Engage

Episerver CMS

EPiServer's Web Content Management platform "Digital Experience Cloud™" and ecommerce solution enables editors and marketers to create and experience content simultaneously. They see exactly what your audience will see, on any device, screen size or context. High availability, high performance and scalable, offering connectivity with cloud services and existing systems.

Features

  • Fully customisable EPiServer responsive templates
  • Optimised EPiServer performance and custom .NET code development
  • Fully accessible and compliant
  • Personalisation of content
  • Multi-lingual capabilities
  • Cross-browser administrator access
  • Content versioning
  • Workflow – simple and complex user options
  • Multi-site capabilities
  • Integrated digital marketing suite

Benefits

  • Extensive Microsoft .NET knowledge and experience
  • Microsoft Azure or Episerver DXC Hosting Options
  • User centred design approach
  • Certified Episerver premium partner undertaking Episerver projects across the UK
  • Track record of delivering successful Episerver projects across the UK
  • UK based agency, EPiServer team and hosting provision.
  • A team of certified episerver developers based in the UK
  • Team of digital marketers with experience on the episerver platform
  • Episerver is listed as a leader on Gartner Magic Quadrant

Pricing

£11000 per server

Service documents

G-Cloud 9

891351622924525

Engage

Stephen Leathem

02890 183135

tenders@madetoengage.com

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Episerver can be utilised as an add-on for a range of other software services such as the IBM Marketing Cloud, Marketo, Salesforce, Hubspot, Dynamics CRM, etc
Cloud deployment model Public cloud
Service constraints No constraints exist with the Episerver CMS
System requirements ASP.NET

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Monday to Friday, 9.00am until 5.30pm. 24/7/365 support is also available to our clients if required.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Engage can provide Business Hours (Mon - Fri / 9-5) Support. The cost of support ranges depending on the support services required. Engage provide a technical account manager.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite training and user documentation are provided with the service
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data can be extracted by system export at the end of the contract, or via API extraction.
End-of-contract process License to the software is included within the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There are no differences between the mobile and desktop service
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Engage has not undertaken any interface testing by users of assistive technology
API No
Customisation available No

Scaling

Scaling
Independence of resources Episerver CMS can be hosted on any Windows based server environment, independent virtual machines, or in a full PaaS cloud configuration. The company hosting the solution would be responsible for managing server resources such as bandwidth and processor / ram configurations.

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Reseller providing extra support
Organisation whose services are being resold Episerver

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported from Episerver CMS via API, CMS Export, or Database scripting
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats XML
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability SLAs related to the hosting of Episerver CMS is handled by the hosting company contracted to host the software
Approach to resilience Datacentre setup resilience is at the discretion of the hosting company contracted to host the Episerver CMS software
Outage reporting Outage Reporting is a requirement of the hosting company who are contracted to host the Episerver CMS software

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access is restricted to management interfaces and support channels via Active Directory authentication
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The Microsoft Information Security Policy aligns with ISO 27002, augmented with requirements specific to Azure. ISO 27002 is not a certification but provides a suggested set of suitable controls for the Information Security Management System. An ISMP has been established to enable Microsoft Azure to maintain and improve its management system for information security. Through establishment of the ISMS, Azure plans for and manages protection of its assets to acceptable security levels based on defined risk management processes. In addition, Azure monitors the ISMS and the effectiveness of controls in maintaining the confidentiality, integrity and availability of assets to continuously improve information security.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Configuration and change management is handled via having 3 separate environments Development, Staging, and Production as part of the Episerver digital experience cloud CMS. The objective of this tiered change management process is to standardise the methods and procedures for efficient and prompt handling of all changes in order to minimise the impact of change-related incidents upon service quality, and consequently improve the day-to-day operations of the organisation.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Azure Security Center offers integrated vulnerability assessment with Qualys cloud agents . The solution can be deployed to multiple websites at one time, Once deployed, the Qualys agent will start reporting vulnerability data to the Qualys management platform, which in turn provides vulnerability and health monitoring data back to Security Center.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Azure offers centralized monitoring and analysis systems that provide continuous visibility and timely alerts to the teams who manage the service. Applications that are deployed in Azure and virtual machines created from the Azure Virtual Machines Gallery, Azure enables a set of operating system security events by default. In addition to generating Windows event logs, Episerver configure operating system components to generate logs that are important for security analysis and monitoring. Azure logs administrative operations, including system access, to create an audit trail in case unauthorized or accidental changes are made.
Incident management type Supplier-defined controls
Incident management approach When an incident is reported to the Managed Service Desk it is always categorized and prioritized. The Service Desk use four levels of prioritization: Priority 1 - Major Incident Customer Web Site is unavailable Priority 2 - Severe Incident Customer Web Site is partly unavailable, has a major malfunction or suffer from degraded performance. Priority 3 – Minor Incident Customer Web Site is partly unavailable, has a major malfunction or suffer from degraded performance. Priority 4 – Standard Request A customer change request to the environments configuration, a deployment request, or a standard support question regarding the site.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • New NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Other

Pricing

Pricing
Price £11000 per server
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑