Council CMS is a cloud based in-browser content management system that can be integrated with a Council’s existing third-party applications and interfaces seamlessly.
The flexible system is built on a robust and user-friendly framework and includes customisable applications for: forms, news, menus, page hierarchy, FAQ, events management, and job opportunities.
- CMS – WSIWYG Editor. Responsive, WCAG compliant templates.
- Form Builder – Single/Multi-page, responsive, workflow and integration capability.
- User Management – Fully customisable granular privileges for users/roles.
- Plugins – Social Media, News & Blog, Events, Job Applications
- Plugins - Dynamic Charts, Announcements, FAQ, Snippets
- User Accounts – OAuth (Local/Social Authentication), Account Page, User Favourites
- Maps – Integrate Google Maps easily for displaying directions/locations/areas
- Analytics and SEO Tools
- Multiple Environments for testing and development
- 99.5% uptime, automatic monitoring and scaling, daily backups
- Users can easily access content/forms from their mobiles/desktops
- Approval workflow/versioning controls publishing to provide quality assurance
- Multi-faceted access to content: Powerful search system/Browse Categories/A-Z/Hierarchical structure
- Extend platform functionality with additional plugins/modules
- Integration/APIs: integrate existing 3rd party applications and services
- The system has been built to ensure GDPR Compliance
- Manage responsive websites, microsites/subsites, and support for configurable URLs
- Excellent service: proven/experienced hosting and service management support team.
- Quickly identify potential website/content improvements via metrics/analytics
- Meets modern W3 Web Standard compliance
£600 to £3050 per instance per month
Michael Carder Ltd
0778 607 8891
|Software add-on or extension||No|
|Cloud deployment model||Hybrid cloud|
|Service constraints||Planned maintenance will be agreed and scheduled as required. Flexible on-going support contracts can be setup.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Expected responses are 12 hours on working days, typically with resolution. 24/48 hour response on weekends for minor issues, 24 hour response for serious incidents and escalations.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Support levels are agreed on a per client and requirement basis.
Typically the minimal support contract is 1 day per month, to restore the system to last known good in the event of a failure, monitor the system and patch any updates as required. Minimal support cost is ~700/month and is provided by a senior technician or developer.
Account Management is included as part of the product.
Support or additional development days can added flexibly by the customer or as agreed in the event of an escalation.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||A Project Manager will be assigned, and will review any client requirements for specific configuration and support. A deployment plan is generated in agreement with the client which covers the deployment of the requested Cloud Service, together with any optional modules and known configuration requirements. The on-boarding deployment process commences, whilst the training consultation takes place to ensure the training programme meets the needs of the range of trainees. Customers are provided a selection of training dependent upon their specific needs, with certain training being mandatory. User documentation includes: online context sensitive help to a help website, training guides. Help site provided and training guides when training provided.|
|Other documentation formats||Microsoft Word|
|End-of-contract data extraction||Each system is hosted within a separate client account and the client maintains ownership of that account and it's associated database and systems at the end of the contract. Additional development work and interfaces can be developed to extract data into a standard database format (e.g. csv, json).|
Handover of the client's individual account AWS Cloud System is included in the price of the contract. This includes the database, webserver, search engine etc.
Additional costs can be incurred from additional data extraction or migration to another system, or from early contract termination (specified separately).
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The websites and portals managed by this service are fully responsive so content, including pages and forms, will automatically resize to fit the appropriate device accessing the content, whether it is a mobile, tablet or desktop device. This provides a seamless experience regardless of the device being used.|
|Accessibility standards||WCAG 2.0 A|
For all site/portal designs and templates, MCL checks they are fully W3C compliant - from checking colour contrast to font sizes, we consider the user and their needs. Once the designs are complete, we have the ability here to run testing sessions with users of assistive technology, to check the usability of the designs.
MCL ensures websites managed by the Council CMS service are WCAG 2.0 A compliant and verifies this using various accessibility validators and testers (such as Total Validator and Colour Contrast Analyser), to ensure compliance with the standard. As there are a huge number of commercially available Assistive Technologies on the market, it would be impossible to test all, so the approach taken is to ensure compliance with the International Standard, that these assistive technologies will themselves support and be compliant with.
The Council CMS includes accessible site templates/portals tested to WCAG 2.0 A, and Council CMS clients are using a range of assistive technologies to gain access to the websites/intranets and portals.
|Description of customisation||
1) What can be customised?
All Content – Logos, Pages, Media, Forms,
Permissions – Fully customisable granular privileges for users and roles to manage permissions within the system.
Selection of pre-designed templates/themes,
2) How users can customise?
Various tools within the Council CMS: Content Editor (WYSIWYG Editor), Drag-and-drop Form Builder, Pre-configured templates and themes, Administration Dashboard, further customisations can be discussed during a Scoping Phase
3) Who can customise?
Users setup with the appropriate permissions which can be customised by administrators. For example: Administrators, content creators, content editors, content publishers.
|Independence of resources||The Council CMS system utilises an application load balancing layer, with configurable expansion and deployment of multiple web servers to ensure a consistent and reliable uptime and connection for any number of users.|
|Service usage metrics||Yes|
|Metrics types||Number of Requests, CPU Utilisation, Environment Health, Network Bytes in and out, Environment Health code, Target Response Time.|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Amazon Web Services - hosting|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Data exports can be made as database queries, sql, json or csv files. This are made in coordination with the contractor.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
Service Levels for hardware are provided by an underlying cloud services provider AWS as 99.99% uptime.
Service levels for web software attempt to match that value with at least 99% uptime.
Refunds for extended downtime are agreed dependent on each service contract.
|Approach to resilience||Available on request.|
|Outage reporting||An accessible dashboard with requests, usage, logs and performance monitoring. Customer determined APIs depending on requirements. Email alerts for website status and status changes.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Management and administration interfaces are restricted by two factor authentication and client managed end-users with verified email addresses.
Access is restricted on a per User, Group, Page, Action, and Object level.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users receive audit information on a regular basis|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||We provide a systematic approach to managing sensitive information including staff, data handling processes and IT systems by applying risk assessment and management processes as required. All staff have a responsibility to ensure their actions meet with security governance policies and procedures.|
|Information security policies and processes||N/A|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Secure code repository with full revision history and accountability.
Full release and deployment Code Pipeline process, with development testing, User Acceptance Testing and release to Production approval processes. Security, logins, accessibility are tested as required within a test framework.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Our first requirement is to reduce vulnerability and minimise accessible channels to data or systems. Firewalls, database and backup encryption, no external access to databases or web-servers, SSL/TLS webserver access.
Threat monitoring is regular via built-in cloud monitoring and logs. Patches can be deployed with hours of threat registration.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Recorded log of user and administrator access with IP address.
Policies to be determined with the client, to include - notification of compromise, notification of users, reversion of changes using daily backups. Response time is typically less than 12 hours under normal support contract.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Incident management and escalation processes are present for major incidents. Including security issues, hardware fail-over to different cloud regions or systems, and data loss.
Client incident reporting is typically via phone, email, or conference call.
Supplier incident reporting is via written response via email or secure medium with incident definition, timescales, notification, response and remedy information included.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£600 to £3050 per instance per month|
|Discount for educational organisations||No|
|Free trial available||No|