Spindogs Ltd

Umbraco content management system

Development of Umbraco content management system mobile optimised, accessible websites. Spindogs' Umbraco CMS platform provides bespoke templates for content editors. GDPR compliant Umbraco CMS forms and tagging are out-of-the-box. Umbraco CMS offers version control, integrations, SSO, and multilingualism. Umbraco content management system is open-source, user friendly, and fully customisable.

Features

  • Provision of Umbraco CMS development and consultancy
  • Umbraco CMS has powerful search functions
  • Mobile optimised Umbraco CMS templates
  • Umbraco CMS multilingual capabilities and is Welsh Language Standards compliant
  • Umbraco CMS version control
  • Umbraco CMS onboarding and upgrades
  • Ongoing support of Umbraco CMS websites
  • Development of accessibility standards compliant Umbraco CMS websites
  • Umbraco CMS secure managed EEA & UK cloud hosting
  • In-house Umbraco CMS certified development team and Umbraco MVP developer

Benefits

  • Umbraco CMS has no license fees as it's open source
  • Umbraco CMS's robust, intuitive content tree for content editors
  • Umbraco CMS is fully customisable for your organisation
  • Umbraco CMS can be made WCAG 2.1 AAA
  • Cyber Essentials certified Umbraco CMS agency
  • UK based Umbraco CMS developers and agency
  • Umbraco CMS gold partner agency
  • Umbraco CMS supports varying access and control levels
  • Umbraco CMS allows for flexible content development
  • Umbraco CMS azure cloud hosting is ISO27001 compliant

Pricing

£500 to £750 a person a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lgiles@spindogs.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 6 5 4 8 6 1 4 6 8 8 7 9 2 9

Contact

Spindogs Ltd Liam Giles
Telephone: 02920480720
Email: lgiles@spindogs.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
For any onboarding of existing Umbraco CMS websites not built by our Umbraco agency, we will need to undergo a review of your source code in order to confirm we can support and build upon this.
System requirements
None

User support

Email or online ticketing support
Yes, at extra cost
Support response times
 Phone Calls answered within 22 seconds 90%  Answer Phone messages given update within 90 minutes 90%  Emails sent to support@spindogs.com given update within 120 minutes 90% Weekends are considered out of hours and have different response times. Out of hours services come at a separate cost to a standard support package.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Support is available 9-5.30 Mon-Fri and charged in 15 minute increments. All bugs are fixed free of charge as long as there is a support contract in place. Support bundles are available to be purchased in hourly increments. Hosting is monitored 24/7/365 using Azure alerting and external uptime.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
As part of any web project, whether we have built the site using Umbraco CMS, Wordpress CMS or Kentico CMS, we provide a content management training session for any members of your organisation that will be responsible for content management and editing. This can be held in our offices, at your site, or online. Additionally, as Umbraco CMS is a widely used platform there is a vast amount of documentation online.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
Video Walkthroughs
End-of-contract data extraction
Users inform our support team (or account manager if relevant) that they will no longer be continuing with our service provision. On being informed of this, after any notice period has passed, the support and development teams can arrange: the transfer of source code, transfer of website content/database, deletion of your data post completion of transfer, co-hosting overlap, freeze on development and freeze on content.
End-of-contract process
If we have arranged hosting for you, you can continue with the existing hosting provision or move your hosting to an alternative solution. We will arrange: the transfer of source code, transfer of website content/database, deletion of your data post completion of transfer, co-hosting overlap, freeze on development and freeze on content.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Umbraco CMS websites are optimised for all mobile, tablet and desktop devices. Umbraco CMS has the ability to view your pages in the screen ratios for different devices so a CMS user can always know what their page will look like on their website.
Service interface
Yes
Description of service interface
Umbraco CMS service administration screens are browser based and can be customised almost without limit.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
In order to ensure that the site is technically suitable for every user, we work to strict accessibility standards as a given. Accessibility is not only a legal requirement but an important part of our design and development culture as an organisation and as such we adhere to W3C AA standards. Our designers are trained how to check colour contrasts and our developers ensure that our code ticks all the technical requirements. We develop all our websites to meet single A requirements as a minimum. We can absolutely develop your new site to AA standards or AAA as we have done so for many clients in our 15 year history. As part of our project process we do a technical accessibility check e.g. semantic markup, colour contrasts. We are very familiar with accessibility plugins such as browsealoud and have a strong relationship with Shaw Trust, with whom we can outsource accessibility testing if necessary. AA sites we’ve developed: • https://www.digitalcommunities.gov.wales/ • https://www.welshgymnastics.org/ • https://www.bcs.org/ Some examples of sites we have made accessible are: • https://www.bronafon.org.uk/ - uses browsealoud • https://www.traveline.cymru/ - uses contrasts, text size change, and browsealoud • https://www.disabilitysportwales.com/ - uses contrasts and text size change
API
Yes
What users can and can't do using the API
Umbraco CMS is capable of integrating with numerous open-source API's. Full details can be found at https://our.umbraco.org/documentation/reference/
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The CMS's public-facing front end and administration screens can be customised almost without limit. Depending on your CMS implementation, customisation can be achieved through: • CMS software settings • Coding using HTML and CSS (and CMS dependent configurations) • Modules and Plug-ins CMS software settings customisation would need to be undertaken by a trained user. Coding and module customisation would need to be undertaken by competent web developer familiar with the CMS platform.

Scaling

Independence of resources
For all of our projects we work to an agreed project schedule which is outlined in the project plan with key milestones and quality reviews identified. We also ensure that our project plan has a sensible amount time allocated transparently to contingency, so that if one element slightly overruns it does not immediately push back the completion date. Where project pressure points arise, the Spindogs project manager will bring in additional Spindogs resource into our project team to ensure increased operational output. Additionally, Hosting is provided independently for each client.

Analytics

Service usage metrics
Yes
Metrics types
We use: • Google Analytics 360 Suite • Google Analytics • Google Tag Manager • Google Optimize • Google Data Studio We can also provide custom dashboards for your organisation.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
Back ups are encrypted
Data sanitisation process
No
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Dependent on what data is required, we can provide backups/exports as part of support or include an automated export as part of the site functionality.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF
  • JSON
  • XML
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • PDF
  • JSON
  • XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.95% uptime for sites hosted on Azure
Approach to resilience
Available on request
Outage reporting
Email alerts sent to designated contacts.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
We set roles/permission levels for access
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Security Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials
Information security policies and processes
We have developed a set of policies and standard operating procedures covering various aspects of Information security: • Information Security Policy • Hosting procedures & checks • Business Continuity • Solution Monitoring and Support • Project Quality Management • Risk Assessment • Risk Management Policy • Customer Complaints process • Data protection (GDPR) Policy • Project Delivery process • Social Media Policy • Cyber Essentials certification We have defined roles and responsibilities for information security, with overall responsibility being held by a Director.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We use internal systems to manage change throughout a project life cycle. This shows a clear line of accountability and allows us to "track and trace" the impact of amendments to original requirements. Changes are notified to relevant stakeholders automatically (where possible) via emails/IM to ensure all parties are up to date.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We monitor blogs and security announcements of the platforms we support (Umbraco, Wordpress, Kentico and Sitecore). Any critical / security vulnerabilities are assessed immediately and deployed if applicable. Timescales for deployment are dependent on the risk, with exploitable security issues taking highest priority. Our automated deployment processes ensures we can get patches onto live sites within hours or even minutes of any disclosure, if appropriate. We would always encourage clients to perform an independent penetration test of our solutions.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We set up external uptime monitoring of sites we host to ensure that they are working as expected. In addition alerts for excessive CPU/memory/high response times are configured – any anomalies are investigated to ensure there has been no system compromise. Notifications are emailed to a group email address immediately and the support team will investigate if required.
Incident management type
Supplier-defined controls
Incident management approach
We categorise an incident in 5 levels: critical, urgent, priority, bug and support. Each level has differing response times and methods of reporting. Critical incidents must be reported over the phone, any other incident category can be reported over the phone or via email. Details of our SLA can be found in our Service definition document. Incident reports can be received on request from our support team.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£500 to £750 a person a day
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lgiles@spindogs.com. Tell them what format you need. It will help if you say what assistive technology you use.