Zodiac Media Ltd

WordPress CMS website

We can customise or develop WordPress websites from scratch. This includes extending WordPress's functionality, adding security layers, or streamlining WordPress's user interface. Full WordPress training and post-release support can be provided on request.

Features

  • Mobile-first design approach
  • Separate staging and live development servers
  • System event logging for security
  • UK based data centre hosting provided at cost
  • Content presentation can conform up to WCAG 2.0 AA standards
  • Granular role-based permission systems developed on request
  • We are an ISO 27001 information security certified company

Benefits

  • Mobile-compatible as standard
  • Fast turnaround with multiple opportunities for feedback
  • Reduce resource overheads and technical debt
  • Fully customisable to meet your precise requirements
  • Simple and intuitive administration system
  • Security compliant up to ISO27001 standards

Pricing

£600 per person per day

Service documents

G-Cloud 11

707961952759632

Zodiac Media Ltd

Billy Davies

0207 582 7160

info@zodiacmedia.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints N/A
System requirements N/A

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our target response time for critical issues affecting all users and all functionality, e.g. website down, is 2 hours. For major issues affecting all users and some critical functionality, e.g. website can no longer send/receive emails, it is 4 hours. For minor issues such as confirmation messages failing to display it is 2 working days. For trivial issues such as misaligned text it is 4 working days.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We offer one level of support.

Support work can include any tasks you feel Zodiac Media are suited to handling. Zodiac Media offer website maintenance and support contracts based on a flat fee that covers a pre-agreed amount of support time for each month, typically 1 day per month, at a cost of £600 ex VAT. Unused support time can be rolled over to subsequent months, although at the end of the contract any remaining support time will not be reimbursed. If the amount of support work required for a given month exceeds the balance of your support account, then we would charge by the hour for further work. We would always make you aware of this by providing estimates for further work once the support allowance has been exhausted. We will endeavour to accommodate additional support and development work as soon as we are able to based on our existing work schedule. We will advise you as to when additional work can be undertaken on a case by case basis.

Requests go through an Account Manager who will be able to answer basic requests and field those necessary to technical personnel.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We can provide on request onsite training, online training, and user documentation.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction In compliance with GDPR, once the contract is fulfilled the client may request a portable copy of the data we hold on them and/or the erasure of such data.
End-of-contract process At the end of your contract you will be provided with Zip files of your site's codebase and database, at a mutually agreed date and time. All other work would be billable by the hour.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile version of the service will have a different, mobile optimised layout in comparison to the desktop version. Likewise, functionality may also differ slightly so that the user experience is optimised for mobile devices.
Accessibility standards None or don’t know
Description of accessibility The service interface does not natively adhere to WCAG 2.1 A standards. However we will work collaboratively with customers to ensure that the admin system is accessible to all their staff by implementing custom changes to the system as required.
Accessibility testing We have previously worked on the websites of several UK councils to ensure they adhere to WCAG 2.1 AA accessibility standards. To do this we used the online service SiteImprove, which is popular with many UK government organisations.
API Yes
What users can and can't do using the API WordPress has an inbuilt RESTful API. Full details can be found at WP-API.org: https://v2.wp-api.org/
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation WordPress CMS's public-facing front end and administration screens can be customised almost without limit.

Customisation can be achieved through either changing WordPress's admin settings or installation of additional plugins which extend WordPress's native functionality.

Customisation of WordPress's admin settings would need to be undertaken by a trained user. Coding and module customisation would need to be undertaken by competent web developer familiar with the WordPress platform.

Scaling

Scaling
Independence of resources Client servers are allocated exclusively to them so there is no contesting of server resources. Minimum target uptime for servers and network connectivity is 99.9%. In any given month, if your server is down for more than 0.1%, you will be given a pro-rated hosting cost credit for the down-time.

If Zodiac Media fails to respond to an issue report within the target response time, then 1 extra day of support time will be credited to the support account’s balance.

Analytics

Analytics
Service usage metrics Yes
Metrics types We can set up Google Analytics for your WordPress website on request which gives you intricate detail on the usage data for your website.

All servers are integrated with our enterprise class performance monitoring system. This provides real time technical information for your WordPress website such as CPU load, memory utilisation, hard disk utilisation and network utilisation.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach WordPress can be customised on request to support CSV export of user data. Data can then be exported by the user via WordPress's admin system. A bulk export of data from WordPress's underlying database is also available upon request.
Data export formats
  • CSV
  • Other
Other data export formats SQL dump
Data import formats
  • CSV
  • Other
Other data import formats SQL query

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Minimum target uptime for servers and network connectivity is 99.9%. In any given month, if your server is down for more than 0.1%, you will be given a pro-rated hosting cost credit for the down-time. If Zodiac Media fail to respond to an issue report within the target response time, then 1 extra day of support time will be credited to the support account’s balance.
Approach to resilience Data centre resilience information is available upon request.
Outage reporting All of our production servers are integrated with our enterprise class monitoring system. If you have a fixed IP address we can provide you with a user account to access this and view server performance. Alternatively we can enable a VPN connection for you to gain access. Depending on the severity of the issue detected the monitoring system sends alerts to a Slack group consisting of Zodiac Media staff.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels The data centre management interface is subject to two factor authentication. SSH access to the server is via firewall whitelist and public key authentication. Support system access can be granted via VPN. WordPress's admin system is accessible via username and password, we would also recommend limiting access to the admin system via firewall whitelist/VPN or enabling two factor authentication.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ACM Ltd.
ISO/IEC 27001 accreditation date 18/10/2018
What the ISO/IEC 27001 doesn’t cover None
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We are ISO27001 certified with a full Information Security Management System (ISMS). Every client project has its security objectives and potential risks documented. Every quarter we perform an internal security audit, including integrity and intrusion scans on all our servers. All project files are stored on encrypted storage devices and backed up on IP restricted servers with logging and version control. All information assets are labelled under our ISMS, with their associated handling, storage, access, transference, and retention standards.

We have a fully documented procedure in the case of an information breach with our point of contact at ICO identified. All employees are onboarded with our ISMS policies when they join the company.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes are assessed for their likely impact on security and performance prior to being implemented. All changes progress through a sequence of review gates using local development, staging and then live infrastructure to mitigate risk. Both the performance and security of the overall WordPress website are reviewed at each stage. All server configuration changes are noted in our issue tracking system. Codebase related changes are recorded in the version control system Git.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We pro-actively monitor both WordPress core and WordPress community plugin public releases. If a release contains security updates then we make clients aware of the need to update as soon as possible. Typically security updates are implemented within 2 working days of clients instructing us to proceed. We use the unattended upgrades functionality of Linux to keep server packages up to date. All servers are integrated with our security monitoring system which actively alerts us to possible threats. We conduct quarterly vulnerability scans of all servers.
Protective monitoring type Supplier-defined controls
Protective monitoring approach All servers are integrated with both our enterprise class performance and security monitoring systems. These actively alert us to issues immediately, based on custom configured trigger rules. The time taken to respond to these issues is near immediate, although the resolution times depends on the impact of the issue. In addition all servers are enrolled in the data centre's performance monitoring system which also actively alerts us of performance issues.
Incident management type Supplier-defined controls
Incident management approach As part of our Information Security Management System (ISMS) policies we have a predefined process for security incident management. This is inline with ISO 27001 standards. Clients can report incidents to our dedicated account manager, and are kept updated with the progress and state of the incident throughout the event. Full incident reports are provided in the event of serious incidents (for example, extended outages or security events).

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £600 per person per day
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Terms and conditions
Service documents
Return to top ↑