XMA Limited

XMA - LumApps

LumApps is an employee experience platform that engages every employee with personalised communications, regardless of location or language, and empowers them to do their best work by connecting them with the tools, people and information they need to get the job done.

Features

• Employee Experience Platform
• Employee Journeys
• Enterprise Video Management
• Content Management System
• Mobile Intranet App
• Frontline Worker App
• LumApps APIs & Software Development Kit
• Advancing Smarter Working environments through Cloud Innovation, Security and Scalability
• Delivering Social Value themes within PPN06/20 to customer specific outcomes

Benefits

• Reach everyone quickly/effectively, at the office on the field
• Align the organisation around the strategy and communications from C-Suite
• Open direct communication channels to collect employee feedback
• Encourage social bonds to build a strong corporate culture
• Provide company-wide employee recognition to engage employees
• Promote knowledge sharing to harness collective intelligence
• Simplify the employee experience with an unified digital workplace
• Build brand image and amplify corporate reach on social media
• Retain employees and reduce churn and cost of hire
• Support employee wellbeing, D&I, and sustainability initiatives

£10.00 a user a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@xma.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

164500760038653

Contact

Nancy Clayton-Schofield
0115 846 4000
bidteam@xma.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Internet Connectivity with a modern web browser
  • Or an iOS or Android powered mobile device

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: For EMEA Customers Monday-Friday, except banking holidays in France between 9 AM to 6 PM CET time.; ; Response Times: ; Category 1 - The Incident causes the Application to fail to operate completely or causes use of the Application to be substantially impaired. - Acknowledgement of the notification of the Incident within one (1) Business Hour ; ; Category 2 - Any Incident that does not fall into priority level 1 above, including where any functionality of the Application is impaired but use of the Application is not substantially impaired. - Acknowledgement of the notification of the Incident within four (4) Business Hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Two tier support: Enterprise (included in licenses) and Premium (additional cost)
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Yes on LumApps Docs Site. Training section: https://docs.lumapps.com/docs/lumapps-training-program
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: L1 video, ppt and test environment
• End-of-contract data extraction: Upon termination all data is supplied in a readable format for up to 3 months
• End-of-contract process: Customers can export data and must complete before service expiry. Data is permanently deleted after service end (3 months).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Responsive design for tablets and desktop, mobile worker optimised UI on the mobile app.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: A full overview of the LumApps API service can be found here: https://apiv1.lumapps.com/ explaining can and can't do's, API setups and limitations.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: LumApps is fully customisable to a customers needs both in style and content. Platform/Site administrators are primarily accountable for instance styling (branding, logo, colour, font) and the overall structure/navigation elements of the platform within an internal back office. Where delegated, non-admin users can customise content e.g. a piece of news, including layout and content via the LumApps content management system, restrictions can be applied such as enforced templating and authorisation pathways.

Scaling

• Independence of resources: Developed on highly scalable PAAS, hosted on Google Cloud or Microsoft Azure. We currently support 1,000s of customers with some of our larger customers having over 100,000 employees connected. Our SaaS platform is developed using multi-tenanted design principles and evolves with new features every 6 weeks.

Analytics

• Service usage metrics: Yes
• Metrics types: Traffic, engagement and user adoption metrics
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: LumApps

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: CSV
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • G-Suite apps
  • MS Office 365 apps
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Google Docs
  • Office 365

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: >99% uptime
• Approach to resilience: All data is redundantly stored across a minimum of 3 data centres, and all services are designed to leverage the redundant data centre infrastructure powering Google services
• Outage reporting: Provides customer alerts and a public uptime dashboard here: http://status.lumapps.com/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Authentication is based on Single Sign on, through the customer's identity provider.
• Access restrictions in management interfaces and support channels: Single Sign On via OAuth or via Username/Password
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 10/12/2019
• What the ISO/IEC 27001 doesn’t cover: Any service not listed on the ISO certificate is not covered
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 28/05/2020
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: None
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: To comply with the ISO 27001 standard, LumApps maintains an Information System Security Policy. It covers all the ISO 27001 requirements. Also, security is incorporated by design in all our processes, including the development of the application.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: LumApps has a Software Development Life Cycle policy that defines how the application is developed and how changes are managed. Every change is controlled and tested before being pushed into production. LumApps also communicates all the changes in advance so that our customers can be prepared. A customer preview platform is also available so that features can be tested in advance.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerabilities are managed depending on their severity. We based our policy on the CVSS score: if CVSS>= 9: 7 days, if CVSS<9: 30 days.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The infrastructure of the application is monitored 24/7 by our cloud provider and our Devops team. Monitoring of the application can be done by the customers themselves by connecting a SOC/SIEM system to our monitoring API.
• Incident management type: Supplier-defined controls
• Incident management approach: To comply with the ISO 27001 standard, LumApps has an Incident Management Policy. Incident notifications are sent to the customers in case of an issue on the platform (< 72h to comply with the GDPR). Also, a complete report will be communicated to the customers in case of a major incident.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  The LumApps employee experience platform supports clients in their efforts to achieve their sustainability goals through raising internal awareness, targetted communication and supporting collaboration.XMA’s primary driver to promote and deliver cloud solutions within our customers is to support business efficiencies, both from an operations and environmental perspectives.; ; On-premise data centres are often inefficient due to their relatively small scale and are often unable to be modified due to the constraints of their environment and the relative financial implications of wholesale technical upgrades offered by leading-edge solutions.; ; XMA’s cloud solutions enable customers to transform and digitise their infrastructure, lowering costs and reducing the environmental impact of their IT infrastructure. ; ; As part of our consultative approach, we will seek to identify where energy savings can be achieved, without compromising operational efficiency and the security of their data.; ; All of XMA’s cloud solutions are driven to offer Smarter Working practices to our customers. The ongoing development of hybrid-working will facilitate a customers’ ongoing need to reduce unnecessary travel to office locations, further reducing the workforce’s carbon impact. Office working will continue to return and our services also highlight how organisations can rationalise and prolong the life and value of technology assets, maximising efficiencies within office environments through controlling HVAC and lighting applications through tracking workspace utilisation and footfall.; ; Working hand-in-hand with our customers to provide a full cloud-focussed solution, we also provide ITAD services which facilitates customers to not only maximise any residual value of their current on-premise estate, but also proactively ensure all applicable hardware is repurposed or recycled, again further minimising carbon footprint and unnecessary use of raw materials
• Covid-19 recovery:

  Covid-19 recovery

  The LumApps' employee experience platform supports clients in their Covid Recovery efforts by providing them an effective means of communicating with employees, ensuring colleagues can find relevant policies and procedures, and reducing the cost of hire and onboarding.As the world recovers from the Covid-19 pandemic, this has accelerated the demand for flexible working, continued development in technology efficiencies and the assurance of security in infrastructure solutions, especially where they operate across a hybrid office/home working environment; XMA have developed cloud service offerings that consider all of these factors to provide customers with durable, sustainable and ultimately scalable solutions that take advantage of leading-edge technological improvements that form best practice in cloud-based working models; The relative success of national lockdowns to minimise the impact of the pandemic on the UK population demonstrated how technology can enable a total remote working service for office-based staff. However, as the solutions were understandably implemented at pace and often using legacy infrastructure, these solutions were often not optimised to deal with the demands of the workforce and the required security aspects. XMA’s cloud solutions are build from the ground up to consider these requirements, and we can enable customers to future-proof their cloud-based infrastructure to not only facilitate any future lockdowns, but ensure there is no compromise on security of their data and the durability of their solution.
• Tackling economic inequality:

  Tackling economic inequality

  N/A
• Equal opportunity:

  Equal opportunity

  N/A
• Wellbeing:

  Wellbeing

  N/A

Pricing

• Price: £10.00 a user a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 30 day trial.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@xma.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.