Zengenti Limited

Content Management System (CMS) Contensis package for Local Government

This is a custom, local-government package for the Contensis content management system. Contensis supports any design that can be built in HTML. It’s the foundation for accessible and responsive websites, intranets, portals and channel shift systems. It’s used by local government, universities, housing associations, NHS and police services.


  • Customer experience management (CXM) and personalisation features
  • Intuitive, fully WYSIWYG editing experience, genuinely easy to use
  • Create structured content easily, re-use and publish it anywhere
  • Publish to any digital channel, mobile/responsive is standard
  • Supports content authors to prevent accessibility issues
  • Documented and supported APIs for front and back-end coding
  • Comprehensive content scheduling and lifecycle management
  • Audit trail, version control, track changes, dual-page previewing
  • Productivity features for content authors, tasks lists, reminders
  • Workflow: simple, powerful, easy to set up


  • We help you to run websites, through advice and technology
  • Website visitors can access your websites from any device
  • Benefit from maximum uptime and resilience on our cloud infrastructure
  • Easily comply with, and maintain, accessibility standards
  • Reduce costs and improve customer engagement through channel shift
  • Learn from, and share with, a thriving user community
  • Build and re-use structured content in any channel, saving time
  • Improve the governance of content with sophisticated workflow and permissions
  • Manage content in multiple languages
  • Unified platform runs your entire web estate, reducing complexity


£325 to £2805 per instance per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

8 8 6 7 2 4 2 0 5 0 0 9 3 3 8


Zengenti Limited

Adam Green

01584 824212


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Planned maintenance varies with service level chosen. Details are provided in Service Definition document.
System requirements
  • Users editing in Contensis need one of the following browsers;
  • IE11+
  • Chrome (latest)
  • Safari (latest)
  • Firefox (latest)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times All Critical tickets are responded to 24/7/365. Other levels are handled during working week only.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide a single, consistently good level of service, which is appropriate to meet the 99.99% uptime commitment in the SLA. The associated response times for support tickets are;
1. Critical Incident: these are handled 24/7/365, receipt is immediate, response is within 30 minutes and resolution within 8 hours.
2. Standard Incident: these are handled during office days and hours (8.00am to 6.00pm), receipt is within 60 minutes, response is within 4 hours and resolution within 2 working days.
3. Minor Incident: these are handled during office hours, receipt is within 4 hours, response is within 8 hours and resolution within 3 working days & prioritised.

As part of our G-Cloud service, we provide an uptime of 99.99% for all the web products you publish from Contensis. Any issue that affects this is a "Critical" and is dealt with on a 24/7/365 basis.

Support is provided within the SAAS cost. We provide support to the same high standard for each of the licence levels.

We allocate an engineer to each issue and they stay with it until resolution.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Once a call-off contract has been agreed, we will undertake all the work to provision the CMS within 48 hours. The key users will be given access to the system and to Helpdesk (ticketing), Zenhub (knowledge base) and Forum.

Zengenti will then support you in whatever way you require to get you up and running.

For example, you may have in-house development resources already. We can train your people to implement designs as templates and build and launch websites. Training can be at your premises or ours. We also offer remote training and all formats are supported by full documentation. The core documentation is public - see zenhub.zengenti.com.

Zengenti also offers a full UX-led website design and build service.

Once completed, we will handover the site in a dedicated session so your users fully understand how to take it forward.

Further details of all our services can be seen in our Cloud Services entry on the Digital Marketplace.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction We provide a standard export of all data from the CMS on request.
End-of-contract process The standard export is provided at no cost. We can provide clients who are off-boarding with bespoke exports if required, although this would be chargeable.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Service interface Yes
Description of service interface Users can access the service dashboard. This provides redirects, reverse proxies and site configuration. Redirects can be uploaded in bulk via CSV.
Accessibility standards None or don’t know
Description of accessibility Via browser.
Accessibility testing No testing has been carried out on the service dashboard.
What users can and can't do using the API Our product is architected so that our user interface and services all use the API. This means that anything that we can do in the UI you can do through code – such as, create a page or build a news subsite populated with content.

Using the Contensis Core API, you can automate processes, create tools for specific departments to contribute tailored content. Whatever your needs, the tools are there.

If you come on one of our developer training courses we will give you the knowledge and examples to create almost anything.

The system also has a plug-in architecture that allows you to extend it (e.g. add new buttons or create new reports). This offers you complete flexibility without affecting your ability to upgrade the system when necessary.

The system is written in the latest .NET framework which means that your developers can use Visual Studio to interact with the API and use Intellisense and other Microsoft features. If you are concerned about costs, you can use the free versions of Visual Studio.

Separate to the .NET API, we also have a RESTful JSon API that can be used by other languages and technologies.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The Contensis service is an entirely browser-based Web CMS. It enables you to build, publish and manage multiple websites of every variety. Anything you can achieve on the web with html can also be done in Contensis.

In a few days, users with html and css skills can learn to build websites based on templates and structured content types.

All aspects of the website can then be managed. This includes creation or amendment of pages, upload of content, media and documents, metadata and site structure control. In fact, anything that can be done in a manually built website can be managed more easily in Contensis.

Users can publish and unpublish content, can undertake content governance and reporting, and manage metadata.

Multiple websites can be supported in a Contensis instance, with unlimited microsites and URLs.

Subject to their permissions, any user can work in the CMS.


Independence of resources Each client has a separate infrastructure which is scaled to handle their own specific peaks in demand. The level of demand and hence resource would be discussed and agreed with you at the outset.


Service usage metrics Yes
Metrics types We provide uptime reports, and reports on service desk performance.

Users have a dashboard available that summarises the current state of the service.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach We provide a complete export of all content held in the CMS. This would be used primarily for migration to another CMS.

Contensis has an advanced CMS search in the interface. It supports building up Boolean search phrases for searching and filtering by;
· Content type
· Content language
· Author
· File size
· Expiry date
· Review date
· Date created
· Date modified
· Date first published
· Date last published
· Filename
· Tags
· Title
· Synchronised content
· Last workflow
· Status
· Metadata
All items can be exported as a CSV.
Data export formats
  • CSV
  • Other
Other data export formats XML
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Our G-Cloud services have an uptime of 99.99% for the published websites, measured on a monthly basis. This includes planned maintenance.

Service credits are calculated on the basis of the difference between actual and SLA availability:

service credits = (100 - a) x b
a = the actual percentage availability of the Platform during the relevant calendar month; and
b = the Charges payable in respect of access to the Platform during the relevant calendar month (exclusive of VAT and other taxes).
Approach to resilience The service operates from multiple Tier-3 datacentres in separate geographical regions.
Each datacentre has separate electricity substations. Dual power cables run to each item of equipment. There are also back-up generators.
All infrastructure is virtualised. An individual logical server, e.g. a CMS server, has an average of 3 physical servers underlying it.
All equipment is monitored, and can be host swapped and remotely managed.
All key services are duplicated, including firewalls, routers and internet connections.
Outage reporting Since we meet or exceed the 99.99% uptime, outages of the Contensis cloud service are rare. If they do occur, they typically involve a single client.

Issues raised by the client will be via the Helpdesk, so all client staff with access will be aware of it and can follow progress to resolution. If we become aware of the outage outside the client's normal working hours, we will pro-actively raise a ticket on your behalf, and if appropriate, report the issue by email.

We can also phone if you have provided an out-of-hours contact. We will engage with your incident management process where appropriate.

If an issue affected multiple clients, we will issue a group email explaining what occurred, what action we have taken to resolve it and how we plan to prevent it in future.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Anyone wanting to self-register on the Helpdesk or Cloud Dashboard requires a valid client email address. Once registered, it can only be accessed by registered users who authenticate.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 NQA
ISO/IEC 27001 accreditation date 8th July 2016
What the ISO/IEC 27001 doesn’t cover All relevant areas of our operation are comprehensively covered in the certification scope.

We are happy to provide potential G-Cloud clients with a copy of the Statement of Applicability.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes All staff receive a set of standard training sessions at the point they are recruited, and this includes secure work practices. These are reinforced through ongoing appraisal and supervision processes and are included in the Staff Handbook.

As an ISO 27001 registered company, our data handling process is scrutinised on a regular basis as part of internal and external quality audits.

As a company we are registered with the Data Protection Registrar.

Where an issue requires escalation, we have a set of identified processes, including phone numbers, so that you can talk directly and express the level of urgency or business challenge. The levels are:-
After 1 hour Head of Support
After 2 hours Chief Product Officer
3 hours+ Chief Executive Officer
One of the key advantages of working with Zengenti Ltd, is that we keep the barriers to communication as low as possible - commensurate with delivering services efficiently to our whole client base. This means that when you need to speak to someone with the necessary technical skill and the authority to decide a course of action, you can.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our infrastructure is managed through a configuration management system. As a result, all changes to configuration of customer environments is auditable. Changes are first tested in staging environments, before being rolled into production.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We assess potential threats through proactive monitoring of logs and security advisories from major partners/suppliers in the security sector.

We can deploy patches in minutes, but we would assess the risk posed by the particular vulnerability and decide the most appropriate schedule. Typically patches are applied monthly.

We recently had an opportunity to prove the resilience of our processes, when our engineers discovered a vulnerability. Within 48 hours, we had put fixes in place to eliminate any potential risk and told all our clients about the process. We also upgraded all our hosted clients.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have monitoring systems in place that will detect unexpected network traffic and behaviour on servers. There are a range of different solutions depending on the device, for example, on a Linux server we will be automatically notified if there's a change in user account details.

If we find a potential compromise, our incident management process would be triggered.

From that point, the speed of response would be agreed between the engineers and the incident manager.
Incident management type Supplier-defined controls
Incident management approach The majority of incidents are handled through the helpdesk. This streamlines incident management, tracking and resolution. Supportive questions help us gather essential information. Users rate the severity via impact on their business processes.

For critical incidents, on-duty incident managers assess the situation and any affected customer(s), and create a communication list for the incident.

They will:
● instigate conference calls
● a high-level view of problems
● ensure resolution of the issue within SLA
● be involved in the debrief
● provide incident reports on resolution

All communication are available within the service desk portal.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks NHS Network (N3)


Price £325 to £2805 per instance per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial We provide a "sandpit" version of the actual Contensis system with all functionality included. User numbers are limited by negotiation. Typically, we would expect the trial version to be available for no more than 3 months.

Service documents

Return to top ↑