TAEKNI LTD

Cloud CMS

We offer S8080 GDPR compliant cloud-hosted secure CMS platforms for handling integrations, CRM, multilingualism, integrations and workflow. Scalable CMS designed to meet the clients requirements.

Features

• CMS development, deployment and configuration
• CMS security and subsequent updates
• CMS content rollback
• Fully managed CMS cloud hosting

Benefits

• CMS PEN tested and DDOS protected
• CRM integration with back-office with single sign-on
• Full dedicated support available within 4 hours of contact

£10 a person a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

835793431907189

Contact

Tayaab Ahmed
07861617951
TA@Taekni.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No.
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are within 4 hours, regardless of the day throughout the year.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: The support we provide is validated and confined within the GDPR regulations. There are 2 different options of gaining support related to the services offered: Phone call and Online ticket / E-mail submission.; ; Phone call support is available Monday to Friday, 9:00am to 05:00pm throughout the entire year with no extra costs.; ; Online ticket submission including e-mail has a response time within 4 hours, also with no extra costs.; ; Service support is dedicated from the point of raising the issue till it is resolved.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Once the client is briefs us with the requirements of your service and a tailored service has been developed and tested, we provide a number of on-boarding methods. The first and foremost by default is the method of providing user documentation which acts as a manual. On the other hand, the client can also request for an in-person training sessions as well as online-based training for individual and/or a team.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: At the end of the contract, if clients wishes to extract their data, we can provide a secure and seamless procedure to gather all the data required while constraining to GDPR regulations. The requested data is then securely handed over or transferred as per the instructions of the client.
• End-of-contract process: There are no additional costs at the end of the contract. The contract ends when all terms agreed with the client are met and the term period has concluded.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service has been designed to adapt between desktop and mobile access without compromising any standards.
• Service interface: Yes
• Description of service interface: The service interface gives access and provides the client with ability to interactively manage and administer their work flow as well as their database. The service interface is browser-based, however, it can be customer to be customised for mobile-application use.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The default process implemented for user interface testing is conducted via Total Validator. However, if the client has specific requirements or conditions, adjustments can be made to test the service using online lab-based and/or pan-disability user testing. ; ; The test subject criteria would ensure to include all users whom utilise assistive technology in order to access computers and it's services.; ; Test users include the following individuals:; ; Deaf; Blind; Colour-blind; Vision Impairment ; Epilepsy ; Dyslexia ; Anxiety Disorder; Learning Disability ; Mobility Impairment ; Asperger's
• API: Yes
• What users can and can't do using the API: We utilise open-source content management system platforms such as Umbraco to develop the service we provide. Further detailed information on the API can be found on the link below:; ; https://our.umbraco.org/documentation/reference/
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The service is customisable through the development team. The client makes clear their requirements at the beginning of the contract and is also able to customise by requesting changes during the development process. Once the service has been launched, the client can refer back to us at any time if they require further custom changes they would like to be implemented.

Scaling

• Independence of resources: For services that we host, Amazon AWS is used to provide scaling capabilities based on demand so users aren't affected by other user's activity. This is done through auto-scaling or manual intervention based on performance alerting.

Analytics

• Service usage metrics: Yes
• Metrics types: We aim to provide the best analytics tools for our service and therefore use Google Analytics which is comprised of the follow:; ; Google Analytics,; Google Analytics 360 Suite, ; Google Optimizer,; Google Data Studio and; Google Tag Manager
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The users can access and export all data types stored within the client management system, given that their status level has clearance to access such data. However, the client itself can place a request with us and give instructions on which data they would like to access. A thorough analysis ensures that GDPR regulations are followed during the export of the requested data.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We offer guaranteed service day and night, running throughout the entire year. The support service is also offered accordingly with the service level agreement.; ; We offer discount/refund on pro-rated basis for unavailability of the service.
• Approach to resilience: Following the clients custom requirements, the service can be deployed across different regions and time zones where each site is can be designed to protect the service against network, hardware and power failures to ensure service continuity.
• Outage reporting: All service outages are reporting through the service status dashboard which is viewed and monitored by us. Any outage or disturbance with the service is handled and dealt with following the service level agreement in order to resolve all difficulties.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: To access the CMS interface, every user is provided their individual username and confidential password. To enhance the security, we also implement a 2-factor authentication for every request to gain access. ; ; This information is also used to verify the users during the provision of support.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: Taekni operates an Client Management System (CMS) as part of it's adherence to ISO27001, ISO9001 & Cyber Essentials accreditation.; ; We have individual policy documents which are reviewed and audited annually which cover the following:; ; Control of Documents & Records.; Sales Management.; Procurement and Office Management.; Internal Auditing.; Monitoring and Review: Non-conformance / Corrective and Preventative Action.; Organisation of Information Security.; Human Resource Security.; Asset Management.; Access Control.; Operations - Process Management & Control.; Physical & Environmental Security.; Operations Security.; Communications Security.; Systems Acquisition, Development & Maintenance.; Compliance.; Information Security Incident Management.; Design.; Support Procedures.; ; Each one of these policies can be provided upon request to prospective customers for review subject to NDA.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Taekni follows ITIL change management best practice. All changes are assessed for their impact and risk, and implemented through version-control configuration management. All changes are validated and assessed for service impact potential, with rollback and mediation steps determined before any such steps are undertaken.; ; All services and servers have a detailed log of activity and change control requests, which can be fine grained for the specific service and stakeholder expectation.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Taekni utilises Debian GNU/Linux LTS, with rapid patching. As soon as a vulnerability is reported and patched, systems receive those patches. The benefit of LTS is that such patching is guaranteed over a number of years without any danger of unintended version upgrades. Taekni is on the appropriate CERT lists, as well as embargoed zero-day announcement lists, so it can mediate known threats even before they have received an official patch. Taekni will specifically monitor for trends in application exploit and leverage its knowledge to provide agile solutions to such threats.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Alerting and monitoring usually includes security and anomaly detection. Security issue are immediately escalated to the senior security team, who act appropriately based on the nature of the incident, up to and including the immediate segregation or even powering-down of affected systems for further analysis.; ; A range of security analyses are undertaken including file hashing comparisons, root-kit-detection systems and full log auditing. Once the scope of the incident is understood, patching, rollback or rebuilding as appropriate is undertaken before the system restore.; ; A full RCA is produced as soon as possible, within any agreed SLA.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Taekni maintains formal incident response processes for common events. It encourages users to report incidents via the authorised ticketing system, or the support contact number.; ; Incident reports are provided once the full information and amelioration data has been collated as a document released to the agreed account-holder. Further discussions and meetings are encouraged thereupon.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £10 a person a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We can configure proof of concept/trial environments for 1-3 months subject to negotiation, these allow our customers to satisfy themselves that the environments we are recommending will be fit for purpose and meet their business requirements before contract commitments. All features are included.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF