Skip to main content

Help us improve the Digital Marketplace - send your feedback

XMA Limited

XMA - LumApps

LumApps is an employee experience platform that engages every employee with personalised communications, regardless of location or language, and empowers them to do their best work by connecting them with the tools, people and information they need to get the job done.

Features

  • Employee Experience Platform
  • Employee Journeys
  • Enterprise Video Management
  • Content Management System
  • Mobile Intranet App
  • Frontline Worker App
  • LumApps APIs & Software Development Kit
  • Advancing Smarter Working environments through Cloud Innovation, Security and Scalability
  • Delivering Social Value themes within PPN06/20 to customer specific outcomes

Benefits

  • Reach everyone quickly/effectively, at the office on the field
  • Align the organisation around the strategy and communications from C-Suite
  • Open direct communication channels to collect employee feedback
  • Encourage social bonds to build a strong corporate culture
  • Provide company-wide employee recognition to engage employees
  • Promote knowledge sharing to harness collective intelligence
  • Simplify the employee experience with an unified digital workplace
  • Build brand image and amplify corporate reach on social media
  • Retain employees and reduce churn and cost of hire
  • Support employee wellbeing, D&I, and sustainability initiatives

Pricing

£10.00 a user a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@xma.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

1 6 4 5 0 0 7 6 0 0 3 8 6 5 3

Contact

XMA Limited Nancy Clayton-Schofield
Telephone: 0115 846 4000
Email: bidteam@xma.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
  • Internet Connectivity with a modern web browser
  • Or an iOS or Android powered mobile device

User support

Email or online ticketing support
Email or online ticketing
Support response times
For EMEA Customers Monday-Friday, except banking holidays in France between 9 AM to 6 PM CET time.

Response Times:
Category 1 - The Incident causes the Application to fail to operate completely or causes use of the Application to be substantially impaired. - Acknowledgement of the notification of the Incident within one (1) Business Hour

Category 2 - Any Incident that does not fall into priority level 1 above, including where any functionality of the Application is impaired but use of the Application is not substantially impaired. - Acknowledgement of the notification of the Incident within four (4) Business Hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
No
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Two tier support: Enterprise (included in licenses) and Premium (additional cost)
Support available to third parties
No

Onboarding and offboarding

Getting started
Yes on LumApps Docs Site. Training section: https://docs.lumapps.com/docs/lumapps-training-program
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
L1 video, ppt and test environment
End-of-contract data extraction
Upon termination all data is supplied in a readable format for up to 3 months
End-of-contract process
Customers can export data and must complete before service expiry. Data is permanently deleted after service end (3 months).

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Responsive design for tablets and desktop, mobile worker optimised UI on the mobile app.
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
A full overview of the LumApps API service can be found here: https://apiv1.lumapps.com/ explaining can and can't do's, API setups and limitations.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
LumApps is fully customisable to a customers needs both in style and content. Platform/Site administrators are primarily accountable for instance styling (branding, logo, colour, font) and the overall structure/navigation elements of the platform within an internal back office. Where delegated, non-admin users can customise content e.g. a piece of news, including layout and content via the LumApps content management system, restrictions can be applied such as enforced templating and authorisation pathways.

Scaling

Independence of resources
Developed on highly scalable PAAS, hosted on Google Cloud or Microsoft Azure. We currently support 1,000s of customers with some of our larger customers having over 100,000 employees connected. Our SaaS platform is developed using multi-tenanted design principles and evolves with new features every 6 weeks.

Analytics

Service usage metrics
Yes
Metrics types
Traffic, engagement and user adoption metrics
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
LumApps

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
CSV
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • G-Suite apps
  • MS Office 365 apps
Data import formats
  • CSV
  • Other
Other data import formats
  • Google Docs
  • Office 365

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
>99% uptime
Approach to resilience
All data is redundantly stored across a minimum of 3 data centres, and all services are designed to leverage the redundant data centre infrastructure powering Google services
Outage reporting
Provides customer alerts and a public uptime dashboard here: http://status.lumapps.com/

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
Authentication is based on Single Sign on, through the customer's identity provider.
Access restrictions in management interfaces and support channels
Single Sign On via OAuth or via Username/Password
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
10/12/2019
What the ISO/IEC 27001 doesn’t cover
Any service not listed on the ISO certificate is not covered
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
28/05/2020
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
None
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
To comply with the ISO 27001 standard, LumApps maintains an Information System Security Policy. It covers all the ISO 27001 requirements. Also, security is incorporated by design in all our processes, including the development of the application.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
LumApps has a Software Development Life Cycle policy that defines how the application is developed and how changes are managed. Every change is controlled and tested before being pushed into production. LumApps also communicates all the changes in advance so that our customers can be prepared. A customer preview platform is also available so that features can be tested in advance.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerabilities are managed depending on their severity. We based our policy on the CVSS score: if CVSS>= 9: 7 days, if CVSS<9: 30 days.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The infrastructure of the application is monitored 24/7 by our cloud provider and our Devops team. Monitoring of the application can be done by the customers themselves by connecting a SOC/SIEM system to our monitoring API.
Incident management type
Supplier-defined controls
Incident management approach
To comply with the ISO 27001 standard, LumApps has an Incident Management Policy. Incident notifications are sent to the customers in case of an issue on the platform (< 72h to comply with the GDPR). Also, a complete report will be communicated to the customers in case of a major incident.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

The LumApps employee experience platform supports clients in their efforts to achieve their sustainability goals through raising internal awareness, targetted communication and supporting collaboration.XMA’s primary driver to promote and deliver cloud solutions within our customers is to support business efficiencies, both from an operations and environmental perspectives.

On-premise data centres are often inefficient due to their relatively small scale and are often unable to be modified due to the constraints of their environment and the relative financial implications of wholesale technical upgrades offered by leading-edge solutions.

XMA’s cloud solutions enable customers to transform and digitise their infrastructure, lowering costs and reducing the environmental impact of their IT infrastructure.

As part of our consultative approach, we will seek to identify where energy savings can be achieved, without compromising operational efficiency and the security of their data.

All of XMA’s cloud solutions are driven to offer Smarter Working practices to our customers. The ongoing development of hybrid-working will facilitate a customers’ ongoing need to reduce unnecessary travel to office locations, further reducing the workforce’s carbon impact. Office working will continue to return and our services also highlight how organisations can rationalise and prolong the life and value of technology assets, maximising efficiencies within office environments through controlling HVAC and lighting applications through tracking workspace utilisation and footfall.

Working hand-in-hand with our customers to provide a full cloud-focussed solution, we also provide ITAD services which facilitates customers to not only maximise any residual value of their current on-premise estate, but also proactively ensure all applicable hardware is repurposed or recycled, again further minimising carbon footprint and unnecessary use of raw materials
Covid-19 recovery

Covid-19 recovery

The LumApps' employee experience platform supports clients in their Covid Recovery efforts by providing them an effective means of communicating with employees, ensuring colleagues can find relevant policies and procedures, and reducing the cost of hire and onboarding.As the world recovers from the Covid-19 pandemic, this has accelerated the demand for flexible working, continued development in technology efficiencies and the assurance of security in infrastructure solutions, especially where they operate across a hybrid office/home working environment
XMA have developed cloud service offerings that consider all of these factors to provide customers with durable, sustainable and ultimately scalable solutions that take advantage of leading-edge technological improvements that form best practice in cloud-based working models
The relative success of national lockdowns to minimise the impact of the pandemic on the UK population demonstrated how technology can enable a total remote working service for office-based staff. However, as the solutions were understandably implemented at pace and often using legacy infrastructure, these solutions were often not optimised to deal with the demands of the workforce and the required security aspects. XMA’s cloud solutions are build from the ground up to consider these requirements, and we can enable customers to future-proof their cloud-based infrastructure to not only facilitate any future lockdowns, but ensure there is no compromise on security of their data and the durability of their solution.
Tackling economic inequality

Tackling economic inequality

N/A
Equal opportunity

Equal opportunity

N/A
Wellbeing

Wellbeing

N/A

Pricing

Price
£10.00 a user a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
30 day trial.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@xma.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.