WordPress CMS Web Design (Content Management System)
Respondit are award-winning website designers and developers. We create and maintain websites for local authorities, businesses and charities.
We primarily build using the Content Management System (CMS) WordPress which allows us to provide secure, scalable and easy to maintain websites that are fully responsive and deliver a great user experience.
- Bespoke website designs built on an established Content Management System
- Responsive and mobile optimised website design
- Thorough user behaviour research and testing (Improve UI/UX)
- E-commerce website functionality
- Managed automatic backups of all data
- Full design process, from initial concept to completion
- Search Engine Optimisation - (SEO)
- Professional photography and multimedia creation
- Utilisation of pre-built tools to reduce overall costs
- Full life-cycle service and support
- Fast access to responsive support
- Access to team/project management software (Monday.com)
- Integrated digital marketing
- Award-winning, solution focused and user experienced lead team
- Experts in WordPress implementation and integration
- Flexible SLA allowing clients to tailor solutions
- Audit of your existing website for better on-boarding
- Visually engaging websites that follow brand guidelines
- Highly accessible
- GDPR compliant
£65 to £100 per person per hour
- Education pricing available
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
Respondit Web Design ltd
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||
Our web applications are created using the WordPress Content Management System. Within this platform's ecosystem, we use a mixture of free, premium and in-house developed themes and plugins to build fully bespoke solutions.
We can utilise 3rd Party APIs to extend functionality even further by integrating other services and software.
|Cloud deployment model||Private cloud|
WordPress requires regular updates to core files and plugins in order to maintain performance and security. Whilst this can be done by a trained user a strict update procedure is required to reduce the possibility of updates causing a live site to go down. These updates and any issue resolving are included in Planned Preventative Maintenance (PPM) support plans that we offer or alternatively we can supply training to administrative users for in-house maintenance.
PPM support is also limited to plugins and themes that either we have installed or which we have previously confirmed in writing as fully compatible.
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Ticketing support is run through Monday.com. When users raise a query notifications are sent to all staff.
Standard support response times during working hours Monday to Friday, 9am-5pm:
Priority 1 (mission critical): 1 hour
Priority 2 (high): 2 hours
Priority 3 (medium): 4 hours
Priority 4 (low): 8 hours
We will respond to issues that arise outside of standard working hours, however these response times cannot be guaranteed for our standard SLA's.
Extended SLA's are available upon request to include longer working hours including evenings, weekends and bank holidays, up to 24/7 at pre-arranged rates.
Hosting support is 24/7.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Onsite support|
We have a full scope team of varying skill sets including designers, developers and marketers who can all be utilised under support contracts to maximise the effectiveness of our support contracts and offer the client a wide range of skills at a reduced rate. This flexible approach has proved very popular with government entities as it allows access to a wide skill set under one set contract.
Each client is assigned a technical account manager who oversees work carried out.
Our standard Planned Preventative Maintenance (PPM) support packages include regular updates to key components within your WordPress hierarchy. Essential security patches are kept up to date: WordPress themes, plugins and core. Secondary backups are always maintained which act as a triple redundancy fail safe (offsite backups).
Additional support needs are charged at an hourly or daily rate. 1st line support is charged at £65 per hour and 2nd line support at £75 per hour.
Flexible additional support for more day-to-day updates to the website, such as text changes, how-to guides, content amends, etc are done on a retainer basis with roll forward/backward terms on any unused hours. Quarterly reviews with itemised reporting on works undertaken are produced for every client.
|Support available to third parties||Yes|
Onboarding and offboarding
We are with our clients throughout the whole life cycle of projects and we really care about ensuring our buyers are supported through every step. We begin with talking to our clients about their specific needs and ensure the solution covers every base. We ensure the training and support that the client needs is completely covered through clear communication for the entirety of the project and beyond.
This support can be through a variety of means including:
Support and Maintenance (PPM)
How-To Guides / Instruction Manuals
Managed Hosting Services
Social Media Marketing
Respondit provide both onsite and online training for clients when needed, and can be off-the-shelf training, or bespoke to your particular needs.
The level of access and functionality each user requires is discussed in detail before a project is undertaken. We then agree upon the level of training required for clients to use the service and allocate a time convenient with them and their staff.
Ongoing support, digital marketing services (such as SEO or SMM) and design services can be bundled into retainer-based contracts with flexibility as-to which services are utilised on a flexible monthly basis.
|End-of-contract data extraction||
Users maintain full control of their data at all times. We will handover everything a user requires at the end of a contract in the most convenient form possible. This will have been agreed upon within our contract as part of our off-boarding planning but the user retains the option to alter their demands if needed.
Data can be exported from the dashboard in most cases using the client's login credentials. This can be in a variety of file types in most cases including XML feeds, CSV file output and PDF formats.
If for any reason a buyer is unable to pull any (or all) data, we will assist them by discussing their needs, identifying the desired method and file type and export the data for the client.
We explicitly agree upon what data will be required by us if we are continuing to provide a service to them in the form of support and remove anything that is unnecessary.
All data that is identified as needing to be deleted from our system will be thoroughly and securely destroyed.
This is not limited to the product, we are also happy to extract any project management or case files as required.
When a website is created we will ask who in the client's organisation will have to use it and what level of access they will need. We agree upon how much training will be needed in the initial meetings and will deliver on our commitments within the time-frame and budget laid out in the contract.
At the end of this contract the client will have the option of hiring us on a separate Planned Preventative Maintenance contract if desired.
If the client is looking to self manage, or use another supplier for on-going maintenance / support or marketing services we offer full handover services, and on-boarding for any perspective 3rd parties.
We believe in collaboration, and strive to be as open and engaging as professionally possible with an excellent track record of delivering collaborative projects. We will offer training, guidelines, instructional videos and the required support to make any handover as smooth as possible.
At the end of any contract, we will ask the buyer to complete a questionnaire in either digital or interview format, to identify the strengths and weaknesses of our project delivery, so we can continue to learn and grow as a business.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
There is no limitation to functionality when using smaller device, the view ports are optimised to match the device. Buyers can access their CMS and our support through either mobile or desktop devices. The service they receive is the same no matter how they access it.
Our websites are designed and built to be fully responsive. If viewing on a desktop or tablet buyers can simulate what a user will see on a mobile device (testing purposes) but if viewing on a mobile device alone they will not be able to assess what desktop or tablet users are presented with.
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
We use a combination of automated and manual interface testing. Our accessibility testing includes:
Screen Readers - Jaws - Reading elements and headers, tab through links, check landmarks (headers, content pieces, navigation, etc.), check ARIA (Accessible Rich Internet Applications) and ensure editable fields are functional.
Screen magnifiers - ZoomText - We test up to at least 10 times magnification and check spacing between elements, the content is clear with different colour schemes and variations available, the cursor enhancement and focus indicator are functional.
Speech recognition - Dragon NaturallySpeaking - We test with speech recognition technology, including navigation of each feature such as links, buttons, media, site controls and interactive elements. We also ensure speech to text is functional on any forms/search functionality that are applicable to buyer's site.
Our manual testing is done using focus groups of identified target audiences. This is actual road testing of the end product prior to launch and is normally done over multiple phases that identifies issues, we implement solutions and then test again. We design these tests specifically for the primary and secondary functions of the buyer's website or web application.
External 3rd party accessibility testing is also available.
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Description of customisation||
Everything can be completely customised from the design and aesthetics, to the development and functionality. Typical customisation of the platform include:
Design and Aesthetics - Full customisation including colours, fonts, imagery, video, layout, etc.
Functionality - Forms, E-commerce solutions, booking systems, online calendars, events, blog / vlog, E-learning platforms, product configurators, support / ticketing systems, advanced search, forums, staff or internal portals, image galleries, job / recruitment boards, real estate listings, classified listings, comments, directories, star ratings, fund raisers, payment gateways, online portfolios, brochures, online magazines, document downloads, etc. Essentially anything you have seen online can be added.
Communication - social media integration with Facebook, Live web chat, etc.
Users can customise the service through the WordPress dashboard which includes comprehensive online documentation including explainer videos, how-to guides and can be customised to include a drag and drop builder for complete simplicity.
WordPress enables users to have complete control, selected control in terms of what pages/content/media/permissions, and limited control such as just one page/area of the WordPress environment.
Default user permissions are built in as:
Additional user privileges can be added with bespoke functionality as required.
|Independence of resources||
Depending on whether a user chooses our Virtual Private Server hosting or cloud hosting, there are numerous protections against the impact of other user's demands.
Our VPS hosting allocates dedicated resources in the form of slots whereas cloud hosting, as well as having dedicated resources can allocate the demand from users onto idle servers.
|Service usage metrics||Yes|
Usage metrics are provided through server usage statistics, on page metrics and advanced heat mapping technology is available.
Real-time reporting is achieved through Google Analytics giving audience information in terms of acquisition source, type, behaviour on the platform and the ability to set conversions and goals to accurately track users engagement.
Heat mapping is also available through Hot Jar to record users interactions with the WordPress platform for testing, reporting and refining purposes.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
We can supply SFTP access to authorised users in order to download core files. We can also give authorised users access to the hosting control panel, where they can access database files directly via PHPMyadmin.
Site level data such as media files,page and post content can be exported into CSV and JSON via the WordPress admin panel by users with the appropriate Administrator level of access.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
99.9% up-time guarantee for all hosting solutions.
100% up-time guarantee hosting available with load balancing, redundancy/back up solutions for mission critical, enterprise solutions.
We have real up-time monitoring on all our sites. We are alerted immediately should a site go down. If the site is maintained by us under our PPM maintenance then this would be dealt with according to contractually agreed SLA's. Our standard SLA for a Priority 1 case like this would be a response within 1 hour during core office hours. We will respond to Priority 1 issues that arise outside of standard working hours as soon as we can, however these response times cannot be guaranteed unless there is a contractually agreed SLA in place. If the site is not maintained by us then we will forward on any up-time alerts.
We have a rigorous procedure in place to avoid any issues arising on live sites from WordPress Core, Theme or Plugin updates however should one arise under our management, we roll back the site to the previous working version immediately, and establish the cause as a Priority 4 SLA - 8 hour response.
For each hour of downtime we refund one days hosting or support.
|Approach to resilience||
Our business resilience has been built in by ensuring that we have a competent team, able to prepare, react and deal with the demands that resilience places on our business.
This also encompasses crisis management and business continuity with a ‘whole business’ approach. We treat business resilience as a strategic risk management process, ensuring that sufficient and appropriate resources are committed to it. Being resilient means we have secured those mission-critical and time-sensitive business functions so we continue with our mission of delivering high value, high quality services to clients.
Our approach to this is 5 fold: Identify, Protect, Detect, Respond, Recover.
Identify: We look to develop an organisational understanding for managing cyber security risk to systems, assets, data and capabilities.
Protect: We will then develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
Detect: We will develop and implement the appropriate activities to take action regarding a detected cyber security event.
Respond: We will develop and implement the appropriate activities to take action regarding a detected cyber security event.
Recover: We will develop and implement the appropriate activities to take action regarding a detected cyber security event.
All of our sites have real time monitoring in place. If the Uptime Monitor doesn’t get the expected response, it’ll keep trying a couple more times to confirm that the site is down. If it is still unresponsive, we will receive a notification by email and by SMS and our client receives an email. The Uptime Monitor tracks the up-time percentage, response delay and individual checks and generates a report each month which we share with our client and use to track up-time SLA's.
Once we establish the cause of the down time we will respond by email within the time frame of our contractually agreed SLA's. Our standard Priority 1 SLA is a response within 1 hour during core office hours. We will state what the issue is, what the fix is and an estimate as to how long the fix will take. Once fixed, an email will be sent confirming this. Uptime monitor will also send out an alert to confirm the site is back up and running.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Respondit restricts access based on agreed permissions with the client, this is done normally through 2 factor authentication.
We agree with the client members of staff who are able to access management interfaces and support channels, which is reviewed at least every 6 months.
We automatically block any IP addresses seen to be repeatedly trying usernames such as admin or administrator and if password attempt is failed 3 times then we set the account to require a password reset or require unlocking by an administrator. We log the IP address of all login attempts both for auditing purposes.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
|Description of management access authentication||IP address white list where dedicated IP addresses are used to lock down administrator access.|
Audit information for users
|Access to user activity audit information||You control when users can access audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||360 Certification|
|ISO/IEC 27001 accreditation date||20/05/2019|
|What the ISO/IEC 27001 doesn’t cover||Our whole service provision is covered by ISO/IEC 27001 certification|
|ISO 28000:2007 certification||Yes|
|Who accredited the ISO 28000:2007||360 Certification Ltd.|
|ISO 28000:2007 accreditation date||20/05/2019|
|What the ISO 28000:2007 doesn’t cover||Whilst we strive to cover our whole supply chain. We cannot guarantee that all third party WordPress plugins and Themes are covered.|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
We break our information security into three key pillars:
Everyone in the business is made aware of their role in preventing and reducing cyber threats. Cyber security is a business issue and all of us have a role to play. Regular staff training takes place.
Processes are key to the effectiveness of our cyber security strategy. Processes are crucial in ensuring the companies activities, roles and documentation are used to mitigate the risks to the organisation’s data. Our processes are continually reviewed internally, and externally audited annually in line with our ISO27001 accreditation.
Technology is absolutely crucial when it comes to cyber security. By identifying the types of cyber risks that we face, we can then plan for mitigating the risks and identify the technologies we need to do this. Technology is then deployed to bolster the defensive strength in accordance to a risk assessment in line with our ISO accreditation.
Respondit and our hosting providers, WP Engine and AWS have documented policies which dictate procedures dealing with security, and offer guidance to staff members, We are are ISO 27001 accredited.
WP Engine security process: https://wpengine.com/support/wp-engines-security-environment/
AWS Process: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/security-and-compliance.html
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
All change requests from the client are dealt with via a ticketing system. This allows all communication and work to be tracked from start to finish with contract dependent SLA triggers in place.
Any maintenance patches or updates completed as per contract are logged internally via the same system.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Our WordPress installs are scanned daily by 3 separate services for any threats or updates. System Administrators are alerted immediately of any potential threats and updates. These are investigated by a member of the technical team and dealt with based on contractually agreed SLA's.
Further to this, we will have 24 hour up time monitoring in place which also alerts us immediately should the site go down for any reason meaning we can react very quickly to solve the problem.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
We have Web Application Firewall monitoring, which monitors sites in real time, and will stop sites from being hacked by identifying malicious traffic. Once identified, attackers are blocked before they can access the website.
This includes a real time threat defence feed which includes the latest malware signatures and malicious IP updates. This is augmented with:
> Two Factor Authentication
> Blocked Brute Force Attacks,and
> Country and Manual blocking controls.
Our layered protective monitoring processes continually monitor and protect client websites from attack before they occur, providing a high level of attack resilience.
|Incident management type||Supplier-defined controls|
|Incident management approach||
We develop and implement the appropriate activities to take action regarding a detected cyber security event.
Response Planning: Response processes and procedures are executed and maintained, to ensure timely response to detected cyber security events.
Communications: Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.
Analysis: Analysis is conducted to ensure adequate response and support recovery activities.
Mitigation: Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.
Improvements: Organisational response activities are improved by incorporating lessons learned from current and previous detection/response activities
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£65 to £100 per person per hour|
|Discount for educational organisations||Yes|
|Free trial available||No|