Createful Ltd

Website design & build: WordPress

We specialise in the design and development, support and maintenance of bespoke WordPress CMS driven websites. Our user centric approach allows our dedicated, in-house team to work closely with you to rapidly design, develop and deliver on time and within budget. All work undertaken from our studio in Bournemouth, Dorset.

Features

  • Marketing & brochure websites
  • Multilingual websites
  • Responsive & mobile optimised websites
  • E-commerce websites
  • Bespoke integration websites
  • Bespoke web applications
  • Interactive, experiential and campaign based websites
  • Open-source content management system driven & fully bespoke websites

Benefits

  • User centred design process
  • Robust agile development process
  • High performance, robust, secure and scalable solutions
  • Rigorous testing and quality assurance process
  • On-going automated monitoring, analytics & proactive support & maintenance
  • Open source technology supported by worldwide development communities

Pricing

£650 to £750 per person per day

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

8 5 9 5 3 6 5 8 9 9 0 0 2 4 1

Contact

Createful Ltd

Kriss Bennett

+441202551667

government@createful.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Requires a hosting, support and maintenance agreement for a minimum of one year.
System requirements
LEMP stack VPS server

User support

Email or online ticketing support
Email or online ticketing
Support response times
Mon-Fri (excl. Bank Holidays), triage within 1 hour.
Weekends & out of hours, dependant on individual client support package.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support packages are tailored to the requirements of each individual client project.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We can provide in-depth training to help our clients use the service. This can be done on-site or remotely, backed up with supporting documentation.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Full backup of all source files and databases.
End-of-contract process
At the end of contract, if not renewed and the existing site is to be retained, the buyer will need to cover the full cost of migration. This is something we can offer as a service, or can be an activity carried out by the new supplier.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Almost none - WordPress can be fully managed via the backed admin interface via a mobile phone or tablet device, an the front end themes are designed in such a way as to make them equally accessible.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Every solution we deliver is unique to our clients' needs.

Scaling

Independence of resources
Every website is deployed on client-specific, dedicated VPS servers.

Analytics

Service usage metrics
Yes
Metrics types
Google Analytics
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
CMS administrators can export site data in XML format from the WordPress admin interface.
Data export formats
Other
Other data export formats
XML
Data import formats
Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The Amazon AWS servers we use have a guaranteed Monthly Uptime Percentage (https://aws.amazon.com/ec2/sla/).
Approach to resilience
Available on request.
Outage reporting
Email alerts.

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
This is dependant upon client requirements, but typically a website is publicly available. Any administration areas are restricted by IP address to only authorised known list.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Description of management access authentication
Plus IP restricted access through Firewall configurations

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials
Information security policies and processes
Details contained within our Information Security Policy and is available upon request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Details contained within our Change Management Policy and is available upon request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Details contained within our Vulnerability Management Policy and is available upon request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Details contained within our Vulnerability Management Policy and is available upon request.
Incident management type
Supplier-defined controls
Incident management approach
Details contained within our Support Management Policy and is available upon request.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£650 to £750 per person per day
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑