Bang Communications Ltd

Drupal CMS

Bang’s Cloud Drupal service offers you all the benefits of a secure, fully managed, high performance, always available hosted Drupal solution without needing any infrastructure or technical team. You keep your content up to date and we will do the rest with a full Service Level Agreement underpinned by guarantee.


  • Powerful open source web publishing platform
  • Limitless scaleability
  • Thousands of free plug-ins available
  • Organise, structure and re-use content
  • Powerful content categorisation and taxonomy
  • Easy to use content creation and editing interface
  • Great control over permissions and role based access
  • Users can work together to create great content
  • Designers have flexibility to develop attractive, usable engaging sites
  • Open interface-easy to extend and connect with social media


  • Open source excellent value for money
  • Powerful enterprise ready CMS
  • Present your organisation in the best possible way
  • Future proof with millions of sites already using
  • Easy to use for content editors and publishers
  • Extensible without having to write more code
  • Easy to connect to your online ecosystem
  • Fast implementation and deployment
  • Secure
  • No management headaches


£400 an instance

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

8 0 5 4 2 4 0 1 0 7 5 5 0 1 3


Bang Communications Ltd David Clarke
Telephone: 01256 370 900

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Drupal Core
Cloud deployment model
Hybrid cloud
Service constraints
There are no specific service constraints that are not detailed in this specification.
System requirements
Internet Connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response time are agreed as part of an SLA.
Typical response time for business hours:
Severity 1 - 1 hour
Severity 2 - 4 hours
Severity 3 - 16 hours
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Telephone and online support channels are available during standard working hours. Additional support is available outside standard working hours at an additional cost.

Support is initially provided by a Technical Account Manager who is adirect access to further technical support if required.
Support available to third parties

Onboarding and offboarding

Getting started
Onsite and online training is available and documentation available.
Service documentation
Documentation formats
  • ODF
  • PDF
End-of-contract data extraction
You can use the Export tool to backup all of your content or move your content to a new Drupal site.
End-of-contract process
Client will be provided with copies of the database files at no additional costs.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The Drupal front use responsive style sheet and back end supports editing through mobile application. Back end editing can be enhanced through iOS and Android applications.
Service interface
Description of service interface
Web based
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
In house testing only.
What users can and can't do using the API
The API exposes a simple yet powerful interface to content.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Styling of the application can be applied to match brand user requirements. Additional functionality can achieved through adding modules.


Independence of resources
Each service user will have their own dedicated service.


Service usage metrics
Metrics types
Google Analytics as standard. PIWIK if required can be added at an additional cost
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Other data at rest protection approach
Secure data centre.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
You can use the Export tool to backup all of your content or move your content to a new Drupal site.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
99.99 and Service Credits
Approach to resilience
Available on request.
Outage reporting
Private dashboard and email alerts.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Username and password.
Access restriction testing frequency
At least once a year
Management access authentication
Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
This is included as part of our ISO9001 Quality Management Process and we have been 'Cyber Essentials' certified.
Information security policies and processes
Bang adopt a System’s Assurance process that builds upon our collective experience. This includes:

• Considering and managing the risks that might affect client systems
• Taking action to mitigate these risks before they become real
• Deploying hardened platforms
• Only using tested software releases
• Automatically including relevant security patches
• Eliminating unnecessary processes.
• Configuring firewalls
• Limiting access to systems
• Always using multi-factor authentication
• Implementing resilient backup and recovery procedures
• Safeguarding your data at all stages in its journey
• Ensuring our data centre providers take as much care on security as we do

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
GIT repos are used for host and config and servers are reliably deployed by Ansible. History is fully tracked and detailed security are consistently deployed.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Server software uses unattended updates from trusted channels.
Active monitoring is undertaken for module/plugin updates.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
To be agreed with user for example we use an auditing solution is based around Assuria’s Protective Monitoring Solution the Assuria Load Manager (ALM) which has been specifically designed to meet GPG13. All logs are secured and retained in their original form (allowing for Forensic Investigation) as well as being analysed and reformatted for easy investigation. ALM collects and stored log files with a verifiable chain of custody.
Incident management type
Supplier-defined controls
Incident management approach
Automatic reports will be generated and reviewed on a weekly basis. Any incident or suspected incident will be reported and managed as a security incident via our security incident process.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£400 an instance
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.