G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Melt Content Ltd are still valid.
Melt Content Ltd

WordPress Content Management System (CMS)

We provide a bespoke WordPress web development service that includes the strategic planning, research, design, and build of websites/applications delivered in the cloud.

Features

  • Specialist WordPress design, development, SEO and content teams.
  • Stakeholder led research and design process.
  • Responsive web sites that work across a range of devices.
  • Bespoke, original designs.
  • Tailored application setup / configurations as needed.
  • WordPress multi-lingual setup.
  • WordPress integrations with third party APIs.
  • CMS training included as part of delivery.
  • Scalable application for any size websites.
  • Support for a range of analytics tools.

Benefits

  • Design process ensures you meet the needs of your stakeholders.
  • Avoid website management hassle with a user-friendly CMS.
  • Stable/secure platform minimising disruption for you and your users.
  • SEO/content experts ensure your site is findable/navigable.
  • Analytics to track performance and identify areas for improvement.
  • Unique designs reflecting your values, style and objectives.
  • Develop in house or with third parties. No lock-ins.
  • Cost effective, on time delivery that meets your stakeholder requirements.
  • Experienced and knowledgeable provider.

Pricing

£875 a unit a day

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@meltcontent.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

8 7 4 5 4 8 2 2 2 7 9 0 1 1 0

Contact

Melt Content Ltd Sarah Campbell
Telephone: 0203 735 5070
Email: gcloud@meltcontent.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
All services need to work within the Amazon Web Services infrastructure.
System requirements
  • Database
  • PHP

User support

Email or online ticketing support
Email or online ticketing
Support response times
We aim to respond immediately for critical issues and within 24 hours for minor issues.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Critical: The Supported Website is inoperable or a core function of the Supported Website is unavailable;

Serious: A core function of the Supported Website is significantly impaired;

Moderate: A core function of the Supported Website is impaired, where the impairment does not constitute a serious issue; or a non-core function of the Supported Website is significantly impaired;

Minor: Any impairment of the Supported Website not falling into the above categories; and any cosmetic issue affecting the Supported Website; the addition of content to the Supported Website; and any minor layout or design changes to the Supported Website.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Training can provided according to the buyers needs - onsite or online.

User documentation can be provided on request.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
We set up a secure FTP for buyers to extract their data as needed.

The FTP is deleted once the data has been transferred.
End-of-contract process
All specified development and hosting is provided in the price of the contract.

Additional costs may be charged for the transfer of data to another host/third party. This will be dependent on the size and effort required to transfer.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
All builds a re responsive so the service can work on most devices.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Buyers can apply different skins/styles.

Widgets/plug ins can be added or removed at a page level.

Users can cusomise, edit and add content and page layouts.

Developers would need to apply styles and add widgets/plug ins.

Scaling

Independence of resources
All clients are supported in their own dedicated environments, servers and databases. No instances are shared between clients.

Analytics

Service usage metrics
Yes
Metrics types
Web analytics - User journeys, specific goals and targets etc.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users would export data via secure FTP.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • ZIP
  • TAR
  • RAR
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • ZIP
  • TAR
  • RAR

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We offer 99.9% uptime on any servers or websites we maintain.
Approach to resilience
Available on request.
Outage reporting
Outage alerts are reported via email alerts and phone.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Depending on the client we will typically assign user IDs to individuals, lock down IP addresess and provide restricted and time limited access to data and documentation for download or upload via a secure FTP.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
1. Cross company security audits and reviews.
2. Team training and updates as and when required.
3. Measurement and monitoring of all identified security risks.
4. Regular reviews at board level of our Information Security Policy.
Information security policies and processes
We maintain a written Information Security Policy which acts as reference guide for all aspects of the organisation's information security.

Consisting of 14 seperate policies it details do's and don'ts of managing information and outlines procedures for when the policy is breached.

The ISP is regularly reviewed at board level and any recommended changes approved and implemented.

We also have an Information Security Officer who is responsible for implementing the organisations ISP.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes to our websites are audited and tested prior to deployment.

Change requests are logged and their status tracked and updated on an "as and when" basis.
Vulnerability management type
Undisclosed
Vulnerability management approach
We monitor our services and relevant channels (WordPress, Ubuntu etc) for threat alerts.

We deploy critical updates as soon as we are confident that the patch doesn't impact on systems.
Protective monitoring type
Undisclosed
Protective monitoring approach
- Monitoring services for anomalies.

- Response depends on the severity of the issue. If it is critical or severe we will respond immediately (e.g. bot attack). If it was minor we would respond within the agreed SLA timeframe.

- Response time is dictated by the severity of the issue and ranges from immediately for critical/severe issues to 48 hours for minor issues.
Incident management type
Undisclosed
Incident management approach
As per our Information Security Policy we have pre-defined processes for events.

Users can report incidents via the phone or email.

We can provide incident reports in any format agreed with the client. These are typically provided as written reports detailing the issue, remedial action taken and updates to our processes where required.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£875 a unit a day
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@meltcontent.com. Tell them what format you need. It will help if you say what assistive technology you use.