Pogo Studio

Website Design and Development

Providing website development from a team of expert web developers. All websites designed by an in-house professional designer. Our services range from one-page brochure websites to content-managed enterprise level websites using the Umbraco content management system. We also offer custom builds and e-commerce.


  • Umbraco CMS Professional Web development for SME's and enterprises
  • Custom build to business needs with enterprise level features.
  • PogoStudio provides research services into customers needs and requirements
  • PogoStudio provides scoping session, feasibility studies,analysis, design, and consultancy
  • Custom designs, wireframes and Adobe InDesign prototypes and MVP
  • Pogo Studio is Umbraco registered company and Umbraco certified developers
  • Microsoft .NET web applications. Microsoft Certified Professional staff
  • Microsoft .NET service communication applications and data access
  • Shopify and Umbraco E-commerce development and intergration
  • Ongoing support and maintenance SLA's contracts. Online service desk.


  • Powerful, flexible and easy to use content management system Umbraco
  • Increased outreach and visibility to clients at all times
  • Improved digital presence by increasing customer engagement
  • Umbraco API's allows real-time integration into other software products
  • Hghly tailored content according to a customers preferences.
  • Content-manage website in real-time from multiple devices using Umbraco
  • Helps build stronger brand and increase brand awareness
  • Sell directly and instantly to customers with powerful e-commerce features
  • Umbraco can be used for websites, intranets, extranets and portals
  • Umbraco manages both website content and mobile content


£300 to £850 per person per day

Service documents


G-Cloud 11

Service ID

8 7 8 7 6 8 7 3 1 7 8 8 0 6 9


Pogo Studio

Jack Francis



Service scope

Software add-on or extension
Cloud deployment model
Hybrid cloud
Service constraints
System requirements

User support

Email or online ticketing support
Yes, at extra cost
Support response times
We provide email and telephone support as well as support via an online portal. Support hours are between 9am - 5.30pm Monday to Friday.
We will seek to respond to the customers issue, by way of an acknowledgement, within the following timescale:

High priority: Response time 2 hours
Medium priority: 4 hours
Low priority: 24 hours

Assessment & Resolution

Assessment of what is needed to rectify each item within the following times of its initial response to the customer:

High priority: Assessment time 12 hours
Medium priority: 36 hours
Low priority : 72 hours
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
We provide support on a contractual basis. Our minimum charge is £75 per hour of support charged. Clients can take out a contract on a monthly rolling period or a fixed term. This support contract provides the client with a dedicated Account Manager who will be your point of contact.

Response times:

High priority: 2 hours
Medium priority: 4 hours
Low priority: 24 hours

Priority of issues: the following definitions of priority will be used:
High Priority (Significant business impact)
Definition – the overall application has failed leading to it becoming unavailable or non-performant to all or most users.

Medium Priority (Moderate business impact)
Definition – the overall application is usable and performant, but the ability to use or operate one or more core components is compromised, and this is impacting on multiple users.

Low Priority (Limited business impact)
Definition – the problem or request does not significantly impact operations for most users. The application is usable, but some features (not critical to operations) are unavailable or not performant.

We will provide the relevant staff member to support your app. We also allow you to use your support time for standard development such as updates to your app application.
Support available to third parties

Onboarding and offboarding

Getting started
We provide onsite training to use the content management system on any website that we build. We also provide a training manual at the request of the client.
Service documentation
Documentation formats
End-of-contract data extraction
Pogo Studio store all data securely within a SQL Server database in Microsoft Azure. At the end of the contract, Pogo Studio delete any personal data and clients always have access to the data on their website/application and are free to remove the data from it when they wish.
End-of-contract process
Our contracts are fixed-cost, which means both parties agree what will be developed before the project begins. Any changes will require an additional cost and require written confirmation. Hosting is a monthly charge on top of the project fee.

A support and maintenance contract is an optional addition to the project cost.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices
Differences between the mobile and desktop service
Websites and web applications are built to be responsive for mobile. Features will remain the same across devices but views will be adapted to fit the various screen sizes.
Service interface
Customisation available
Description of customisation
We define customisation to mean the customisation of the content of the website after it has been built. This can be done via Umbraco.

We offer content managed progressive websites using Umbraco. Umbraco is a popular content management system that enables users to update the content on their website quickly and easily. Umbraco can be configured to allow a large number of customisation tools that would include adding and editing page contents and layouts, themes, and giving access to additional users. This would all be achieved via a dedicated back office that is designed to be as intuitive as possible. Users with administration rights are able to set up other users and set the level of control they have over customisations


Independence of resources
Our database and hosting platforms are designed to scale with demand. This ensures that they are not overloaded and the service will not be impacted.


Service usage metrics
Metrics types
We can provide website analytics data using two different services. Google Analytics which provides useful data around metrics such as the number of visitors in a time period, where they originated from, operating system used, pages viewed etc.

We can also provide Hotjar analytics, which is more concerned with the journey visitors take when using your site. This service provides heatmaps, conversion funnels and videos of your users actions as they navigate the website. These analytics enable you to see how real users are using the website and what issues they encounter.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users can export their data from the content management system using a CSV export.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
See Microsoft's Online Service Terms at http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=13655
Approach to resilience
Please see https://www.microsoft.com/en-us/cloud-platform/global-datacenters and https://www.microsoft.com/en-us/TrustCenter/
Outage reporting
Please see https://azure.microsoft.com/en-us/status/ and https://portal.azure.com/#blade/HubsExtension/ServicesHealthBlade

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Management portals and support channels are managed behind a user authentication login.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
CSA CCM version 3.0
Information security policies and processes
An Information Security Management Program has been established to enable Microsoft Azure to maintain and improve its management system for information security. Through establishment of the ISMS, Azure plans for and manages protection of its assets to acceptable security levels based on defined risk management processes. In addition, Azure monitors the ISMS and the effectiveness of controls in maintaining the confidentiality, integrity and availability of assets to continuously improve information security.

The ISMS framework encompasses industry best-practices for information security and privacy. The ISMS has been documented and communicated in a customer-facing Information Security Policy, which can be made available upon request (customers and prospective customers must have a signed NDA or equivalent in place to receive a copy).

Microsoft Azure performs annual ISMS reviews, the results of which are reviewed by management. This involves monitoring ongoing effectiveness and improvement of the ISMS control environment by reviewing security issues, audit results, and monitoring status, and by planning and tracking necessary corrective actions.
Also see https://www.microsoft.com/en-us/TrustCenter/Compliance/ISO-IEC-27001 and The Microsoft Cloud Security Policy is available via the Service Trust Platform aka.ms/stp

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Details of project requirements are outlined in a Statement of Work prior to work commencing. Any change requests that deviate from the requirements in the Statement of Work require written confirmation that is signed between both parties. All requested changes must be vetted by the Technical Lead on the project before being approved.
Vulnerability management type
Vulnerability management approach
Senior members of staff must be aware of any IT vulnerabilities in our projects. It is the job of the Technical Lead to assess what needs to be done if any vulnerabilities are discovered. We give all vulnerabilities the highest priority and aim to fix the issue as soon as possible.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Microsoft Azure employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the datacenter edge, our network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.

Proactive monitoring continuously measures the performance of key subsystems of the Microsoft Azure services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.
Incident management type
Supplier-defined controls
Incident management approach
Users can report incidents to us via telephone, email, or using our support ticketing system. We evaluate each issue and assign it a level of priority. High impact issues are given the highest level of priority, an issue is considered high impact if it has a serious detrimental impact on the operation of the software.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£300 to £850 per person per day
Discount for educational organisations
Free trial available

Service documents

Return to top ↑