G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Consult SMB Limited are still valid.
Consult SMB Limited

Umbraco Development, Website Design and Hosting

CSMB's website design services include the planning, design, build, configuration and management of websites and online applications delivered in the cloud on a Content Management System you control. CSMB work to understand your business drivers, target audiences and objectives thus helping our clients deliver the best possible first impression.

Features

  • Website & Brand Design
  • Website Development
  • Website Hosting & Support
  • Fully Responsive Website Working Across Desktop, Tablets and Mobiles
  • Testing Across all Browsers & Devices
  • Fast & Agile Project Delivery
  • Online Enquiry & Other Forms, Questionnaires, Surveys & E-Commerce
  • Flexible User Security & Publishing Rights Giving You Full Control
  • Umbraco Content Management System
  • Tier 1 UK Based Data Center for Hosting and Support

Benefits

  • Experiences Delivery Team
  • Custom Design Helping You Stand Out
  • Easily Update & Manage Your Website 24/7
  • Projects Are Delivered On Time & On Budget
  • Range Of Support Options Available

Pricing

£350 to £750 a person a day

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephen.bear@consultsmb.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

3 2 7 8 9 4 9 7 3 3 9 9 2 0 6

Contact

Consult SMB Limited Stephen Bear
Telephone: 02034112321
Email: stephen.bear@consultsmb.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
Windows Enviroment

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 1 Hour, Mon - Fri 9 am - 5.30 pm
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Users can't send and receive files or video.
Web chat accessibility testing
We use a market leading web chat tool so rely on their in house testing
Onsite support
Onsite support
Support levels
Severity Level 1
CSMB Acknowledgement (not to exceed) One (1) hour
Resolution Plan Available (not to exceed) Four (4) hours
Resolution Target (not to exceed) Two (2) business days*

Severity Level 2
CSMB Acknowledgement (not to exceed) Two (2) hour
Resolution Plan Available (not to exceed) Eight (8) hours
Resolution Target (not to exceed) Four (4) business days

Severity Level 3
CSMB Acknowledgement (not to exceed) Three (3) hour
Resolution Plan Available (not to exceed) Two (2) business days
Resolution Target (not to exceed) Five (5) business days

Severity Level 4
CSMB Acknowledgement (not to exceed) Eight (8) hour
Resolution Plan Available (not to exceed) Four (4) business days
Resolution Target (not to exceed) as agreed by CSMB and CLIENT
*Where is it possible to resolve the issue.
Note 1: Work hours are 9.00 –17.30 Local UK Time, Monday to Friday, excluding English Public Holidays
Note 2: Apart from severity 1 calls, that will always be responded to via phone, the default response communication route will be the same as the incoming communication, unless the initial escalation request states a specific response requirement e.g. instant Message, telephones, e-mail or specific Client site contact point, etc.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Full UAT support leading into Onsite and Offsite training as well as ongoing Online training. Crib sheet documentation is also provided.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Standard Extract tools are available for users to extract and download their data. Data can also be supplied upon request.
End-of-contract process
The users terminates their contract and is free to move away without any penalty charges. If specific professional services are requested they can be purchased at the rate card prices.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
Description of service interface
Full CMS Access
Accessibility standards
WCAG 2.1 AAA
Accessibility testing
Standard UAT testing
API
No
Customisation available
No

Scaling

Independence of resources
Load balanced server environment with bandwidth which up scales on demand.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
There is an interface in the content management system.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We utilise an ISO accredited cloud platform, which has been built using the latest technologies to ensure high availability and resilience across multiple UK data centres. Uptime is quoted at 99.99%. The Datacenter is ISO 27001 , ISO 14000, ISO 9001 accredited.
Approach to resilience
All servers are hosted within a replicated load balanced environment. The environments are virtual allowing for rapid deployment either initially or in the event of a failure. The environment is replicated in real time to a second back up site location to allow for fail over in the event of a failure.
Outage reporting
Email Alerts and Updates as well as a updating postings on the support portal.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Usernames and Passwords have roles assigned to them. These roles control the elements of the service that are made available to that user. The Support portal is also access by username and password which in turn provides the permissioned user with information, the knowledge base and gives the ability to raise a support ticket.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Whilst we don't hold a BSI accreditation, our operations and solutions are delivered in line with BSI 9001, BSI 1400 and internal audits are carried out to ensure continued adherence to these standards.
Information security policies and processes
We have an in house Information Security Policy that will be provided to prospective clients upon request. The policy covers all aspects of our business, and is reviewed quarterly in our management meetings. The policy includes: Introduction, Objectives, Aim and Scope, Objectives, Responsibilities for Information Security, Legislation, Policy Framework, Management of Security, Information Security Awareness Training, Security Control of Assets, Access Controls, User Access Controls, Computer Access Control, Application Access Control, Equipment Security, Computer and Network Procedures, Information Risk Assessment, Information security events and weaknesses, Classification of Sensitive Information, Protection from Malicious Software, User media, Monitoring System Access and Use, Accreditation of Information Systems, System Change Control, Intellectual Property Rights, Business Continuity and Disaster Recovery Plans, Reporting, Policy Audit.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes are managed through an internal CRM / Support Desk system. Changes are evaluated, designed, built and tested. When available for deployment, scheduled maintenance windows are created and updates are deployed, all of which are audit tracked and documented in the CRM / Support Desk system.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Penetration testing by the data center and regular firewall updates are the primary method to protect against vulnerability. Monitoring of logs gives insight into the source of potential threats, if any are identified then any recommended updates or patches are deployed as a matter of urgency. Regular internet research is also used to locate domestic and global threats.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Spikes in traffic, increases on port blocks enable us to identify potential compromises. Any identification is dealt with immediately with senior management being involved in any responses to an incident.
Incident management type
Supplier-defined controls
Incident management approach
We have an incident and corrective action policy which outlines the internal process for dealing with an indecent. The policy includes the escalation process, the communication process all based on a severity level. Incidents are reported via the Support portal and they are issued a severity level. Depending upon the severity level the correct escalation and response targets are assigned and then tracked against the initial support ticket that was raised. Regular updates are provided to clients for all incidents that are reported

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£350 to £750 a person a day
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephen.bear@consultsmb.com. Tell them what format you need. It will help if you say what assistive technology you use.