Deloitte LLP

Mobile App Development (iOS & Android)

Through this service, Deloitte will help you develop and implement high-quality bespoke mobile applications for the public and/or employees. We work with you to get the most value out of the applications built. This service involves the development of the front-end application(s) and integration into the back-end estate.

Features

• Custom developed cloud-based mobile applications (iOS & Android)
• Fast-track back office integration to your core platforms
• Full end-to-end testing of the solution
• Security, vulnerability and penetration testing of the cloud-based solution
• Deployment Management (MDM) & Continuous Development
• Dedicated application support post go-live
• Delivery planning, management and governance ownership

Benefits

• Access to Deloitte’s global team of public sector experts
• Cross-functional team of specialists spanning design to deployment
• Proven track record of delivering cloud-based solutions in government
• Experienced in implementation of GDS design and development protocols
• Knowledge transfer to help build your internal capability
• Strategic alliance with Apple to deliver best-in-class mobile app services

£450 a unit a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsectorbidteam@deloitte.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

570357613487365

Contact

Donna Farrell
0207 303 0913
publicsectorbidteam@deloitte.co.uk

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: The EnterpriseNext for iOS Delivery should follow the 2-week EnterpriseNext for iOS Discovery phase, taking an idea from the previous phase and implementing as a part of the latter engagement.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Not Applicable
• System requirements: IOS selected as your mobile operating system

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: We can offer different support levels based on the service requirement. We would agree this with the client at the time of order. ; ; Cost may be in accordance with our rate card/pricing document.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Our team will work with you to agree the most practical approach for using your new application to ensure you gain the most value from it; but additional services which can be defined include agreeing a deployment approach, on-site training and producing documentation that describes how the app works, and how it should be used.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Flexible based on your requirements
• End-of-contract data extraction: All data is owned by the client and the mobile app that we deliver can be hosted in a client private-cloud / environment. Any data extracted from the app will be in accordance with client data handling policies/regulations, and kept only by them.
• End-of-contract process: We will discuss with customers any off-boarding or scope of exit requirements and reach agreement on the most suitable approach prior to an order being placed. The requirements should be documented in the Order Form by the customer, and Deloitte will include details in the Order Form as agreed between Deloitte and the customer

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Deloitte will work with your team to deliver a custom-designed native iOS or Android mobile application that puts the needs of the user first
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: This depends on the scenario and requirements.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: We do frequent testing to ensure our applications work with the inbuilt device accessbility functionality. This testing is in the form of usability testing and shadowing studies.
• API: Yes
• What users can and can't do using the API: Not applicable. If required, APIs to support each use case will be implemented as per client requirements.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: All client scenarios are likely to be unique and therefore many aspects of the solution can be customised. This includes user interface on the mobile application, integration, and specific use cases. At each phase of the project, clients are involved in the customisation, and the users of the service are engaged throughout, to ensure that services are tailored to specific requirements as appropriate.

Scaling

• Independence of resources: During the EnterpriseNext Delivery phase our technical team will work with you to forecast key usage metrics such as the total and concurrent users, peak/off-peak usage periods and projected data sizes/volumes which will help us determine the best possible approach for managing the demand placed on the service allowing us to draw out recommendations such as the use of load balancers.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics provided can be agreed dependent on client requirements, but typically this would be based on measures such as: The number of users logged on, durations, and application log data
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: FIPS 140-2 on our physical devices (hard drive encryption).
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We can provide the data in real time, and the data is transient. The only data Deloitte would expect to have is client logs; we can provide this in a number of different formats, as in the next question.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Dependent on client requirements
• Data import formats:
  • CSV
  • Other
• Other data import formats: Dependent on client requirements

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: No data transmitted outside the client’s dedicated environment.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.99%
• Approach to resilience: Available upon request
• Outage reporting: A range of alerting options are available, to be agreed by the client (email, web dashboard, phone etc.)

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Protected via proxied, privileged access management system
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance UK Limited
• ISO/IEC 27001 accreditation date: 01/04/2022
• What the ISO/IEC 27001 doesn’t cover: The scope of the Information Security Management System is limited to the scope of Deloitte LLP and its subsidiaries in the UK, Gibraltar, Switzerland and Liechtenstein.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • GBEST
  • CHECK
  • CREST
  • TIBER-EU
  • ICAST
  • Offensive Security Certified Expert (OCSE)
  • Offensive Security Certified Professional (OSCP)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO/IEC 27001:2013

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All config and change management processes are subject to multiple approval levels; where security is a consideration, this is approved by the internal cyber risk team.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Weekly scans for vulnerabilities; patches applied with Cyber Essentials Plus
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Fully-automated for monitoring and alerting for all client systems
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Fully managed and defined, in line with ISO/IEC 27001:2013

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Deloitte is committed to delivering effective stewardship of the natural environment both with our clients and within communities. We do this through our methodologies, how we run projects, how we work in partnership with our Social Value Delivery Partners and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the Social Value Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of commitments.; We have infrastructure in place to deliver against this theme. Our Social Value Team manages our ecosystem of Social Value Delivery Partners, and shapes our commitments for delivering additional environmental benefits and influencing environmental improvement and protection. This is done in collaboration with our WorldClimate team, Responsible Business team and Net Zero Transformation, Strategy and Innovation Team.; Our WorldClimate strategy focuses on four objectives where we can make the biggest impact: achieving Net Zero by 2030: Operating Green; empowering individuals through education and sustainability challenges/tools; and engaging ecosystems by collaborating with our clients, alliance partners, NGOs, industry groups, suppliers, and others to address climate change at a systems and operations level.; Our engagement teams can undertake volunteering activities with our climate related Social Value Delivery Partners as social value commitments, contributing to habitat creation and increasing biodiversity (e.g. WWT, WDC). We also have partnerships where we can co-design commitments around green skills, green jobs and carbon literacy.

  Covid-19 recovery

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met. ; Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.

  Tackling economic inequality

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met. ; Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.

  Equal opportunity

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met. ; Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.

  Wellbeing

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with the wellbeing theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/ communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to an engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated Social Value Team provides the bidding and governance infrastructure to support engagement teams. The team manages our ecosystem of Social Value Delivery Partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes of improving the health and wellbeing within the contract workforce and community cohesion are met. ; We have an extensive programme of wellbeing initiatives, tools and events to support our contract workforce. Our Future of Wellbeing team also specialises in wellbeing impact measurement, strategy, and culture, and can work with clients on improving these areas in their organisation. Their methodology is informed by best practice from around the world (e.g. CIPD, COMB-model of behaviour change, World Happiness Report, BSI ISO 45003, Thriving at work standards Stevenson/Farmer, City Mental Health Alliance).

Pricing

• Price: £450 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsectorbidteam@deloitte.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.