Melt Content Ltd

WordPress Content Management System (CMS)

We provide a bespoke WordPress web development service that includes the strategic planning, research, design, and build of websites/applications delivered in the cloud.

Features

  • Specialist WordPress design, development, SEO and content teams.
  • Stakeholder led research and design process.
  • Responsive web sites that work across a range of devices.
  • Bespoke, original designs.
  • Tailored application setup / configurations as needed.
  • WordPress multi-lingual setup.
  • WordPress integrations with third party APIs.
  • CMS training included as part of delivery.
  • Scalable application for any size websites.
  • Support for a range of analytics tools.

Benefits

  • Design process ensures you meet the needs of your stakeholders.
  • Avoid website management hassle with a user-friendly CMS.
  • Stable/secure platform minimising disruption for you and your users.
  • SEO/content experts ensure your site is findable/navigable.
  • Analytics to track performance and identify areas for improvement.
  • Unique designs reflecting your values, style and objectives.
  • Develop in house or with third parties. No lock-ins.
  • Cost effective, on time delivery that meets your stakeholder requirements.
  • Experienced and knowledgeable provider.

Pricing

£875 per unit per day

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

8 7 4 5 4 8 2 2 2 7 9 0 1 1 0

Contact

Melt Content Ltd

Sarah Campbell

0203 735 5070

gcloud@meltcontent.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints All services need to work within the Amazon Web Services infrastructure.
System requirements
  • Database
  • PHP

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We aim to respond immediately for critical issues and within 24 hours for minor issues.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Critical: The Supported Website is inoperable or a core function of the Supported Website is unavailable;

Serious: A core function of the Supported Website is significantly impaired;

Moderate: A core function of the Supported Website is impaired, where the impairment does not constitute a serious issue; or a non-core function of the Supported Website is significantly impaired;

Minor: Any impairment of the Supported Website not falling into the above categories; and any cosmetic issue affecting the Supported Website; the addition of content to the Supported Website; and any minor layout or design changes to the Supported Website.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Training can provided according to the buyers needs - onsite or online.

User documentation can be provided on request.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction We set up a secure FTP for buyers to extract their data as needed.

The FTP is deleted once the data has been transferred.
End-of-contract process All specified development and hosting is provided in the price of the contract.

Additional costs may be charged for the transfer of data to another host/third party. This will be dependent on the size and effort required to transfer.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All builds a re responsive so the service can work on most devices.
Service interface No
API No
Customisation available Yes
Description of customisation Buyers can apply different skins/styles.

Widgets/plug ins can be added or removed at a page level.

Users can cusomise, edit and add content and page layouts.

Developers would need to apply styles and add widgets/plug ins.

Scaling

Scaling
Independence of resources All clients are supported in their own dedicated environments, servers and databases. No instances are shared between clients.

Analytics

Analytics
Service usage metrics Yes
Metrics types Web analytics - User journeys, specific goals and targets etc.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users would export data via secure FTP.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • ZIP
  • TAR
  • RAR
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • ZIP
  • TAR
  • RAR

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We offer 99.9% uptime on any servers or websites we maintain.
Approach to resilience Available on request.
Outage reporting Outage alerts are reported via email alerts and phone.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Depending on the client we will typically assign user IDs to individuals, lock down IP addresess and provide restricted and time limited access to data and documentation for download or upload via a secure FTP.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach 1. Cross company security audits and reviews.
2. Team training and updates as and when required.
3. Measurement and monitoring of all identified security risks.
4. Regular reviews at board level of our Information Security Policy.
Information security policies and processes We maintain a written Information Security Policy which acts as reference guide for all aspects of the organisation's information security.

Consisting of 14 seperate policies it details do's and don'ts of managing information and outlines procedures for when the policy is breached.

The ISP is regularly reviewed at board level and any recommended changes approved and implemented.

We also have an Information Security Officer who is responsible for implementing the organisations ISP.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes to our websites are audited and tested prior to deployment.

Change requests are logged and their status tracked and updated on an "as and when" basis.
Vulnerability management type Undisclosed
Vulnerability management approach We monitor our services and relevant channels (WordPress, Ubuntu etc) for threat alerts.

We deploy critical updates as soon as we are confident that the patch doesn't impact on systems.
Protective monitoring type Undisclosed
Protective monitoring approach - Monitoring services for anomalies.

- Response depends on the severity of the issue. If it is critical or severe we will respond immediately (e.g. bot attack). If it was minor we would respond within the agreed SLA timeframe.

- Response time is dictated by the severity of the issue and ranges from immediately for critical/severe issues to 48 hours for minor issues.
Incident management type Undisclosed
Incident management approach As per our Information Security Policy we have pre-defined processes for events.

Users can report incidents via the phone or email.

We can provide incident reports in any format agreed with the client. These are typically provided as written reports detailing the issue, remedial action taken and updates to our processes where required.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £875 per unit per day
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑