Bang Communications Ltd

WordPress CMS

Bang’s Cloud WordPress service offers you all the benefits of a secure, fully managed, high performance, always available hosted WordPress solution without needing any infrastructure or technical team. You keep your content up to date and we will do the rest with a full Service Level Agreement underpinned by guarantee.

Features

• Powerful open source web publishing platform
• Limitless scaleability
• Thousands of free plug-ins available
• Organise, structure and re-use content
• Powerful content categorisation and taxonomy
• Easy to use content creation and editing interface
• Great control over permissions and role based access
• Users can work together to create great content
• Designers have flexibility to develop attractive, usable engaging sites
• Open interface-easy to extend and connect with social media

Benefits

• Open source excellent value for money
• Powerful enterprise ready CMS
• Present your organisation in the best possible way
• Future proof with millions of sites already using
• Easy to use for content editors and publishers
• Extensible without having to write more code
• Easy to connect to your online ecosystem
• Fast implementation and deployment
• Secure
• No management headaches

£400 an instance

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

987290588005702

Contact

David Clarke
01256 370 900
david@bang-on.net

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: WordPress Core
• Cloud deployment model: Hybrid cloud
• Service constraints: There are no specific service constraints that are not detailed in this specification.
• System requirements: Internet Connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response time are agreed as part of an SLA. Typical response time for business hours: Severity 1 - 1 hour Severity 2 - 4 hours Severity 3 - 16 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Telephone and online support channels are available during standard working hours. Additional support is available outside standard working hours at an additional cost.; ; Support is initially provided by a Technical Account Manager who is adirect access to further technical support if required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite and online training is available and documentation available.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: You can use the Export tool to backup all of your content or move your content to a new WordPress site.
• End-of-contract process: Client will be provided with copies of the database files at no additional costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The WordPress front use responsive style sheet and back end supports editing through mobile application. Back end editing can be enhanced through iOS and Android applications.
• Service interface: Yes
• Description of service interface: Web based
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: In house testing only.
• API: Yes
• What users can and can't do using the API: The API exposes a simple yet powerful interface to WP Query, the posts API, post meta API, users API, revisions API and many more.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Styling of the application can be applied to match brand user requirements. Additional functionality can achieved through adding plugins.

Scaling

• Independence of resources: Each service user will have their own dedicated service.

Analytics

• Service usage metrics: Yes
• Metrics types: Google Analytics as standard. PIWIK if required can be added at an additional cost
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Secure data centre.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: You can use the export tool to backup all of your content or move your content to a new WordPress site.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.99 and Service Credits
• Approach to resilience: Available on request.
• Outage reporting: Private dashboard and email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Username and password.
• Access restriction testing frequency: At least once a year
• Management access authentication: Public key authentication (including by TLS client certificate)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: This is included as part of our ISO9001 Quality Management Process and we have been 'Cyber Essentials' certified.
• Information security policies and processes: Bang adopt a System’s Assurance process that builds upon our collective experience. This includes:; ; • Considering and managing the risks that might affect client systems; • Taking action to mitigate these risks before they become real; • Deploying hardened platforms; • Only using tested software releases; • Automatically including relevant security patches; • Eliminating unnecessary processes.; • Configuring firewalls; • Limiting access to systems; • Always using multi-factor authentication; • Implementing resilient backup and recovery procedures; • Safeguarding your data at all stages in its journey; • Ensuring our data centre providers take as much care on security as we do

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: GIT repos are used for host and config and servers are reliably deployed by Ansible. History is fully tracked and detailed security are consistently deployed.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Server software uses unattended updates from trusted channels.; Active monitoring is undertaken for module/plugin updates.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: To be agreed with user for example we use an auditing solution is based around Assuria’s Protective Monitoring Solution the Assuria Load Manager (ALM) which has been specifically designed to meet GPG13. All logs are secured and retained in their original form (allowing for Forensic Investigation) as well as being analysed and reformatted for easy investigation. ALM collects and stored log files with a verifiable chain of custody.
• Incident management type: Supplier-defined controls
• Incident management approach: Automatic reports will be generated and reviewed on a weekly basis. Any incident or suspected incident will be reported and managed as a security incident via our security incident process.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £400 an instance
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF