Durable Digital LTD.

Sitecore development

Durable is a Sitecore Silver Partner that designs and develops beautiful Sitecore websites, integrated with your email marketing, CRM, and analytics.


  • Strong WYSIWYG editing features with pages and blocks
  • Personalisation using manual and automatic features
  • MVT and A/B testing
  • Content approval workflows
  • APIs for integration of data both consumed & exposed data
  • Content preview across multiple devices and canvas sizes
  • Multi-lingual and multi-locale support
  • Permissions platform for granting and denying access to content
  • Versioning of content
  • Projects - grouped content with a single click deployment option


  • Quickly manage content from a choice of multiple devices
  • Deliver the right marketing message to the right audience
  • Implement Conversion Rate Optimisation campaigns
  • Provides auditing and approval for content changes
  • Integrates with both internal and external platforms
  • See how content looks on a choice of platforms
  • Deliver globally with different languages and currencies
  • Ensure security of content
  • Have access to historical updates, never lose an edit
  • Push multiple edits live at the same time for campaigns


£150000 to £1000000 per instance per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

9 4 4 1 7 3 4 5 0 9 8 0 4 7 8


Durable Digital LTD.

Shane Marsden

+44 20 7247 5793


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Durable provides bespoke .NET development services which either sit alongside or integrate with Sitecore. These include complex integrations into third party systems and delivery of standalone applications to meet client requirements.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
Service constraints Deployment is on public, private or community cloud
System requirements Service requires license

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard response times are within 24-hours during business hours. Enterprise customers benefit from faster response times.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing We have performed no such testing.
Onsite support Onsite support
Support levels Various Service Level Agreements and costs offered depending on needs. Technical and Cloud support engineers made available as needed.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We undertake discovery, design and development processes appropriate to your requirements, through to full system testing. Durable provides on-site training for content editors and administrators. Access to official Sitecore documentation is also provided.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data is securely transferred or downloaded to a physical drive.
End-of-contract process Through request to Durable a full back-up of the Sitecore instance and accompanying assets can be provided. Durable can provide additional Exit Planning and Management services upon request.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The Sitecore service is fully responsive and works across mobile, tablet, desktop and other devices (TV, etc) with the same interface.
Service interface Yes
Description of service interface By default, there is no service interface but one can be added.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing We do formal testing on code that we write. Testing of the platform itself is the responsibility of Sitecore.
What users can and can't do using the API You can enable an api or write/extend your own.
API documentation Yes
API documentation formats
  • HTML
  • ODF
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The Sitecore service provides the ability for the customisation of content management and other marketing services. Customisations are able to be achieved across all aspects of the software, from look and feel through to additional development tasks, the delivery of analytics and implementations of third party tools (including webchat), and form generation.


Independence of resources Sitecore is a fully scalable service which is set to automatically increase either individual resources or servers as is needed in relation to service demand.


Service usage metrics Yes
Metrics types Google Analytics, Adobe Analytics, IBM Coremetrics ( IBM Digital Analytics), Unica NetInsight, Sitecore Experience Analytics
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported directly from the database or an export can be run that downloads content as a compressed XML file.
Data export formats
  • CSV
  • ODF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Per client requirements
Approach to resilience Available upon request
Outage reporting Email alerts; public dashboard

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels On demand
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach If our clients have a security governance approach, we follow it.
Information security policies and processes Durable maintains a set of security policies aligned with ISO27001 standards. All staff are briefed on the security policy at induction and ongoing compliance supported by an internal learning process.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Durable operates a Change Management process to ensure that all configuration or service changes are put through a controlled process, ensuring that impact and risk are managed, quality is maintained, and that changes are planned, documented and approved.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Durable undertakes periodic independent pen and vulnerability scanning of our networks and network services.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We actively monitor the service at all times. The service is able to detect when a particular site is experiencing extraordinary load and begins to isolate the site in question to leave resources available for other sites. The feature is designed specifically with DDoS in mind but also serves to isolate sites with malfunctioning code.
Incident management type Supplier-defined controls
Incident management approach Durable operates a mature Incident and Service Request Management process. The process is operated by our Service Management tool, which is interactive and can be configured to support the ticket workflow and metrics agreed with customers. Customers can report and update incidents via our interactive portal, email and telephone. Though we operate a core Incident Management policy and process, these can be tailored within customers Service Level Agreements to support common incidents and events.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £150000 to £1000000 per instance per year
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑