AuraQ Limited

Mendix Low Code Development

AuraQ has extensive experience delivering low-code solutions at speed and scale. Providing tailored applications to solve complex business challenges, our development team has an in-depth knowledge of the low-code development environment and we specialise in the delivery of agile solutions to support a range of functions.

Features

• Integrate with other external or internal systems and services
• Git-based version control
• Tools to gather and process end-user feedback
• Built-in tools for Agile project management methodologies
• Deploy to any cloud, on-premise environment, or edge device
• Supports native iOS and Android applications
• Build reusable components with Java and Javascript
• Leverage open AI/ML models with the Mendix Machine Learning Kit
• Build reusable components and microservices
• Visualize data with charting capabilities

Benefits

• Rapidly build and deploy custom web and mobile apps
• Out-of-the-box templates, widgets and plug-ins
• Supports the entire application development lifecycle
• Manage your applications in the cloud of your choice
• Extend the capabilities of legacy systems
• Quickly deliver customer-facing mobile apps
• Reduce development time by up to 90%
• One-click deployment
• Rapid, iterative, and collaborative design
• Accelerated app delivery

£126.00 to £315.00 a user

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mike.clarke@auraq.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

552886048884172

Contact

Mike Clarke
07879 080375
mike.clarke@auraq.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No.
• System requirements: None

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Depends on the customer's requirements.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Depending on the platform edition of choice customers will get Gold or Platinum Support. Support fees are included in the platform fee. Mendix also offers Premier support for mission critical systems with dedicated support engineers. AuraQ can also provide application level support tailored to your requirements.; ; Cost is dependent on number of users and response times required.; ; An account manager is provided.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Access to the Mendix development environment is free of charge. We provide training for developers to work through rapid certification, intermediate and then to advanced level. Mendix provides a full on-boarding program with our Digital Execution Program to get clients up and running extremely quickly. Mendix offers free online training for all platform users. Our Introduction Course will quickly get your team up to speed so you can build robust and adaptable Mendix applications in days. To explore more advanced features and topics there is free access to online documentation and a very active forum and community. To further build your expertise Mendix provides Expert Webinars that are given by community Experts around platform. In addition to online training Mendix provides (on site) Classroom Training and Certification and Consulting services as detailed in the SFIA document.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Mendix protects your investment in model-driven development, with a fully documented formal meta model. , Mendix provides a Model API & SDK for exporting models including meta data, export to other RAD Platforms, 3GL programming languages (Java, .Net, Python, etc..) and Export to your target architecture (Spring, Hibernate, etc..) Models can be exported at any time and reimported for later use; even after contract end, Mendix models will still run in the Mendix Free Edition.
• End-of-contract process: The Mendix contract covers the Mendix platform and runtime services. Any model or application developed and deployed on the platform remains the IP of the customer and as such can be migrated as mentioned above should the contract end. Even after this, the model could be imported and used on the Mendix free edition albeit with limitations on users and uptime.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mendix native mobile apps are truly native mobile apps based on React Native. Native mobile apps differ from hybrid apps in that they do not render inside a web view. Instead, they use native UI elements, which results in faster performance, smooth animations, natural interaction patterns (like swipe gestures), and improved access to all native device capabilities.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Using the web interface The Mendix Platform provides unified access to a developer portal for developers to define application projects, assign team members, manage scope and progress. Cloud Portal for DevOps engineers and administrators to manage application deployment and operations.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Web interface accessibility testing Mendix is committed to testing with assistive technology users, for example those with colour blindness or other eyesight impairments. This testing is typically delivered as part of the testing of applications developed on the platform and is therefore customer deployment specific.
• API: Yes
• What users can and can't do using the API: Mendix provides Platform APIs for all relevant steps in the application lifecycle. Mendix also provides a Model SDK to access application models from outside.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Based on the principles of model-driven development, Mendix provides a single IDE. From creating data models to integrations, developers can build apps with confidence and take on complex tasks with ease. All applications developed with Mendix are cloud-native, containerized, and portable by default. Developers have the freedom and flexibility to deploy and scale anywhere — public, private, hybrid clouds, or on-premises.

Scaling

• Independence of resources: Each application on the Mendix Cloud runs in an application environment on one or more containers and has dedicated resources allocated to the application environment. The use of containers. Containers support a true microservices approach to development. Applications or parts of applications can be scaled individually, as required, and without needlessly scaling others simultaneously.

Analytics

• Service usage metrics: Yes
• Metrics types: Infrastructure or application metrics Metrics types • CPU • Disk • HTTP request and response status • Memory • Network • Number of active instances.
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Siemens / Mendix

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data export can be achieved in a number of ways . End users of the application can be provided with the option to export selections of data to a CSV or Excel format. Any data stored in the system can be exported via Odata (Open Data Protocol) which can be used by most industry standard reporting software or even an Excel spreadsheet. Finally, for more advanced data exporting requirements data can exported by a REST service which also allows the data to be transformed or manipulated if needed.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Odata
  • XlSX
  • JSON
  • XML
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • JSON
  • XML
  • XLSX

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.95% uptime guarantee applies for applications with fallback and horizontal scaling configured in Mendix Cloud V4.; Without fallback and horizontal scaling configured the uptime guarantee is 99.5%.
• Approach to resilience: Mendix Cloud Runs on AWS globally, and we make use of AWS multi-AZ options for resilience. In addition, for applications that are scaled horizontally, where the Mendix Runtime Engine runs on multiple containers within an application environment, applications will continue to run if one of the containers would go down. Lastly, for all applications running on the Mendix Cloud, the health manager is checking application availability and will try to auto restart if an application environment would go down.
• Outage reporting: Mendix uses https://status.mendix.com which has an API and generates mail alerts. Mendix has service monitoring per application which is a dashboard for project members and can receive email alerts on outages or issues specifically to your application.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: IP Filters MFA Public key authentication for SSH Username + password Integration with SSO (Azure ID) with 2FA User access review every quarter.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 12/09/2023
• What the ISO/IEC 27001 doesn’t cover: None.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 01/04/2018
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: None.
• PCI certification: Yes
• Who accredited the PCI DSS certification: Noordbeek B.V
• PCI DSS accreditation date: 10/12/2019
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISAE 3402 Type 2
  • OISAE 3000 Type 2
  • SOC 1 Type 2
  • SOC 2 Type 2
  • SOC 3 Type 2
  • ISO/IEC 27017
  • ISO/IEC 27018

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO/IEC 27017 Certification ISO/IEC 27018 Certification ISAE 3000 Type II Assurance Report ISAE 3402 Type II Assurance Report SOC 1 Type II Assurance Report SOC 2 Type II Assurance Report SOC 3 Type II Assurance Report PCI DSS Level 1 Service Provider Attestation of Compliance Cyber Essentials (UK)
• Information security policies and processes: CFO is responsible for information security within Mendix and the CISO has a dotted reporting line to the CFO as the CISO falls in the CTO office organisation.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Any components used by customers in our cloud follows the change management process. Every change at least has: - Manager approval - Is tested - Peer reviewed - Has acceptance criteria from management - Scanned using Veracode, Snyk and SonarQube.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Weekly vulnerability assessments, 13 penetration tests per year, HackerOne managed responsible disclosure and HackerOne managed bug bounty. Times are aligned with NIST 800-53. Multiple sources are used, US-CERT, Snyk, VeraCode, Tenable.IO, HackerOne.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Mendix uses AWS as service provider which has identification capabilities for potential compromises, Mendix deployed Wazuh on cloud nodes to identify potential compromises. Mendix follows it's security incident management policy which is based on NIST 800-61. Within 36 hours we report towards the customer about such incidents.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Mendix has multiple pre-defined processes in place for incident management which are part of our ISAE 3402 report. Using our support portal. Informing the technical contact of a Mendix Application.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  We have designed a number of portals which enable people to access systems remotely helping to provide a better work / life balance.

Pricing

• Price: £126.00 to £315.00 a user
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Access to the Mendix platform is free of charge.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mike.clarke@auraq.com. Tell them what format you need. It will help if you say what assistive technology you use.