Pogo Studio

Website Design and Development

Providing website development from a team of expert web developers. All websites designed by an in-house professional designer. Our services range from one-page brochure websites to content-managed enterprise level websites using the Umbraco content management system. We also offer custom builds and e-commerce.


  • Umbraco CMS Professional Web development for SME's and enterprises
  • Custom build to business needs with enterprise level features.
  • PogoStudio provides research services into customers needs and requirements
  • PogoStudio provides scoping session, feasibility studies,analysis, design, and consultancy
  • Custom designs, wireframes and Adobe InDesign prototypes and MVP
  • Pogo Studio is Umbraco registered company and Umbraco certified developers
  • Microsoft .NET web applications. Microsoft Certified Professional staff
  • Microsoft .NET service communication applications and data access
  • Shopify and Umbraco E-commerce development and intergration
  • Ongoing support and maintenance SLA's contracts. Online service desk.


  • Powerful, flexible and easy to use content management system Umbraco
  • Increased outreach and visibility to clients at all times
  • Improved digital presence by increasing customer engagement
  • Umbraco API's allows real-time integration into other software products
  • Hghly tailored content according to a customers preferences.
  • Content-manage website in real-time from multiple devices using Umbraco
  • Helps build stronger brand and increase brand awareness
  • Sell directly and instantly to customers with powerful e-commerce features
  • Umbraco can be used for websites, intranets, extranets and portals
  • Umbraco manages both website content and mobile content


£300 to £850 per person per day

Service documents

G-Cloud 11


Pogo Studio

Jack Francis



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints None
System requirements None

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times We provide email and telephone support as well as support via an online portal. Support hours are between 9am - 5.30pm Monday to Friday.
We will seek to respond to the customers issue, by way of an acknowledgement, within the following timescale:

High priority: Response time 2 hours
Medium priority: 4 hours
Low priority: 24 hours

Assessment & Resolution

Assessment of what is needed to rectify each item within the following times of its initial response to the customer:

High priority: Assessment time 12 hours
Medium priority: 36 hours
Low priority : 72 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 A
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels We provide support on a contractual basis. Our minimum charge is £75 per hour of support charged. Clients can take out a contract on a monthly rolling period or a fixed term. This support contract provides the client with a dedicated Account Manager who will be your point of contact.

Response times:

High priority: 2 hours
Medium priority: 4 hours
Low priority: 24 hours

Priority of issues: the following definitions of priority will be used:
High Priority (Significant business impact)
Definition – the overall application has failed leading to it becoming unavailable or non-performant to all or most users.

Medium Priority (Moderate business impact)
Definition – the overall application is usable and performant, but the ability to use or operate one or more core components is compromised, and this is impacting on multiple users.

Low Priority (Limited business impact)
Definition – the problem or request does not significantly impact operations for most users. The application is usable, but some features (not critical to operations) are unavailable or not performant.

We will provide the relevant staff member to support your app. We also allow you to use your support time for standard development such as updates to your app application.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite training to use the content management system on any website that we build. We also provide a training manual at the request of the client.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Pogo Studio store all data securely within a SQL Server database in Microsoft Azure. At the end of the contract, Pogo Studio delete any personal data and clients always have access to the data on their website/application and are free to remove the data from it when they wish.
End-of-contract process Our contracts are fixed-cost, which means both parties agree what will be developed before the project begins. Any changes will require an additional cost and require written confirmation. Hosting is a monthly charge on top of the project fee.

A support and maintenance contract is an optional addition to the project cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Websites and web applications are built to be responsive for mobile. Features will remain the same across devices but views will be adapted to fit the various screen sizes.
Service interface No
Customisation available Yes
Description of customisation We define customisation to mean the customisation of the content of the website after it has been built. This can be done via Umbraco.

We offer content managed progressive websites using Umbraco. Umbraco is a popular content management system that enables users to update the content on their website quickly and easily. Umbraco can be configured to allow a large number of customisation tools that would include adding and editing page contents and layouts, themes, and giving access to additional users. This would all be achieved via a dedicated back office that is designed to be as intuitive as possible. Users with administration rights are able to set up other users and set the level of control they have over customisations


Independence of resources Our database and hosting platforms are designed to scale with demand. This ensures that they are not overloaded and the service will not be impacted.


Service usage metrics Yes
Metrics types We can provide website analytics data using two different services. Google Analytics which provides useful data around metrics such as the number of visitors in a time period, where they originated from, operating system used, pages viewed etc.

We can also provide Hotjar analytics, which is more concerned with the journey visitors take when using your site. This service provides heatmaps, conversion funnels and videos of your users actions as they navigate the website. These analytics enable you to see how real users are using the website and what issues they encounter.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users can export their data from the content management system using a CSV export.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability See Microsoft's Online Service Terms at http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=13655
Approach to resilience Please see https://www.microsoft.com/en-us/cloud-platform/global-datacenters and https://www.microsoft.com/en-us/TrustCenter/
Outage reporting Please see https://azure.microsoft.com/en-us/status/ and https://portal.azure.com/#blade/HubsExtension/ServicesHealthBlade

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Management portals and support channels are managed behind a user authentication login.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards CSA CCM version 3.0
Information security policies and processes An Information Security Management Program has been established to enable Microsoft Azure to maintain and improve its management system for information security. Through establishment of the ISMS, Azure plans for and manages protection of its assets to acceptable security levels based on defined risk management processes. In addition, Azure monitors the ISMS and the effectiveness of controls in maintaining the confidentiality, integrity and availability of assets to continuously improve information security.

The ISMS framework encompasses industry best-practices for information security and privacy. The ISMS has been documented and communicated in a customer-facing Information Security Policy, which can be made available upon request (customers and prospective customers must have a signed NDA or equivalent in place to receive a copy).

Microsoft Azure performs annual ISMS reviews, the results of which are reviewed by management. This involves monitoring ongoing effectiveness and improvement of the ISMS control environment by reviewing security issues, audit results, and monitoring status, and by planning and tracking necessary corrective actions.
Also see https://www.microsoft.com/en-us/TrustCenter/Compliance/ISO-IEC-27001 and The Microsoft Cloud Security Policy is available via the Service Trust Platform aka.ms/stp

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Details of project requirements are outlined in a Statement of Work prior to work commencing. Any change requests that deviate from the requirements in the Statement of Work require written confirmation that is signed between both parties. All requested changes must be vetted by the Technical Lead on the project before being approved.
Vulnerability management type Undisclosed
Vulnerability management approach Senior members of staff must be aware of any IT vulnerabilities in our projects. It is the job of the Technical Lead to assess what needs to be done if any vulnerabilities are discovered. We give all vulnerabilities the highest priority and aim to fix the issue as soon as possible.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Microsoft Azure employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the datacenter edge, our network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.

Proactive monitoring continuously measures the performance of key subsystems of the Microsoft Azure services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.
Incident management type Supplier-defined controls
Incident management approach Users can report incidents to us via telephone, email, or using our support ticketing system. We evaluate each issue and assign it a level of priority. High impact issues are given the highest level of priority, an issue is considered high impact if it has a serious detrimental impact on the operation of the software.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £300 to £850 per person per day
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑