Andy Black Associates Ltd

Hosted WordPress websites and intranets

We create, design and host WordPress websites with full integration into social media channels - additional capabilities include email, ecommerce, CRM, SEO, content, Google analytics. Alongside this we provide a video elearning service enabling you to easily manage the WordPress website and associated digital marketing skills.


  • Hosted WordPress websites
  • Real-time content updating from any device
  • Remote access from home, office or travelling
  • Mobile-friendly and fully responsive
  • Hosting facility is secure tier 1 datacentre
  • Easy to use, easy to update, intuitive
  • Flexible themes and range of powerful plugins
  • Video elearning services to accelerate client digital skills
  • Integrated SEO plugins to optimise content creation
  • Friendly and helpful support to get you started


  • Increase productivity - our hosted websites are easy to use
  • Reduce costs - no need for expensive PR agencies
  • Improve communications - quickly manage content on the move
  • Better engagement - our websites are mobile-friendly
  • Low risk - proven hosted services via secure datacentre
  • Enhance customer service - integration with social media networks
  • Optimise content - integrated SEO improves search page rankings
  • Better digital skills - access video elearning digital skills library
  • Improve team work, creativity & collaboration
  • Friendly and helpful support to get you started


£1000 to £4000 per licence per 6 months

Service documents

G-Cloud 9


Andy Black Associates Ltd

Andy Black

07881 314570

Service scope

Service scope
Service constraints No
System requirements
  • WordPress latest version
  • Cloudflare CDN (content delivery network)
  • Verisign SSL certificate
  • SQL latest version
  • Yoast SEO
  • Duplicator Pro

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Monday to Friday - 09.00 to 18.00 - within the hour
Monday to Friday - 18.00 to 09.00 - 4 hours
Saturday and Sunday - 8 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Facebook Messenger
Web chat accessibility testing None
Onsite support Onsite support
Support levels Telephone and IM support Monday to Friday 09.00 to 18.00 as standard
Additional support fees are liable if support is required beyond these times
All clients have a dedicated account manager as standard
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite training, telephone support and video elearning to help clients get started.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction WordPress uses MySQL database and one of the benefits of MySQL database is that you can easily import or export data to and from any MySQL database table. There is a great tool called PHPMyadmin that you can access from your cPanel. It is extremely easy to use PHPMyAdmin to do any kind of importing or exporting of data and it is available for free.
End-of-contract process Included in price of contract;
WordPress websites & hosting - with full access to admin dashboard 24/7
Members areas 24/7
Telephone and IM support Monday - Friday office hours
Hosted video elearning 24/7

Additional costs:
Onsite training
Support at weekends - out of office hours

Using the service

Using the service
Web browser interface Yes
Using the web interface We help clients lay out their content and pre-install all the tools and plug-ins they need to run the website effectively. During the build phase, we collaborate with you and your team and train you how to self-manage all elements of your WordPress website - including SEO and CRM. You can easily set up the service through the web interface and also make real-time changes. There are no limitations on how users can set up or make changes through the web interface. For safety we make automated backups of the site, so errors can be easily changed.
Web interface accessibility standard WCAG 2.0 AAA
Web interface accessibility testing None
What users can and can't do using the API The WordPress REST API provides API endpoints for WordPress data types that allow developers to interact with sites remotely by sending and receiving JSON (JavaScript Object Notation) objects. JSON is an open standard data format that is lightweight and human-readable, and looks like Objects do in JavaScript; hence the name. When you send content to or make a request to the API, the response will be returned in JSON. This enables developers to create, read and update WordPress content from client-side JavaScript or from external applications, even those written in languages beyond PHP.
API automation tools OpenStack
API documentation Yes
API documentation formats HTML
Command line interface Yes
Command line interface compatibility Linux or Unix
Using the command line interface You can access the server’s command line via SSH and execute the following command: curl -O
This will download the wp-cli.phar file to your root directory. Then you turn the file into an executable using this command:
chmod +x wp-cli.phar You can move the wp-cli.phar file to a new directory and call it wp. That way, we can call up the application by typing those two letters (wp) into our command line.
sudo mv wp-cli.phar /usr/local/bin/wp


Scaling available Yes
Scaling type Automatic
Independence of resources We use a Cloudflare CDN
Usage notifications Yes
Usage reporting SMS


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Databases
  • Plugins
Backup controls Automated full back up is run weekly.

Users can also back up different things on different schedules.
Datacentre setup Single datacentre with multiple copies
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Service guaranteed Mon to Fri 09.00 to 18.00 - 99% uptime - subject to conditions. Service guaranteed Mon to Fri 18.00 to 09.00 - 90% uptime - subject to conditions. Service guaranteed Sat to Sun - 90% uptime - subject to conditions. Service refunds pro rata.
Approach to resilience Available on request. We use a tier 1 secure datacentre from 1&1 Web Hosting.
Outage reporting We report outages via a public dashboard, email/SMS/IM messages

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
Access restrictions in management interfaces and support channels We have 2 Super Admin allocated to only 2 staff which allows access across our tech infrastructure
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach We apply common sense and use the guidelines of CESG for our security governance and cyber security
Information security policies and processes We use VPN's and Tor to connect to the datacentre. Our usernames and passwords are also heavily encrypted. On our work PC's and mobiles we use McAfee Livesafe which includes automatic wiping of lost or stolen devices. The control panel for using the datacentre has encryption and very strong security. On our hosted websites we have a variety of security measures provided by the datacentre, we also have plugins to restrict login attempts, DDOS attacks and Spam filters. We actively monitor traffic and can detect and close off suspect IP addresses who attempt to login to the system admin dashboard. We regularly change user names and passwords.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We always update and use the latest versions of WordPress and SQL server. The themes and plugins we use for any hosted website are ones that are popular, have good reviews and a strong technical background. We use development servers to test all plugins and updates before we migrate to live environments. Part of the testing process includes a technical sweep by 1&1 system tools to detect any potential threats.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Regular monitoring of traffic, access and visitor IP addresses to identify and respond to anomolies. Patches can be deployed quickly and we revert to a live backup version of any website application whilst the patch is created. We monitor threats via expert bloggers, community hubs and notifications from cyber security authorities.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We monitor visitor IP addresses and also search queries - if we identify potential compromises we immediately change all user names/passwords for control panels, email, applications and then run a full anti-virus system sweep to remove/isolate any malware.
Incident management type Supplier-defined controls
Incident management approach We have pre-defined processes for common incident events. Users can use email or IM to report incidents, once an incident has been reported we create a job ticket and based on the severity of any incident we prioritise based on requirements.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider 1&1 Web Hosting Ltd
How shared infrastructure is kept separate Customers can choose the location of their virtual machine’s (VM) data centre. The 1&1 Data Centres are certified according to ISO/IEC 27001:2013 Customer data is processed in accordance to UK data protection law, in line with European data protection regulations. This doesn’t change when customers wish their data to be stored and processed in the US The handling of the 1&1 Cloud Server has been made even easier thanks to the well-structured Cloud Panel which can be controlled by the virtual server’s administrator
To protect their infrastructure, customers can define individual firewall rules to grant dedicated access to their server

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £1000 to £4000 per licence per 6 months
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑