TAEKNI LTD

Cloud CMS

We offer S8080 GDPR compliant cloud-hosted secure CMS platforms for handling integrations, CRM, multilingualism, integrations and workflow. Scalable CMS designed to meet the clients requirements.

Features

  • CMS development, deployment and configuration
  • CMS security and subsequent updates
  • CMS content rollback
  • Fully managed CMS cloud hosting

Benefits

  • CMS PEN tested and DDOS protected
  • CRM integration with back-office with single sign-on
  • Full dedicated support available within 4 hours of contact

Pricing

£10 a person a month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 12

Service ID

8 3 5 7 9 3 4 3 1 9 0 7 1 8 9

Contact

TAEKNI LTD Tayaab Ahmed
Telephone: 07861617951
Email: TA@Taekni.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
No.
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times are within 4 hours, regardless of the day throughout the year.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
The support we provide is validated and confined within the GDPR regulations. There are 2 different options of gaining support related to the services offered: Phone call and Online ticket / E-mail submission.

Phone call support is available Monday to Friday, 9:00am to 05:00pm throughout the entire year with no extra costs.

Online ticket submission including e-mail has a response time within 4 hours, also with no extra costs.

Service support is dedicated from the point of raising the issue till it is resolved.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Once the client is briefs us with the requirements of your service and a tailored service has been developed and tested, we provide a number of on-boarding methods. The first and foremost by default is the method of providing user documentation which acts as a manual. On the other hand, the client can also request for an in-person training sessions as well as online-based training for individual and/or a team.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
At the end of the contract, if clients wishes to extract their data, we can provide a secure and seamless procedure to gather all the data required while constraining to GDPR regulations. The requested data is then securely handed over or transferred as per the instructions of the client.
End-of-contract process
There are no additional costs at the end of the contract. The contract ends when all terms agreed with the client are met and the term period has concluded.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service has been designed to adapt between desktop and mobile access without compromising any standards.
Service interface
Yes
Description of service interface
The service interface gives access and provides the client with ability to interactively manage and administer their work flow as well as their database. The service interface is browser-based, however, it can be customer to be customised for mobile-application use.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The default process implemented for user interface testing is conducted via Total Validator. However, if the client has specific requirements or conditions, adjustments can be made to test the service using online lab-based and/or pan-disability user testing.

The test subject criteria would ensure to include all users whom utilise assistive technology in order to access computers and it's services.

Test users include the following individuals:

Deaf
Blind
Colour-blind
Vision Impairment
Epilepsy
Dyslexia
Anxiety Disorder
Learning Disability
Mobility Impairment
Asperger's
API
Yes
What users can and can't do using the API
We utilise open-source content management system platforms such as Umbraco to develop the service we provide. Further detailed information on the API can be found on the link below:

https://our.umbraco.org/documentation/reference/
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The service is customisable through the development team. The client makes clear their requirements at the beginning of the contract and is also able to customise by requesting changes during the development process. Once the service has been launched, the client can refer back to us at any time if they require further custom changes they would like to be implemented.

Scaling

Independence of resources
For services that we host, Amazon AWS is used to provide scaling capabilities based on demand so users aren't affected by other user's activity. This is done through auto-scaling or manual intervention based on performance alerting.

Analytics

Service usage metrics
Yes
Metrics types
We aim to provide the best analytics tools for our service and therefore use Google Analytics which is comprised of the follow:

Google Analytics,
Google Analytics 360 Suite,
Google Optimizer,
Google Data Studio and
Google Tag Manager
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The users can access and export all data types stored within the client management system, given that their status level has clearance to access such data. However, the client itself can place a request with us and give instructions on which data they would like to access. A thorough analysis ensures that GDPR regulations are followed during the export of the requested data.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We offer guaranteed service day and night, running throughout the entire year. The support service is also offered accordingly with the service level agreement.

We offer discount/refund on pro-rated basis for unavailability of the service.
Approach to resilience
Following the clients custom requirements, the service can be deployed across different regions and time zones where each site is can be designed to protect the service against network, hardware and power failures to ensure service continuity.
Outage reporting
All service outages are reporting through the service status dashboard which is viewed and monitored by us. Any outage or disturbance with the service is handled and dealt with following the service level agreement in order to resolve all difficulties.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
To access the CMS interface, every user is provided their individual username and confidential password. To enhance the security, we also implement a 2-factor authentication for every request to gain access.

This information is also used to verify the users during the provision of support.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
Taekni operates an Client Management System (CMS) as part of it's adherence to ISO27001, ISO9001 & Cyber Essentials accreditation.

We have individual policy documents which are reviewed and audited annually which cover the following:

Control of Documents & Records.
Sales Management.
Procurement and Office Management.
Internal Auditing.
Monitoring and Review: Non-conformance / Corrective and Preventative Action.
Organisation of Information Security.
Human Resource Security.
Asset Management.
Access Control.
Operations - Process Management & Control.
Physical & Environmental Security.
Operations Security.
Communications Security.
Systems Acquisition, Development & Maintenance.
Compliance.
Information Security Incident Management.
Design.
Support Procedures.

Each one of these policies can be provided upon request to prospective customers for review subject to NDA.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Taekni follows ITIL change management best practice. All changes are assessed for their impact and risk, and implemented through version-control configuration management. All changes are validated and assessed for service impact potential, with rollback and mediation steps determined before any such steps are undertaken.

All services and servers have a detailed log of activity and change control requests, which can be fine grained for the specific service and stakeholder expectation.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Taekni utilises Debian GNU/Linux LTS, with rapid patching. As soon as a vulnerability is reported and patched, systems receive those patches. The benefit of LTS is that such patching is guaranteed over a number of years without any danger of unintended version upgrades. Taekni is on the appropriate CERT lists, as well as embargoed zero-day announcement lists, so it can mediate known threats even before they have received an official patch. Taekni will specifically monitor for trends in application exploit and leverage its knowledge to provide agile solutions to such threats.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Alerting and monitoring usually includes security and anomaly detection. Security issue are immediately escalated to the senior security team, who act appropriately based on the nature of the incident, up to and including the immediate segregation or even powering-down of affected systems for further analysis.

A range of security analyses are undertaken including file hashing comparisons, root-kit-detection systems and full log auditing. Once the scope of the incident is understood, patching, rollback or rebuilding as appropriate is undertaken before the system restore.

A full RCA is produced as soon as possible, within any agreed SLA.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Taekni maintains formal incident response processes for common events. It encourages users to report incidents via the authorised ticketing system, or the support contact number.

Incident reports are provided once the full information and amelioration data has been collated as a document released to the agreed account-holder. Further discussions and meetings are encouraged thereupon.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10 a person a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
We can configure proof of concept/trial environments for 1-3 months subject to negotiation, these allow our customers to satisfy themselves that the environments we are recommending will be fit for purpose and meet their business requirements before contract commitments. All features are included.

Service documents