This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with The Other Media Limited are still valid.
The Other Media Limited

Magento ecommerce SaaS development

The Other Media provide full UK based Magento SaaS capabilities for rapid cloud deployment of World Class ecommerce solutions within a totally flexible development environment. Highly secure transaction processing, seamless integration with existing back office software, and fully responsive design make this a compelling ecommerce offering.

Features

  • Real-time reporting
  • Browser-based system management for streamlined publishing
  • Responsive design for unlimited front end look-and-feel
  • Enterprise-ready with a global support community
  • Full customisation and extensibility through community marketplace
  • Effective system integration with existing back office solutions
  • Full content management system (CMS) capabilities
  • Multiple content types supported; images, videos, text, social media
  • User centred design and development solution with standards compliant output
  • Rigorous QA processes

Benefits

  • Scalable platform to support growth
  • Proven customer conversion capabilities
  • Custom data migration available to suit needs
  • Editorial workflow, and content staging if required
  • Rapid solution deployment to achieve MEAT objectives
  • 20 years of agency experience to support customers
  • Open Source and fully customisable your customer needs
  • On-site training provided
  • World class front end design and development support
  • Platform optimisation

Pricing

£650 to £1,150 a virtual machine

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matt.jeoffroy@othermedia.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

5 4 3 0 1 0 3 3 1 8 7 8 5 0 6

Contact

The Other Media Limited Matthew Jeoffroy
Telephone: 020 7089 5959
Email: matt.jeoffroy@othermedia.com

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
No
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
Ticket response time is within 1 hour
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.0 A
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Priority: 1
Definition of priority: Critical failure; Website inoperable or no e-commerce transactions possible
Time to respond: Within 15 mins
Estimated time to resolve: 80% typically resolved within 4 hours

Priority: 2
Definition of priority: Visible issue but not a critical failure
Time to respond: 1 hour
Estimated time to resolve: 80% typically resolved by next sprint release within 2 weeks

Priority: 3
Definition of priority: Non urgent work
Time to respond: 1 hour
Estimated time to resolve: 80% typically resolved by next general software release within 1 months
Support available to third parties
Yes

Onboarding and offboarding

Getting started
There are 3 ways to help users get started on the system.

1. Onsite training where we like to keep the groups small to make the most impact, and ideally for us to 'train the trainer(s)'
2. Accompanying documentation that should be used during the training and then used for reference afterwards
3. Help desk, where users can either call or create a ticket in JIRA for assistance
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data can be provided as XML, CSV, or as a SQL database dump.
End-of-contract process
At the end of the contract the client data will be handed over, and if migration is required to a new service then this will be specified, agreed and planned in for completion. If assistance is required to be given to a new system provided then this will be done as required.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service can be purely responsive (same content on desktop and mobile), or it can be adaptive (different content on mobile devices), with both versions using the same template layout, common stylesheets, and common code base.
Accessibility standards
WCAG 2.0 AA or EN 301 549
Accessibility testing
The interface has been tested using the following technologies: the JAWS screen reader, Lightening Express for screen magnification, screen readers, and speech input with Dragon Naturally Speaking. In each case testing was carried out in a laboratory setting, with the participant being asked to perform a series of tasks while being observed and filmed. Different screen versions were shown, with the same task required to be completed so that comparisons could be made. Tracking software was used so that the user session could be recorded and replayed for further evaluation.
API
Yes
What users can and can't do using the API
Feeds are available for stock; levels, availability, pricing, category. These feeds may be used for Google Shopping, or back office systems. Users can also take feeds of customers and orders into back office CRM systems, or marketing automation solutions. Loyalty points may be accrued through purchasing and shared with back office loyalty solutions. All products may be shared with a separate CMS system to allow for further merchandising. All feeds can be made available as JSON for mobile apps if required.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • ODF
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
What can be customised - colours and font sizes
How users can customise - via a settings option within the interface
Who can customise - all logged in users

Scaling

Independence of resources
Service performance is guarenteed through allocation of virtual machine resources that have been determined with the client during on-boarding. Each client has an optimal performance window (memory and CPU usage), and if usage approaches the SLA then the allocation will be increased to ensure that user service remains consistent.

Analytics

Service usage metrics
Yes
Metrics types
User access, traffic, popular pages, time spent logged in, last log in, number of posts, number of files, time on site
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users are able to export items that that have added into the system, i.e. posts, via XML, CSV, and SQL data dump. This data is restricted to only what they have added, and they will not be able to export other users data unless it is a comment that has been made on a post.

Typically system administrators would export data rather than individual users, and this is achieved via XML, CSV, or SQL data dump as above, but can be achieved on a company rather than individual basis.
Data export formats
  • CSV
  • Other
Other data export formats
XML
Data import formats
  • CSV
  • Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Unavailability up to and including 4 hours consecutively in any calendar month: 1 day's Service Credits;

Unavailability greater than 4 hours but less than 8 hours, consecutively in any calendar month: 5 day’s Service Credits;

Unavailability greater than 8 hours but less than 16 hours, consecutively in any calendar month: 10 days' Service Credits; and

Unavailability equal to or greater than 16 hours, consecutively in any calendar month: 1 month's Service Credits.
Approach to resilience
Available on request
Outage reporting
Email, SMS, API

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
User permissions within the system determine the level of access to management interfaces and support channels. This is in addition to the system access that is put in place for all users, i.e. IP lockdown and physical entry.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials
Information security policies and processes
Information identified as sensitive which has been collected, and not generated, as part of business activities should only be collected if there is a very specific reason to do.

Any information identified as sensitive must be stored only within environments that are secured by user access control policies. Those access control policies must take into account that the system they govern contains such sensitive information.

Sensitive information must always be encrypted during transmission, for example using HTTPS or SSH. Where possible, the data should be used only within the system or location it is stored. Downloading data for offline processing should be avoided wherever possible as it introduces additional risks that must be considered.

The collection, storage and transmission of financial information are heavily regulated. All systems involved must have a System Specific Security Policy that meets the identified PCI requirements.

The Commercial Director must approve all System Specific Security Policies.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All service components are tracked and versioned in a code repository. Prior to deployment code is peer-reviewed, code audited, put through QA on local, development, and continuous integration servers before it is able to be deployed to production machines. As part of the QA process each service component is 'hardened' to ensure compliance and security, with any public facing systems being regularly penetration tested.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our service is monitored 24 x 7 using a range of tools such as New Relic, Pingdom, Cactii, as well as IDS services from our data centre provider. As soon as vulnerabilities are announced, (either through our datacentre provider, software provider, or security bulletins that we subscribe to), then we will plan a fix - immediate for pervasive and immediate threats, and prioritised for less critical issues that have been flagged, but typically within the next software cycle.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Our service is monitored 24 x 7 using a range of tools such as New Relic, Pingdom, Cactii, as well as IDS services from our data centre provider. As soon as vulnerabilities are announced, (either through our datacentre provider, software provider, or security bulletins that we subscribe to), then we will plan a fix - immediate for pervasive and immediate threats, and prioritised for less critical issues that have been flagged, but typically within the next software cycle.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incidents typically follow patterns and we have pre-defined response types for each. Incidents are registered in our ticket tracking system (JIRA), either directly by the client or indirectly by the account manager when the client has called the office. If an incident is noted by a member of Other Media it will be registered in the same way. Incident reports follow a standard template with the details provided by the client being captured and included on this form, and all responses recorded alongside. This report is then saved as PDF and emailed to the client.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£650 to £1,150 a virtual machine
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matt.jeoffroy@othermedia.com. Tell them what format you need. It will help if you say what assistive technology you use.