Bang Communications Ltd

Cloud Drupal Service

Bang’s Cloud Drupal service offers you all the benefits of a secure, fully managed, high performance, always available hosted Drupal solution without needing any infrastructure or technical team. You keep your content up to date and we will do the rest with a full Service Level Agreement underpinned by guarantee.


  • Powerful open source web publishing platform
  • Limitless scaleability
  • Thousands of free plug-ins available
  • Organise, structure and re-use content
  • Powerful content categorisation and taxonomy
  • Easy to use content creation and editing interface
  • Great control over permissions and role based access
  • Users can work together to create great content
  • Designers have flexibility to develop attractive, usable engaging sites
  • Open interface-easy to extend and connect with social media


  • Open source excellent value for money
  • Powerful enterprise ready CMS
  • Present your organisation in the best possible way
  • Future proof with millions of sites already using
  • Easy to use for content editors and publishers
  • Extensible without having to write more code
  • Easy to connect to your online ecosystem
  • Fast implementation and deployment
  • Secure
  • No management headaches


£400 per instance

Service documents


G-Cloud 11

Service ID

9 4 3 7 2 2 5 8 3 8 3 9 3 9 5


Bang Communications Ltd

David Clarke

01256 370 900

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Drupal Core
Cloud deployment model Hybrid cloud
Service constraints There are no specific service constraints that are not detailed in this specification.
System requirements Internet Connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response time are agreed as part of an SLA.
Typical response time for business hours:
Severity 1 - 1 hour
Severity 2 - 4 hours
Severity 3 - 16 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Telephone and online support channels are available during standard working hours. Additional support is available outside standard working hours at an additional cost.

Support is initially provided by a Technical Account Manager who is adirect access to further technical support if required.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite and online training is available and documentation available.
Service documentation Yes
Documentation formats
  • ODF
  • PDF
End-of-contract data extraction You can use the Export tool to backup all of your content or move your content to a new Drupal site.
End-of-contract process Client will be provided with copies of the database files at no additional costs.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The Drupal front use responsive style sheet and back end supports editing through mobile application. Back end editing can be enhanced through iOS and Android applications.
Service interface Yes
Description of service interface Web based
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing In house testing only.
What users can and can't do using the API The API exposes a simple yet powerful interface to content.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Styling of the application can be applied to match brand user requirements. Additional functionality can achieved through adding modules.


Independence of resources Each service user will have their own dedicated service.


Service usage metrics Yes
Metrics types Google Analytics as standard. PIWIK if required can be added at an additional cost
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Other
Other data at rest protection approach Secure data centre.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach You can use the Export tool to backup all of your content or move your content to a new Drupal site.
Data export formats
  • CSV
  • Other
Other data export formats XML
Data import formats
  • CSV
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability 99.99 and Service Credits
Approach to resilience Available on request.
Outage reporting Private dashboard and email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Username and password.
Access restriction testing frequency At least once a year
Management access authentication Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach This is included as part of our ISO9001 Quality Management Process and we have been 'Cyber Essentials' certified.
Information security policies and processes Bang adopt a System’s Assurance process that builds upon our collective experience. This includes:

• Considering and managing the risks that might affect client systems
• Taking action to mitigate these risks before they become real
• Deploying hardened platforms
• Only using tested software releases
• Automatically including relevant security patches
• Eliminating unnecessary processes.
• Configuring firewalls
• Limiting access to systems
• Always using multi-factor authentication
• Implementing resilient backup and recovery procedures
• Safeguarding your data at all stages in its journey
• Ensuring our data centre providers take as much care on security as we do

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach GIT repos are used for host and config and servers are reliably deployed by Ansible. History is fully tracked and detailed security are consistently deployed.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Server software uses unattended updates from trusted channels.
Active monitoring is undertaken for module/plugin updates.
Protective monitoring type Supplier-defined controls
Protective monitoring approach To be agreed with user for example we use an auditing solution is based around Assuria’s Protective Monitoring Solution the Assuria Load Manager (ALM) which has been specifically designed to meet GPG13. All logs are secured and retained in their original form (allowing for Forensic Investigation) as well as being analysed and reformatted for easy investigation. ALM collects and stored log files with a verifiable chain of custody.
Incident management type Supplier-defined controls
Incident management approach Automatic reports will be generated and reviewed on a weekly basis. Any incident or suspected incident will be reported and managed as a security incident via our security incident process.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £400 per instance
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑