Core

Mendix Workflow Automation and AI Software Solutions - CoreGov

Mendix for Public Sector offers a suite of tools designed to develop digital services that serve the public good. This platform enables both front-line and technical staff to collaborate effectively, enhancing the quality of public services. It facilitates modernisation of enterprise systems, meeting public demands for mobile-friendly, easily accessible services.

Features

• AI-powered rapid development of digital workflow automation services
• Build quickly with visual development tools and reusable components.
• DevOps tools for seamless integration, delivery, test automation, and monitoring
• An adaptable framework for crafting accessible experiences for any device
• Portal for information security and governance, control and audit.
• Design once, it adapts across interfaces, brand as required
• Integration with enterprise systems via JSON, REST, and web services.
• Scalable, secure and resilient UK Cloud hosting
• Tools to manage and optimise data storage, queries, and security
• Rapid onboarding with training course and mentoring

Benefits

• Cost-effective transition to digital channels with fewer resources
• Upskill and grow multidisciplinary teams – increase capacity for digitisation
• Upgrade enterprise systems and build the flexibility to adapt
• Improve customer journey and maximise productivity with engaging digital experiences.
• Manage shadow IT and ensure compliance for security and accessibility.
• Build robust solutions to handle sensitive workloads in secure environments
• Access to pre-built accelerators.
• Foster greater collaboration between business users and developers
• Achieve security and governance without compromise
• Design once and reuse, shorten delivery time, reduce repetition

£395 to £1,695 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at webenquiry@core.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

552296754247359

Contact

Paul Saer
+44 (0) 207 626 0516
webenquiry@core.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Within the automation landscape, our Mendix solutions benefit from a range of accompanying extensions: Intelligent task automation: Automate repetitive tasks to enhance productivity with Robotic Process Automation (RPA) assistance. Customer experience enhancement: Contact centre solutions redefine customer engagement Intelligent automation AI: Incorporate AI capabilities, providing tools to accelerate automation.
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: The service is subject to planned maintenance which will be notified in advance.
• System requirements:
  • Internet Connectivity
  • Internet Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Target - 90 minutes initial response.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We will provide a Standard level of support based on which will be included within the service licence cost. This includes access by telephone or email to the remote support teams during contracted hours. A technical account manager will be provided.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We offer extensive support throughout the implementation of Mendix solutions, encompassing project management, engineering, and educational assistance. The Mendix training academy delivers accredited remote training through online programmes. Comprehensive user documentation is also made available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Through our Mendix backup/restore functionality, customers can secure all their apps and data. To offboard a single environment or an entire node (including the test, acceptance, and production environments, for example), simply complete the necessary details in the Offboard Environment app. Offboarding results in the removal of all access to the related node. Should you require access to any data or other information post-offboarding, ensure it is backed up externally from the Mendix Developer Portal. The following will be removed: - Environments - Cloud Containers - Database - File Document Storage - Backups - Alerts - Logs
• End-of-contract process: Once written notice to terminate the service (in line with the agreement) has been received, service will be scheduled for closure on the agreed date. We will work with you to ensure your data is extracted in an agreed format. Exporting Your Application Models Utilising the Mendix SDK, you can programmatically access your application models. The SDK is fully documented, detailing the models that define your app, which facilitates the automation of migrations to other low-code platforms or to third-generation languages and platforms such as Java and Hibernate. With the Mendix SDK, you have the capability to generate Java classes or SQL DDL statements from your domain models, or Java code from your microflows. This allows you to adapt your models to any desired technology stack. Exporting Your Data Data is the most crucial asset in your application projects. You always have the option to export your data in various ways. Within the Mendix Cloud, you can download a backup that includes all your app's data and files. This enables you to store these files elsewhere or to establish a new database using your data. Subsequently, you can convert this data to other database formats or file types.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Mendix platform seamlessly functions on both desktop and mobile devices. Although applications are developed on desktops, most user interface components are compatible across all devices. Certain features optimise for desktop's larger screens, while others leverage mobile's native functionalities, available exclusively on mobile. Applications operate through web interfaces or native apps, including offline functionality.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The Mendix Platform offers comprehensive web-based tools that support application management throughout their entire development lifecycle: - An integrated developer portal allows project teams to outline application projects, allocate team members, organise and oversee project sprints, collaborate, and gather user feedback. - An Integrated Development Environment enables the visual construction and testing of applications, utilising drag-and-drop functionality to create application data models, pages, data processing, and complex business workflows. - A Cloud Portal provides DevOps engineers and administrators with the capabilities to manage application deployment and operations, featuring extensive role-based access control, auditing, and logging.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Mendix is dedicated to conducting tests with users of assistive technologies, such as those with colour blindness or other visual impairments. This testing is usually carried out as part of the application testing process on the platform and is thus specific to each customer's deployment.
• API: Yes
• What users can and can't do using the API: Mendix provides Platform APIs for all relevant steps in the application lifecycle. See: https://docs.mendix.com/apidocs-mxsdk/apidocs/ Mendix also provides a Model SDK to access application models from outside. See: https://docs.mendix.com/apidocs-mxsdk/mxsdk/
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The platform can be fully customised by users with platform configuration training and authorised access.

Scaling

• Independence of resources: Each customer receives personalised dedicated Amazon Web Services (AWS) Cloud service container. Users are equipped with server monitoring tools to oversee and manage their allocated resources effectively.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics are customisable based on implemented applications, commonly including: - CPU - Disk - HTTP request and response status - Memory - Number of active instances - Other (JVM Metrics, Database Metrics)
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Netcall, Nintex, Mendix, UiPath

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data to Excel (CSV) or using the REST API.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • JSON
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Agreed service availability of up to 99.9%, 24/7 Service level agreements can be discussed as part of your contract.
• Approach to resilience: The Mendix Cloud provides an option for high availability to customers holding an enterprise license, ensuring uninterrupted service even during a Mendix Runtime outage. Users can scale their Mendix app environments via the Developer Portal. Selecting multiple instances allows the app to remain operational even if one instance fails. The architecture of the Mendix Cloud places runtime engines and databases within the same availability zone (AZ) to reduce latency during database operations. In the event of an AZ failure, it automatically switches to a geographically distinct AZ. New instances of your app are then launched automatically in the new AZ. AWS automatically replicates file storage buckets across multiple AZs, and with Mendix Fallback options, databases can also be replicated automatically via streaming, or a backup can be restored to the new AZ. All backups are transferred to another region, ensuring they do not leave the continent if this is a requirement for your company.
• Outage reporting: A public dashboard

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: IdP integration using Active Directory with required MFA.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyds Register
• ISO/IEC 27001 accreditation date: 15/04/2020
• What the ISO/IEC 27001 doesn’t cover: Not Applicable
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: NIST
• Information security policies and processes: The Information Security Policy and the Business Continuity and Contingency Policy, along with the associated procedures, standards, and guidelines, are developed and upheld by the information security department and ratified annually by the CEO. The information security and business continuity objectives, which align with our strategic direction, are set by the information security department and endorsed by both the CEO and the CTO. These policies are shaped around our processes to integrate the management system requirements seamlessly into the organisation. The CEO and CTO are responsible for ensuring that adequate resources are provided to sustain the organisation's integrated management system. The information security department is tasked with maintaining this system and reporting on its efficacy to the management function and its broader context.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Appropriate teams will establish rules for the development of software and systems, which will then be applied to software development within Mendix. All research and development teams have the responsibility to set their own coding standards and guidelines, provided they ensure the delivery of secure software and maintain development cycles that adhere to best practices. All modifications must receive management approval, undergo peer review, be tested, and be documented. During product implementation, software composition analysis (using Snyk) and static application security testing (using Veracode) are conducted as early as possible in the lifecycle to mitigate vulnerabilities.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: - Continuous testing through HackerOne VDP and BBP programmes - Monthly penetration tests utilising a white box methodology - Weekly vulnerability assessments conducted with Tenable.IO - Monitoring by CrowdStrike and Lacework - Threat intelligence monitoring by Siemens.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: CrowdStrike's Falcon Platform allows customers to detect unknown malware, uncover zero-day threats, recognise advanced adversaries, and prevent the impact of targeted attacks instantly. The platform relies on CrowdStrike’s application and infrastructure, which feature a redundant, secure, and highly scalable cloud architecture. This architecture synchronises intelligence and security events in real time from its worldwide sensor network, offering a deep understanding of adversary behaviours and the business implications of their attacks. By accumulating and analysing extensive event data in a scalable elastic cloud, CrowdStrike can swiftly identify and respond to targeted attacks.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: An information security incident is an adverse occurrence that has resulted in or could potentially result in harm to Mendix's information assets, reputation, or personnel at an operational level. Incident management addresses intrusions, compromises, and misuse of information and information resources, as well as ensuring the continuity of critical information systems and processes. The Mendix information security department adopts an approach to security incidents based on the NIST 800-61 security incident handling guide. Customers are able to report incidents via the support portal.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  All Core solutions are hosted in the Microsoft Cloud platform, which is currently 79-93% more energy efficient than a traditional on premise datacentre. All Core staff are also issued with modern Energy Star rated laptop devices which typically consume 2/3 less electrical power than desktop computers.; ; Core runs no on premises IT infrastructure and all internal services are cloud-based, ensuring that all service compute is done using high efficiency hardware and powered by renewable energy. It reduces the demand for mined precious materials, manufacturing and road transportation impacts associated with acquiring and receiving private infrastructure, as well as overall energy consumption inefficiencies of running infrastructure that may not be being optimally utilised.; ; Core advocates and supports the adoption of Remote and Hybrid Working to reduce unnecessary travel and associated emissions, reduce our corporate office footprint and support flexible working practices for our teams. ; ; In early 2022, we completed an audit of all end user devices in use across the company and calculated the carbon footprint generated as they are used to deliver our business outcomes, and we are currently developing a program to not only offset this in a properly accredited scheme, but to provide offerings to support our customers and partners to be able to easily do the same. We use Greenly as our carbon management reporting platform to calculate and monitor our scope 1,2, and 3 emissions, and build custom action plans to work towards reduction. In the recent years, we have also contracted Oblong Trees to plant a tree for any existing employee and new starter.; ; Microsoft, with their commitment to reaching net zero emissions by 2030, will enable Core to become a net zero emissions organisation in the same timeframe.

  Covid-19 recovery

  Core changed our operational policies to protect our staff during the Covid 19 pandemic, and to help our customers to continue to build and develop services to support a hybrid workforce.; ; We provide solutions to help customers make the most of remote working, including the ability to support and manage services without having to travel to specific office locations. However, these solutions also seamlessly enable users to work in the office environment too.; ; This includes full collaboration and communication solutions and employee wellbeing platforms to ensure that staff are supported and included, regardless of their location.; ; Our solutions will help customers to continue to work with no impact on user productivity in the event of a future wave of Covid-19 causing health concerns or impacting travel or office attendance capability, such as lockdown or if a member of staff tests positive for Covid-19.

  Tackling economic inequality

  Core is a London Living Wage accredited employer, ensuring that our staff members are able to live and thrive in their life outside of work (Decent work and Economic Growth).; We are an inclusive employer, hiring people based on their talents and capabilities, regardless of any other factors (Gender Equality and Reduced Inequalities).; Core hires new entrants to the employee marketplace where possible, such as graduates, then trains and develops them to start their IT career journey with Core, building skills and experience (Decent work and Economic Growth).; Core’s hybrid working policy enables people who may have personal responsibilities such as care for children or other dependants who may not be suited to an environment where they have to attend an office on a daily basis (Gender Equality and Reduced Inequalities).; Core is continually hiring staff as our business grows and develops. We currently have open roles in both London and Gdansk, and every new contract, such as this one, secures existing employment and presents opportunities for us to continue to grow our team. (Decent work and Economic Growth); Core funds training and development of all staff and encourages involvement in programmes that enable us to continuously develop our technical acumen. (Decent work and Economic Growth); Every employee at Core has a vested stake in our business success, all qualifying post probationary employees participate in an Enterprise Management Incentive where they have an equity stake in the Core business (Decent work and Economic Growth).; Core’s employee benefits package includes Life Assurance and Private Healthcare coverage for the employee and the option of their immediate families at no cost to the staff member, other than the income tax liability (Good Health and Wellbeing).; Every member of permanent staff is enrolled in the company’s Pension Scheme (Decent work and Economic Growth).

  Equal opportunity

  We are an inclusive employer, hiring people based on their talents and capabilities, regardless of any other factors (Gender Equality and Reduced Inequalities).; Core hires new entrants to the employee marketplace where possible, such as graduates, then trains and develops them to start their IT career journey with Core, building skills and experience (Decent work and Economic Growth).; Core’s hybrid working policy enables people who may have personal responsibilities such as care for children or other dependants who may not be suited to an environment where they have to attend an office on a daily basis (Gender Equality and Reduced Inequalities).; Core funds training and development of all staff and encourages involvement in programmes that enable us to continuously develop our technical acumen. (Decent work and Economic Growth).; Every employee at Core has a vested stake in our business success, all qualifying post probationary employees participate in an Enterprise Management Incentive where they have an equity stake in the Core business (Decent work and Economic Growth).; Core’s employee benefits package includes Life Assurance and Private Healthcare coverage for the employee and the option of their immediate families at no cost to the staff member, other than the income tax liability (Good Health and Wellbeing).; Every member of permanent staff is enrolled in the company’s Pension Scheme (Decent work and Economic Growth).

  Wellbeing

  All Core permanent staff are entitled to 25 days annual leave per year, plus Public Holidays.; Core’s hybrid working policy enables people who may have personal responsibilities such as care for children or other dependants who may not be suited to an environment where they have to attend an office on a daily basis (Gender Equality and Reduced Inequalities).; Core’s employee benefits package includes Life Assurance and Private Healthcare coverage for the employee and the option of their immediate families at no cost to the staff member, other than the income tax liability (Good Health and Wellbeing).; Core conducts frequent Employee surveys, collecting feedback from our team on how the business can adapt or improve, internally or externally. We get good engagement from this process and all employee feedback is reviewed, discussed and implemented where appropriate. (Good health and Wellbeing)

Pricing

• Price: £395 to £1,695 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at webenquiry@core.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.