Umbraco Managed Cloud Platform

Umbraco open source content management system is suitable for small, medium and large websites and Intranets. CDS offers scalable, managed platforms using Umbraco Cloud and Umbraco on UK public and secure private cloud architectures. CDS expert partner services will help you get the best from the platform.


  • Simple, intuitive editing experience
  • Multi-device previews
  • Scheduled publishing
  • Headless content management ready
  • Multichannel delivery – manage websites, apps etc in one place
  • Media library
  • Form builder
  • Supports agile delivery and continuous deployment
  • Full APIs for front and back-end for integration
  • Managed Cloud platform including minimum 99.9% uptime


  • Unlimited editors
  • Easy to use for content teams
  • See how content will look and feel on different devices
  • Publish any time without the need to content freeze
  • Continuous deployment of new features and bug fixes
  • Enrich user experience
  • Create forms easily
  • Adapt and publish content for social channels
  • Access to Umbraco support scaling to 24/7
  • Fully supported Cloud platform including automatic upgrades


£600 an instance a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

4 5 5 7 4 5 2 7 6 0 6 9 0 6 5


CDS Jonathan Astin
Telephone: 07904 570073

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Deployment is on public cloud
System requirements
  • Content editing requires IE11+, latest Firefox or Google Chrome
  • Development OS is Windows 10/8.1, Windows Server 2016/2012 R2/2012
  • Development tool required: Microsoft Visual Studio 2017/2015

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard response times are within 24-hours during business hours. Enterprise customers benefit from faster response times ranging from 2-8 hours and 24/7.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Support levels
As standard Umbraco guarantees a response time within 24 hours for a raised issue. The 24-hour response time applies to business days, so that weekends, holidays and announced closing days are not part of the 24-hour elapsed time.
For Enterprise customers, we guarantee a response within 2 hours, 24/7, for a raised issue of severity 1, 2 & 3 only.
Support available to third parties

Onboarding and offboarding

Getting started
CDS commissions the Umbraco Cloud service which provides the platform and tools we need to build your website. We undertake discovery, design and development processes appropriate to your requirements, through to full system testing. CDS provides tutor-led, on-site training for editors and administrators, and template user guides.
Service documentation
Documentation formats
End-of-contract data extraction
Subject to 90 days termination notice being provided, there is no additional cost for ending the contract after the original contract period. If the termination date requested is before the end of the contracted period, the remaining period must be paid for in order to terminate. CDS can provide Exit Planning and Management services to assist in the transition.
End-of-contract process
Through request to CDS or the Umbraco Managed Service desk, a full back-up of the Umraco database and accompanying binary assets can be provided. CDS can provide additional Exit Planning and Management services upon request.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Service interface
What users can and can't do using the API
Umbraco Cloud has a REST API that you can use to automatically create new projects.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Umbraco Cloud can be fully customised to suit your individual website requirements, including presentation templates, authentication providers, site functionality and editing/management functionality. Customisation is through .NET languages and javascript, using Visual Studio. CDS provides all customization services, from discovery and design through to content and SEO optimisation, available through our Cloud Service listing on G-Cloud.


Independence of resources
Umbraco Cloud uses the proven and solid foundation of Microsoft Azure to give your site’s the best of infrastructure, performance and security. Sites have multiple safety nets to ensure no single point of failure.


Service usage metrics
Metrics types
CDS is able to provide access to a dedicated Analytics and digital marketing function, with experience across the Google Analytics Suite. Our Marketing Analyst is Google Analytics and AdWords certified and can work with you to create a prioritised action plan with agreed objectives and timescales.
Reporting types
Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Extra features and support not available from the original supplier

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Data can be exported directly from the database or an export can be run that downloads content as a compressed XML file.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Availability is guaranteed at 99.9%, rising to 99.95% depending on package selected.
Approach to resilience
The infrastructure architecture of UaaS is designed ground up with redundancy in mind. From redundant storage, over Elastic SQL Azure Databases to a massive pool of Virtual Machines acting as workers for serving and scaling web requests, UaaS is built to be used and to last.
Outage reporting
Umbraco provide a public dashboard service, together with email alerts of any outages.

Identity and authentication

User authentication needed
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
VPN access. 2-factor authentication. Username and Password
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
CDS maintains a set of security policies aligned with our ISO27001 certification, we are also Cyber Essentials Plus certified. All staff are BPSS cleared at minimum and are briefed on the security policy at induction and ongoing compliance supported by an internal learning management system.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
CDS operate a mature Change Management process, which is certified to the ISO 20000 standard. We ensure that all configuration or service changes are put through a controlled Change Management process, to ensure that impact and risk are managed, quality is maintained, and that changes are planned, documented and approved. Impact and risk assessment includes security considerations. Our Change Register is underpinned by a Configuration Management toolset and process, which charts the lifecycle of configuration items, and allows for them to be linked to service transactions, such as incidents and changes.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
CDS undertake periodic independent pen and vulnerability scanning of our networks and network services. This forms part of our ISO 27001 and Cyber Essentials Plus accreditation. CDS also undertake vulnerability scanning of client solutions during development and at the point of release. Nessus scans of the whole environment are performed weekly. Any identified vulnerabilities are assessed based upon the threat type and business risk. Those issues requiring attention form part of a remediation plan. The individual items are logged and assigned a priority based upon severity and tracked through our ITIL service desk.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
As part of Umbraco Cloud, we actively monitor the service at all times. The service is able to detect when a particular site is experiencing extraordinary load and begins to isolate the site in question to leave resources available for other sites. The feature is designed specifically with DDoS in mind but also serves to isolate sites with misbehaving code.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
CDS operate a mature Incident and Service Request Management process, certified to the ISO 20000 standard. The process is operated by our Service Management tool, which is interactive and can be configured to support the ticket workflow and metrics agreed with customers. Customers can report and update incidents via our interactive portal, email and telephone. Though we operate a core Incident Management policy and process, these can be tailored within customers Service Level Agreements to support common incidents and events. We operate a separate Major Incident Management process, which can provide incident reports, post-mortems etc., when criteria are triggered.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£600 an instance a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.