Umbraco Managed Cloud Platform

Umbraco open source content management system is suitable for small, medium and large websites and Intranets. CDS offers scalable, managed platforms using Umbraco Cloud and Umbraco on UK public and secure private cloud architectures. CDS expert partner services will help you get the best from the platform.


  • Simple, intuitive editing experience
  • Multi-device previews
  • Scheduled publishing
  • Headless content management ready
  • Multichannel delivery – manage websites, apps etc in one place
  • Media library
  • Form builder
  • Supports agile delivery and continuous deployment
  • Full APIs for front and back-end for integration
  • Managed Cloud platform including minimum 99.9% uptime


  • Unlimited editors
  • Easy to use for content teams
  • See how content will look and feel on different devices
  • Publish any time without the need to content freeze
  • Continuous deployment of new features and bug fixes
  • Enrich user experience
  • Create forms easily
  • Adapt and publish content for social channels
  • Access to Umbraco support scaling to 24/7
  • Fully supported Cloud platform including automatic upgrades


£600 per instance per month

Service documents

G-Cloud 10



James Davis

0113 399 4076

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Deployment is on public cloud
System requirements
  • Content editing requires IE11+, latest Firefox or Google Chrome
  • Development OS is Windows 10/8.1, Windows Server 2016/2012 R2/2012
  • Development tool required: Microsoft Visual Studio 2017/2015

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard response times are within 24-hours during business hours. Enterprise customers benefit from faster response times ranging from 2-8 hours and 24/7.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels As standard Umbraco guarantees a response time within 24 hours for a raised issue. The 24-hour response time applies to business days, so that weekends, holidays and announced closing days are not part of the 24-hour elapsed time.
For Enterprise customers, we guarantee a response within 2 hours, 24/7, for a raised issue of severity 1, 2 & 3 only.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started CDS commissions the Umbraco Cloud service which provides the platform and tools we need to build your website. We undertake discovery, design and development processes appropriate to your requirements, through to full system testing. CDS provides tutor-led, on-site training for editors and administrators, and template user guides.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Subject to 90 days termination notice being provided, there is no additional cost for ending the contract after the original contract period. If the termination date requested is before the end of the contracted period, the remaining period must be paid for in order to terminate. CDS can provide Exit Planning and Management services to assist in the transition.
End-of-contract process Through request to CDS or the Umbraco Managed Service desk, a full back-up of the Umraco database and accompanying binary assets can be provided. CDS can provide additional Exit Planning and Management services upon request.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing As a default standard, CDS builds all its sites to meet W3C WCAG2.0 AA requirements. We design and develop accessibility into the HTML template stage using good code practices, and our developers ensure compliance is carried through to the CMS integration.
Our testing covers all the required areas of the WCAG including disabling images, scripts, Flash, and CSS, screen resolutions, font size, colour contrasts, and assistive technologies such as screen readers.
What users can and can't do using the API Umbraco Cloud has a REST API that you can use to automatically create new projects.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Umbraco Cloud can be fully customised to suit your individual website requirements, including presentation templates, authentication providers, site functionality and editing/management functionality. Customisation is through .NET languages and javascript, using Visual Studio. CDS provides all customization services, from discovery and design through to content and SEO optimisation, available through our Cloud Service listing on G-Cloud.


Independence of resources Umbraco Cloud uses the proven and solid foundation of Microsoft Azure to give your site’s the best of infrastructure, performance and security. Sites have multiple safety nets to ensure no single point of failure.


Service usage metrics Yes
Metrics types CDS is able to provide access to a dedicated Analytics and digital marketing function, with experience across the Google Analytics Suite. Our Marketing Analyst is Google Analytics and AdWords certified and can work with you to create a prioritised action plan with agreed objectives and timescales.
Reporting types Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Extra features and support not available from the original supplier

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported directly from the database or an export can be run that downloads content as a compressed XML file.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Availability is guaranteed at 99.9%, rising to 99.95% depending on package selected.
Approach to resilience The infrastructure architecture of UaaS is designed ground up with redundancy in mind. From redundant storage, over Elastic SQL Azure Databases to a massive pool of Virtual Machines acting as workers for serving and scaling web requests, UaaS is built to be used and to last.
Outage reporting Umbraco provide a public dashboard service, together with email alerts of any outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels VPN access. 2-factor authentication. Username and Password
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes CDS maintains a set of security policies aligned with our ISO27001 certification, we are also Cyber Essentials Plus certified. All staff are BPSS cleared at minimum and are briefed on the security policy at induction and ongoing compliance supported by an internal learning management system.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach CDS operate a mature Change Management process, which is certified to the ISO 20000 standard. We ensure that all configuration or service changes are put through a controlled Change Management process, to ensure that impact and risk are managed, quality is maintained, and that changes are planned, documented and approved. Impact and risk assessment includes security considerations. Our Change Register is underpinned by a Configuration Management toolset and process, which charts the lifecycle of configuration items, and allows for them to be linked to service transactions, such as incidents and changes.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach CDS undertake periodic independent pen and vulnerability scanning of our networks and network services. This forms part of our ISO 27001 and Cyber Essentials Plus accreditation. CDS also undertake vulnerability scanning of client solutions during development and at the point of release. Nessus scans of the whole environment are performed weekly. Any identified vulnerabilities are assessed based upon the threat type and business risk. Those issues requiring attention form part of a remediation plan. The individual items are logged and assigned a priority based upon severity and tracked through our ITIL service desk.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach As part of Umbraco Cloud, we actively monitor the service at all times. The service is able to detect when a particular site is experiencing extraordinary load and begins to isolate the site in question to leave resources available for other sites. The feature is designed specifically with DDoS in mind but also serves to isolate sites with misbehaving code.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach CDS operate a mature Incident and Service Request Management process, certified to the ISO 20000 standard. The process is operated by our Service Management tool, which is interactive and can be configured to support the ticket workflow and metrics agreed with customers. Customers can report and update incidents via our interactive portal, email and telephone. Though we operate a core Incident Management policy and process, these can be tailored within customers Service Level Agreements to support common incidents and events. We operate a separate Major Incident Management process, which can provide incident reports, post-mortems etc., when criteria are triggered.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £600 per instance per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑