G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with CDS are still valid.
CDS

Sitecore Experience Cloud

Sitecore Experience Cloud is a complete digital marketing suite with everything you need to create the most powerful, relevant and individualised customer experiences. The Sitecore® Experience Platform™ (XP) combines the content management power of our market-leading CMS with contextual insights from the Sitecore® Experience Database™ (xDB).

Features

  • Built on the market-leading web CMS Sitecore Experience Manager
  • Marketing automation
  • Sitecore Cortex™ machine learning for optimised business outcomes
  • Sitecore® Experience Database™ collects real-time customer data
  • Scalable campaign management, advanced analytics, testing, optimisation
  • 24x7x365 global operations for maintenance and support
  • Interchange data using Sitecore xConnect
  • Testing and optimisation capabilities
  • Headless option via the Sitecore® Experience Accelerator (SxA)
  • Sitecore Experience Commerce (XC) personalised shopping experiences

Benefits

  • Deliver omnichannel experiences across print, web, mobile, social, email
  • Easy, quick personalisation without months of training or implementation
  • Machine learning optimises experience and outcomes
  • Incorporates native tools digital marketers need for omnichannel delivery
  • Generates real-time actionable insights from customer behaviour
  • Scaled service to suit your traffic and content needs
  • Deliver spot-on, in-context marketing throughout the customer life cycle
  • Integrates with hundreds of third-party marketing solutions
  • Connect data between Sitecore and CRMs, POS, ERPs, PIMs, etc
  • Omnichannel marketing at scale.

Pricing

£5,000 a licence a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jonathan.astin@cds.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

2 5 0 4 5 2 0 0 7 5 7 7 0 2 0

Contact

CDS Jonathan Astin
Telephone: 07904 570073
Email: jonathan.astin@cds.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Usage is subject to an End User Licence Agreement
System requirements
  • Content editing requires IE11+, latest Firefox or Google Chrome
  • Minimum infrastructure specification applies for Private Cloud option

User support

Email or online ticketing support
Email or online ticketing
Support response times
With standard support, 1 business day for high priority, 3 days for low priority. Premium support offers 1 hour (high priority) and 2 business days (low priority).
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Sitecore offers standard (office hours) and premium (24x7) support levels for platform and application. Sitecore support staff include cloud support engineers.
CDS provides 3rd line code support for your specific codebase, subject to agreeing a separate CDS support and maintenance agreement - charged at standard rates based on an agreed time provision.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
CDS undertakes discovery, design and development processes appropriate to your requirements, through to full system testing.

CDS provides tutor-led, on-site training for editors and administrators, and template user guides. Sitecore provides certified training courses and online user documentation for the application.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Customers can request termination of a Sitecore Managed Cloud subscription, via a form. https://kb.sitecore.net/articles/257413

Sitecore managed cloud gives direct access to databases, enabling
extract of data when needed.

CDS can provide additional Exit Planning and Management services upon request.
End-of-contract process
Sitecore managed cloud gives direct access to databases, therefore you can backup and extract data when needed via the API. CDS can provide Exit Planning and Management services to assist in the transition at additional cost, on a capped time and materials basis.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Core content and experience management features are available on mobile. See https://kb.sitecore.net/articles/087164 for details.
Service interface
No
API
Yes
What users can and can't do using the API
Sitecores API's can be found here -https://doc.sitecore.com/developers/90/sitecore-experience-management/en/sitecore-services-client.html
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Sitecore can becustomised to fit your communications and technology environment. Through our partner services, CDS will help you understand your needs, design and configure your system and integrate with other systems to automate business processes.

The Sitecore Experience Accelerator (SXA) allows content teams to design, assemble and deploy web content across channels with fewer development resources.

Scaling

Independence of resources
Sitecore uses Azure Multi tenant, meaning customers get their own Azure Subscription that is separate from others

Analytics

Service usage metrics
Yes
Metrics types
CMS activity, e.g. pages published
Reporting types
  • API access
  • Real-time dashboards

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Sitecore

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Other
Other data at rest protection approach
Complies with Azure standard trust policies https://www.microsoft.com/en-us/trustcenter/compliance/csa-self-assessment
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
API's, by default it’s a JSON response
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Further details are available here https://doc.sitecore.com/developers/91/platform-administration-and-architecture/en/securing-xp.html

Availability and resilience

Guaranteed availability
Up to to 99.9% subject to host configuration.
Approach to resilience
CDS helps customers configure and provision their solution to meet the appropriate resilience levels they require. For example this may mean additional instances for high availability or a DR solution. HA and DR plans can be identified through discovery and added to the commissioning and deployment scope. Native host functionality such as auto scaling and deployment slots provide resilience to the solution where available.
Outage reporting
Via Azure AppInsights

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication
The default security authentication and authorization system is based on the Microsoft ASP.NET membership.

ASP.NET membership can implement different providers in order to store and access credentials and user profiles in different systems. By default, Sitecore uses a SQL based ASP.NET membership provider and the users are stored in the Core database.
Access restrictions in management interfaces and support channels
Access security is controlled on three levels:
user - an individual user
role - a collection of users. Roles enable you to assign access rights to a group of users instead of to an individual user
domain - a collection of security accounts

With these three levels of security you can control all user access to Sitecore functionality and website content.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Coalfire ISO
ISO/IEC 27001 accreditation date
22/01/2019
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
30/01/2019
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
N/A
PCI certification
Yes
Who accredited the PCI DSS certification
On request
PCI DSS accreditation date
On request
What the PCI DSS doesn’t cover
N/A
Other security certifications
Yes
Any other security certifications
  • SOC2
  • ISO27017:2015
  • ISO 27018:2014

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards
SOC2
Information security policies and processes
CDS maintains a set of security policies aligned with our ISO27001 certification, we are also Cyber Essentials Plus certified. All staff are BPSS cleared at minimum and are briefed on the security policy at induction and ongoing compliance supported by an internal learning management system.

Sitecore maintains its own ISMS for which is aligned to ISO27001. Further details are provided at https://www.sitecore.com/en-gb/trust and https://azure.microsoft.com/en-gb/overview/trusted-cloud/

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
CDS provides an overarching ISO20000 compliant change management process for Sitecore implementations, subject to a support agreement.

The customer is responsible for scheduling and performing upgrades of the Sitecore XP platform hosted in Sitecore Managed Cloud. We recommend building these in to your CDS support and maintenance profile.

Sitecore supplies patches or hotfixes for Sitecore product bugs reported by a customer according to the scope of services. We recommend including these in your CDS service profile.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Aspects such as Antivirus, OS patching, and OS configuration are handled by Azure as a part of the services offered (Azure App Service for application hosting, AzureSQL for SQL Server databases).

Azure maintains low-level aspects of its services by ensuring proper performance, protection, and availability on an OS level. For any issues to do with this, Sitecore engages with Microsoft Azure to get a resolution. Microsoft regularly penetration tests the underlying infrastructure.

Any other resources that fall out of the Sitecore service and support scope would be managed by CDS as part of a service agreement
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Sitecore Managed Cloud provides full monitoring of the backing system required to execute Service Catalog items.

Levels of monitoring include:

Availability
Performance - e.g. levels for Disk Size, Disk IO, RAM consumed, CPU
Logic - e.g. Smart Publishing execution success
Additional Sitecore Managed Cloud monitoring metrics are available.

In case of any alert related to monitored resources, Sitecore Support team contacts the customer (or CDS if acting on your behalf) according to the common Sitecore Cloud monitoring manifiest.
Incident management type
Supplier-defined controls
Incident management approach
Sitecore offers Standard and Premium support options, address P1, P2, P3 and P4 incidents. For a high-level overview of Support Programs and scope of services provided by Sitecore Support is provided , please refer to the following article:
https://kb.sitecore.net/articles/463549

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£5,000 a licence a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Trial instance available through Azure marketplace. Requires configuration.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jonathan.astin@cds.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.