Bang Communications Ltd

Drupal CMS

Bang’s Cloud Drupal service offers you all the benefits of a secure, fully managed, high performance, always available hosted Drupal solution without needing any infrastructure or technical team. You keep your content up to date and we will do the rest with a full Service Level Agreement underpinned by guarantee.

Features

  • Powerful open source web publishing platform
  • Limitless scaleability
  • Thousands of free plug-ins available
  • Organise, structure and re-use content
  • Powerful content categorisation and taxonomy
  • Easy to use content creation and editing interface
  • Great control over permissions and role based access
  • Users can work together to create great content
  • Designers have flexibility to develop attractive, usable engaging sites
  • Open interface-easy to extend and connect with social media

Benefits

  • Open source excellent value for money
  • Powerful enterprise ready CMS
  • Present your organisation in the best possible way
  • Future proof with millions of sites already using
  • Easy to use for content editors and publishers
  • Extensible without having to write more code
  • Easy to connect to your online ecosystem
  • Fast implementation and deployment
  • Secure
  • No management headaches

Pricing

£400 a instance

Service documents

Framework

G-Cloud 12

Service ID

8 0 5 4 2 4 0 1 0 7 5 5 0 1 3

Contact

Bang Communications Ltd

David Clarke

01256 370 900

david@bang-on.net

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Drupal Core
Cloud deployment model
Hybrid cloud
Service constraints
There are no specific service constraints that are not detailed in this specification.
System requirements
Internet Connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response time are agreed as part of an SLA.
Typical response time for business hours:
Severity 1 - 1 hour
Severity 2 - 4 hours
Severity 3 - 16 hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Telephone and online support channels are available during standard working hours. Additional support is available outside standard working hours at an additional cost.

Support is initially provided by a Technical Account Manager who is adirect access to further technical support if required.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Onsite and online training is available and documentation available.
Service documentation
Yes
Documentation formats
  • ODF
  • PDF
End-of-contract data extraction
You can use the Export tool to backup all of your content or move your content to a new Drupal site.
End-of-contract process
Client will be provided with copies of the database files at no additional costs.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The Drupal front use responsive style sheet and back end supports editing through mobile application. Back end editing can be enhanced through iOS and Android applications.
Service interface
Yes
Description of service interface
Web based
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
In house testing only.
API
Yes
What users can and can't do using the API
The API exposes a simple yet powerful interface to content.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Styling of the application can be applied to match brand user requirements. Additional functionality can achieved through adding modules.

Scaling

Independence of resources
Each service user will have their own dedicated service.

Analytics

Service usage metrics
Yes
Metrics types
Google Analytics as standard. PIWIK if required can be added at an additional cost
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Other
Other data at rest protection approach
Secure data centre.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
You can use the Export tool to backup all of your content or move your content to a new Drupal site.
Data export formats
  • CSV
  • Other
Other data export formats
XML
Data import formats
  • CSV
  • Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
99.99 and Service Credits
Approach to resilience
Available on request.
Outage reporting
Private dashboard and email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Username and password.
Access restriction testing frequency
At least once a year
Management access authentication
Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
This is included as part of our ISO9001 Quality Management Process and we have been 'Cyber Essentials' certified.
Information security policies and processes
Bang adopt a System’s Assurance process that builds upon our collective experience. This includes:

• Considering and managing the risks that might affect client systems
• Taking action to mitigate these risks before they become real
• Deploying hardened platforms
• Only using tested software releases
• Automatically including relevant security patches
• Eliminating unnecessary processes.
• Configuring firewalls
• Limiting access to systems
• Always using multi-factor authentication
• Implementing resilient backup and recovery procedures
• Safeguarding your data at all stages in its journey
• Ensuring our data centre providers take as much care on security as we do

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
GIT repos are used for host and config and servers are reliably deployed by Ansible. History is fully tracked and detailed security are consistently deployed.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Server software uses unattended updates from trusted channels.
Active monitoring is undertaken for module/plugin updates.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
To be agreed with user for example we use an auditing solution is based around Assuria’s Protective Monitoring Solution the Assuria Load Manager (ALM) which has been specifically designed to meet GPG13. All logs are secured and retained in their original form (allowing for Forensic Investigation) as well as being analysed and reformatted for easy investigation. ALM collects and stored log files with a verifiable chain of custody.
Incident management type
Supplier-defined controls
Incident management approach
Automatic reports will be generated and reviewed on a weekly basis. Any incident or suspected incident will be reported and managed as a security incident via our security incident process.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£400 a instance
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑