles in different systems. By default, Sitecore uses a SQL based ASP.NET membership provider and the users are stored in the Core database. - Access restrictions in management interfaces and support channels
-
Access security is controlled on three levels:
user - an individual user
role - a collection of users. Roles enable you to assign access rights to a group of users instead of to an individual user
domain - a collection of security accounts
With these three levels of security you can control all user access to Sitecore functionality and website content. - Access restriction testing frequency
- At least once a year
- Management access authentication
- 2-factor authentication
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Coalfire ISO
- ISO/IEC 27001 accreditation date
- 22/01/2019
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 30/01/2019
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- N/A
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- On request
- PCI DSS accreditation date
- On request
- What the PCI DSS doesn’t cover
- N/A
- Other security certifications
- Yes
- Any other security certifications
-
- SOC2
- ISO27017:2015
- ISO 27018:2014
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- CSA CCM version 3.0
- ISO/IEC 27001
- Other
- Other security governance standards
- SOC2
- Information security policies and processes
-
CDS maintains a set of security policies aligned with our ISO27001 certification, we are also Cyber Essentials Plus certified. All staff are BPSS cleared at minimum and are briefed on the security policy at induction and ongoing compliance supported by an internal learning management system.
Sitecore maintains its own ISMS for which is aligned to ISO27001. Further details are provided at https://www.sitecore.com/en-gb/trust and https://azure.microsoft.com/en-gb/overview/trusted-cloud/
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
CDS provides an overarching ISO20000 compliant change management process for Sitecore implementations, subject to a support agreement.
The customer is responsible for scheduling and performing upgrades of the Sitecore XP platform hosted in Sitecore Managed Cloud. We recommend building these in to your CDS support and maintenance profile.
Sitecore supplies patches or hotfixes for Sitecore product bugs reported by a customer according to the scope of services. We recommend including these in your CDS service profile. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Aspects such as Antivirus, OS patching, and OS configuration are handled by Azure as a part of the services offered (Azure App Service for application hosting, AzureSQL for SQL Server databases).
Azure maintains low-level aspects of its services by ensuring proper performance, protection, and availability on an OS level. For any issues to do with this, Sitecore engages with Microsoft Azure to get a resolution. Microsoft regularly penetration tests the underlying infrastructure.
Any other resources that fall out of the Sitecore service and support scope would be managed by CDS as part of a service agreement - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Sitecore Managed Cloud provides full monitoring of the backing system required to execute Service Catalog items.
Levels of monitoring include:
Availability
Performance - e.g. levels for Disk Size, Disk IO, RAM consumed, CPU
Logic - e.g. Smart Publishing execution success
Additional Sitecore Managed Cloud monitoring metrics are available.
In case of any alert related to monitored resources, Sitecore Support team contacts the customer (or CDS if acting on your behalf) according to the common Sitecore Cloud monitoring manifiest. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Sitecore offers Standard and Premium support options, address P1, P2, P3 and P4 incidents. For a high-level overview of Support Programs and scope of services provided by Sitecore Support is provided , please refer to the following article:
https://kb.sitecore.net/articles/463549
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £5,000 a licence a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Trial instance available through Azure marketplace. Requires configuration.