Page Lizard

Mobile App Design and Development

Page Lizard builds bespoke iOS and Android mobile apps with expertise in delivering content to secure audiences. Clients are typically organisations who deliver content and communications - publications, learning materials, training manuals and newsletters - to their authenticated audience. Apps are built on Xamarin and come with a support package.

Features

• Mobile apps in Android and IOS.
• Web experience viewer domain delegated or embedded.
• Bespoke development of mobile and web apps to specification.
• Ingest RSS, XML, JSON, ATOM, PDF and HTML.
• Manage content from CMS and publish content to all streams.
• Stream can deliver different content by device or user role.
• Deliver searchable offline or online content .
• Book marks, quiz and forms builder (CPD) and delivery.
• Apps come with support and upgrade package
• Authentication integration and synchronisation to satellite devices.

Benefits

• We help you identify the features your app needs
• Our UI/UX designers create an app to test and refine
• Apps are bespoke and built to your requirements
• You can publish content from multiple sources
• All types of content are words, pictures, video, audio
• Production and technical support to help with content ingestion
• Rich component set means rapid deployment of apps
• Fully customisable authentication options
• Full after-launch maintenance, support and upgrades
• Embedable or domain sub-delegated web experience

£500 to £1,800 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at graham@digitalpc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

295619874318791

Contact

Graham Duffill
0207 183 3690
graham@digitalpc.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Provides ad-hoc support Monday to Friday 09:00 to 17:00; Critical response support at weekends and out of hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All apps are provided with a support and maintenance package which includes keeping them up-to-date with iOS and Android platform changes. ; We plan for periodic revisions of the app to enable clients to expand and change their apps based on audience feedback.; We help clients to respond to user technical problems, but do not deal with end-users directly. A more inclusive support agreement can be agreed based on specification.; We support the app-side of integrations - such as the CRM and CMS.; Our editorial, design and production staff will provide help in uploading content and communications. We also provide deadline production services for clients who want to outsource content updates.; We integrate push notifications, analytics and tracking into apps and provide client training and support in these.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We have an onboading process which startes with a discovery workshop - this captures the key features and requirements of the app, including the KPI business objectives.; The second stage is a design workshop to start to visualise these in action. This leads to a full set of interactive designs allowing stakeholders to try the app in a sumulated web environment.; The third stage is to create a scope of works, project management timesheets and billable costs.; The fourth stage is the app build with a set of initial releases to test functionality before an Alpha version if released for QA testing.; Apps can be released to a limited public audience before the final release.; Post-release bug fixing is factored into the process and we encourage clients to add extended functionality in staged releases. ; We provide onboarding screens for end-users to help them use the app and deep analytical tracking for clients to understand how their app is being used.; Performance tracking is also set-up to monitor the app's health, monitor crashes and identify software fixes for future releases.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data can be extracted electronically via an XML or JSON feeds (Manually downloading assets themselves) or a zip files of JSON feed and all assets per issue, publication or stream.
• End-of-contract process: The app software and server side software is provided as SAAS and is not available to the client at the end of the contract. ; ; All of the material provided by the client is available at no extra cost, including:; - Original designs and know-how generated during the set-up workshops; - All content and materials provided by the client; - All user data and analytics; ; At the end of the contract the client can download their data via any of the electronic feeds. ; ; There are no specific costs associated with ending a contract and offboarding a client, unless they ask for assistance with transferring materials and knowledge which would then be chargedon a time and materials basis.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The two services are designed to be as close to the same as possible. As screen sizes and functionality differ between mobile and desktop we optimise our delivery apps to work best with the underlying operation system, SDK or browser whilst trying to replicate the feature accurately across the range of devices.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: The initial app design and build is fully-customised. ; The app is connected to as many sources of content as required by the client.; Authentication services are also fully-customised on deployment and can connect to more than one system.; Once launched all content can be changed by the user. This can be done in their CMS if it is connected to the app. They can also upload and change content in the app's own CMS.; All apps are published in the client's own account in the iOS and Google Play stores, so the user retains control of the branding and messaging in the store. ; Some areas of the app can also be updated by the user in real-time. When designing and building the app we will take note of which areas the client needs direct access to edit and change and plan accordingly.

Scaling

• Independence of resources: Some of our underlying services automatically scale, but our core delivery systems are proactively and continuously monitored, adjusted and scaled by our technical team. We also use content delivery networks to maximize global delivery performance.; ; We can deploy our infrastructure to clients hosted environments if required but is subject to circumstances and agreement by management.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics are provided as standard via 3rd party plugins : Google Firebase and analytics. ; ; We have a standard set of events which are captured but bespoke events can be added. A rich reporting suite of options is available through the advanced set-up of Firebase.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be extracted electronically via an XML or JSON feeds (Manually downloading assets themselves) or a zip files of JSON feed and all assets per issue, publication or stream.
• Data export formats: Other
• Other data export formats:
  • XML (Manually downloading assets)
  • JSON (Manually downloading assets)
  • ZIP (XML or JSON) with assets included in zip
  • Bespoke requirements to specification e.g SQL queries
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • PDF
  • HTML
  • RSS
  • XML
  • JSON / ATOM

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Customized SPI fire walling and VPN connections are possible on request and at additional cost. Standard SPI fire walling is included in cost.

Availability and resilience

• Guaranteed availability: Hosting is with Azure which has the following SLA's on services used:; CDN - guarantee 99.9% ; Cloud services and Virtual Machines - 99.95%; ; Historically we have greater than 99.999% / year unforeseen events.; We provide an SLA response time to any incident within 3 hours
• Approach to resilience: Available on request
• Outage reporting: A public dashboard

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: We integrate custom and bespoke login accounts on clients requests though a few off- the-shelf solutions are available like "Magic link", IP address white listing or OAUTH variations.
• Access restrictions in management interfaces and support channels: We have predefined roles which allows users administration, editor and publisher rights to the CMS. Role based rights are also used to limit access to content in app and in the web experience.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Cyber essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Underlying platforms and operating systems are patched up to date.; Apps and websites trap and report errors back to our sub systems and are monitored by the technical team.; We audit our own and 3rd party code before release.; We follow a request, change log, release and deploy process to identify changes and issues in code.; We do internal penetration testing and encourage external test by clients.; We train and regularly review our processes with our staff.
• Information security policies and processes: All issues from reporting, through fixing, source control and release are tracked internally through our development and management software for auditing purposes. Open issues are monitored by the project team, prioritized and driven to close. Issues beyond our control are escalated to providers or reported to 3rd parties to aid in resolving and securing our clients infrastructure. Issues not resolvable are reported back to the client to be assessed and mitigated and we lend support where possible.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All issues from reporting, through fixing, source control and release are tracked internally through our development and management software for auditing purposes. Open issues are monitored by the project team, prioritized and driven to close. Each bug is assessed, reviewed and tested by the development team before release. Since issues can be tracked back to source version we can rollback and track where issues were introduced and assess impact and deploy appropriate hot fixes where necessary.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We monitor industry forums and subscribe to platform and supplier specific alerts and announcements as well as general horizon scanning.; Issues are analysed and a patch developed based on security threat and internal assessments.; Critical security patches are generally developed and deployed in less than 24 hours. Less critical patches are delivered in line with SLA.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: N/A
• Incident management type: Supplier-defined controls
• Incident management approach: Clients can report incidents by email, phone or via our ticketing system. The reports and progress are available for clients to see but a member of our team will always email or confirm resolution of an issue via email or phone.; ; As previously started all incidents and issues are tracked and linked to our source control, project management and release processes and systems.; ; Major incidents will be reported on our public status page.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Our mobile apps empower remote working, distance learning and constant contact without the need for the user to travel.
• Covid-19 recovery:

  Covid-19 recovery

  One of the growth area for mobile apps has been to deliver better visibility of community services. Many local authorities are now submitting tenders aimed at re-building high streets, attracting tourism and promoting 'what on' events by real-time mobile communications.
• Tackling economic inequality:

  Tackling economic inequality

  Our mobile app platform empowers freelancers and a new generation of digital entrepreneurs to learn the digital skills to build apps themselves. They can launch businesses from these apps, or offer their skills to help others design, build and promote their apps.
• Equal opportunity:

  Equal opportunity

  Our app platform enable anyone regardless of education, status or location to build mobile apps or provide services to others based on the skills they have acquired.
• Wellbeing:

  Wellbeing

  Our app platform is building a community space enabling collaboration on projects between different skill-sets, help and support for those who want to learn digital skills, and to provide a way that those wanting to buy help and support can find the right people.

Pricing

• Price: £500 to £1,800 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at graham@digitalpc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.