Michael Carder Ltd

Council CMS

Council CMS is a cloud based in-browser content management system that can be integrated with a Council’s existing third-party applications and interfaces seamlessly.
The flexible system is built on a robust and user-friendly framework and includes customisable applications for: forms, news, menus, page hierarchy, FAQ, events management, and job opportunities.

Features

  • CMS – WSIWYG Editor. Responsive, WCAG compliant templates.
  • Form Builder – Single/Multi-page, responsive, workflow and integration capability.
  • User Management – Fully customisable granular privileges for users/roles.
  • Plugins – Social Media, News & Blog, Events, Job Applications
  • Plugins - Dynamic Charts, Announcements, FAQ, Snippets
  • User Accounts – OAuth (Local/Social Authentication), Account Page, User Favourites
  • Maps – Integrate Google Maps easily for displaying directions/locations/areas
  • Analytics and SEO Tools
  • Multiple Environments for testing and development
  • 99.5% uptime, automatic monitoring and scaling, daily backups

Benefits

  • Users can easily access content/forms from their mobiles/desktops
  • Approval workflow/versioning controls publishing to provide quality assurance
  • Multi-faceted access to content: Powerful search system/Browse Categories/A-Z/Hierarchical structure
  • Extend platform functionality with additional plugins/modules
  • Integration/APIs: integrate existing 3rd party applications and services
  • The system has been built to ensure GDPR Compliance
  • Manage responsive websites, microsites/subsites, and support for configurable URLs
  • Excellent service: proven/experienced hosting and service management support team.
  • Quickly identify potential website/content improvements via metrics/analytics
  • Meets modern W3 Web Standard compliance

Pricing

£600 to £3050 per instance per month

Service documents

G-Cloud 10

417119039833906

Michael Carder Ltd

Michael Carder

0778 607 8891

contact@michaelcarder.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints Planned maintenance will be agreed and scheduled as required. Flexible on-going support contracts can be setup.
System requirements
  • A supported browser such as:
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Expected responses are 12 hours on working days, typically with resolution. 24/48 hour response on weekends for minor issues, 24 hour response for serious incidents and escalations.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support levels are agreed on a per client and requirement basis.
Typically the minimal support contract is 1 day per month, to restore the system to last known good in the event of a failure, monitor the system and patch any updates as required. Minimal support cost is ~700/month and is provided by a senior technician or developer.
Account Management is included as part of the product.
Support or additional development days can added flexibly by the customer or as agreed in the event of an escalation.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A Project Manager will be assigned, and will review any client requirements for specific configuration and support. A deployment plan is generated in agreement with the client which covers the deployment of the requested Cloud Service, together with any optional modules and known configuration requirements. The on-boarding deployment process commences, whilst the training consultation takes place to ensure the training programme meets the needs of the range of trainees. Customers are provided a selection of training dependent upon their specific needs, with certain training being mandatory. User documentation includes: online context sensitive help to a help website, training guides. Help site provided and training guides when training provided.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats Microsoft Word
End-of-contract data extraction Each system is hosted within a separate client account and the client maintains ownership of that account and it's associated database and systems at the end of the contract. Additional development work and interfaces can be developed to extract data into a standard database format (e.g. csv, json).
End-of-contract process Handover of the client's individual account AWS Cloud System is included in the price of the contract. This includes the database, webserver, search engine etc.
Additional costs can be incurred from additional data extraction or migration to another system, or from early contract termination (specified separately).

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The websites and portals managed by this service are fully responsive so content, including pages and forms, will automatically resize to fit the appropriate device accessing the content, whether it is a mobile, tablet or desktop device. This provides a seamless experience regardless of the device being used.
Accessibility standards WCAG 2.0 A
Accessibility testing For all site/portal designs and templates, MCL checks they are fully W3C compliant - from checking colour contrast to font sizes, we consider the user and their needs. Once the designs are complete, we have the ability here to run testing sessions with users of assistive technology, to check the usability of the designs.

MCL ensures websites managed by the Council CMS service are WCAG 2.0 A compliant and verifies this using various accessibility validators and testers (such as Total Validator and Colour Contrast Analyser), to ensure compliance with the standard. As there are a huge number of commercially available Assistive Technologies on the market, it would be impossible to test all, so the approach taken is to ensure compliance with the International Standard, that these assistive technologies will themselves support and be compliant with.

The Council CMS includes accessible site templates/portals tested to WCAG 2.0 A, and Council CMS clients are using a range of assistive technologies to gain access to the websites/intranets and portals.
API No
Customisation available Yes
Description of customisation 1) What can be customised?
All Content – Logos, Pages, Media, Forms,
Permissions – Fully customisable granular privileges for users and roles to manage permissions within the system.
Page Metadata,
Selection of pre-designed templates/themes,

2) How users can customise?
Various tools within the Council CMS: Content Editor (WYSIWYG Editor), Drag-and-drop Form Builder, Pre-configured templates and themes, Administration Dashboard, further customisations can be discussed during a Scoping Phase

3) Who can customise?
Users setup with the appropriate permissions which can be customised by administrators. For example: Administrators, content creators, content editors, content publishers.

Scaling

Scaling
Independence of resources The Council CMS system utilises an application load balancing layer, with configurable expansion and deployment of multiple web servers to ensure a consistent and reliable uptime and connection for any number of users.

Analytics

Analytics
Service usage metrics Yes
Metrics types Number of Requests, CPU Utilisation, Environment Health, Network Bytes in and out, Environment Health code, Target Response Time.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Amazon Web Services - hosting

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data exports can be made as database queries, sql, json or csv files. This are made in coordination with the contractor.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • JSON
  • SQL
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • JSON
  • SQL

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Service Levels for hardware are provided by an underlying cloud services provider AWS as 99.99% uptime.
Service levels for web software attempt to match that value with at least 99% uptime.
Refunds for extended downtime are agreed dependent on each service contract.
Approach to resilience Available on request.
Outage reporting An accessible dashboard with requests, usage, logs and performance monitoring. Customer determined APIs depending on requirements. Email alerts for website status and status changes.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Management and administration interfaces are restricted by two factor authentication and client managed end-users with verified email addresses.
Access is restricted on a per User, Group, Page, Action, and Object level.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We provide a systematic approach to managing sensitive information including staff, data handling processes and IT systems by applying risk assessment and management processes as required. All staff have a responsibility to ensure their actions meet with security governance policies and procedures.
Information security policies and processes N/A

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Secure code repository with full revision history and accountability.
Full release and deployment Code Pipeline process, with development testing, User Acceptance Testing and release to Production approval processes. Security, logins, accessibility are tested as required within a test framework.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our first requirement is to reduce vulnerability and minimise accessible channels to data or systems. Firewalls, database and backup encryption, no external access to databases or web-servers, SSL/TLS webserver access.
Threat monitoring is regular via built-in cloud monitoring and logs. Patches can be deployed with hours of threat registration.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Recorded log of user and administrator access with IP address.
Policies to be determined with the client, to include - notification of compromise, notification of users, reversion of changes using daily backups. Response time is typically less than 12 hours under normal support contract.
Incident management type Supplier-defined controls
Incident management approach Incident management and escalation processes are present for major incidents. Including security issues, hardware fail-over to different cloud regions or systems, and data loss.
Client incident reporting is typically via phone, email, or conference call.
Supplier incident reporting is via written response via email or secure medium with incident definition, timescales, notification, response and remedy information included.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £600 to £3050 per instance per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑