Skip to main content

Help us improve the Digital Marketplace - send your feedback

YUDU Sentinel

YUDU Publisher

YUDU Publisher is a cloud-based tool to help local government and public services publish fully accessible documentation online - turning PDF reports and documents into fully-accessible HTML to comply with WCAG 2.0 standards.

Features

  • Convert PDF publications and reports into HTML
  • Comply with AAA WCAG 2.0 accessibility standards
  • Compatible with screen readers for users with visual impairments
  • Keyboard navigation for users with visual & motor impairment
  • Flexible text sizes for improved readability
  • Enhance content with video and audio to complement content
  • Web URLs, phone numbers and email addresses automatically linked
  • Keyword search to easily find related content
  • Protect sensitive content with robust login protection
  • Stats and analytics unlock insight into reader behaviour

Benefits

  • Deliver content across all modern devices and browsers
  • Improved reading experience for all users
  • Fast load times using our content delivery network
  • Easily update reports and publications worldwide in minutes
  • Fully branded - custom domains to build trust with users
  • Engage readers by including video or animation
  • Measure engagement with Google Analytics integration
  • Secure - ISO 27001 compliant
  • Reduced workflow and increased productivity in your department
  • Our on demand service provides peace of mind

Pricing

£500 a licence a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@sentinelresilience.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

5 7 3 5 0 2 6 3 7 7 1 6 0 9 8

Contact

YUDU Sentinel Charlie Stephenson
Telephone: +44 7960252055
Email: enquiries@sentinelresilience.com

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
No relevant constraints
System requirements
  • None.Access through any modern browser
  • Optional Apps- a licence from Apple (iOS) or Google (Android)

User support

Email or online ticketing support
Email or online ticketing
Support response times
These are responses to questions or general support and not outages or malfunctions. Tickets are answered within 24 hours excluding weekends and UK bank holidays. Zen Desk ticketing.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
This response applies to support and not outage of the system that are monitored 24/7 and responded to in accordance with our SLA.
First level support response is provided during UK working hours via email and phone, with an assigned technical account manager, at no additional cost. Tickets are managed using ZenDesk.

Support tickets are escalated to second-level development staff where required.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
A welcome pack is provided to new customers providing all the details they need to get started.
A customer support engineer is assigned to assist the client.
We provide extensive guidance and support resources at https://help.yudu.com/.
Online training is provided via webinar and/or onsite training are also available at an additional cost.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Data consists of i) content that the users have published through the service, and ii) records of the users as used for authentication etc.

Published content is typically already available to users since they provided it in the first place. Users may download the published version of the content if they wish, though since it uses a custom publication format that is of limited use without the rest of the platform.
End-of-contract process
The contract price includes access to the publishing platform and support by email and phone, as well as all hosting and bandwidth costs for published content.
Bureau publishing services, additional support such as on-site training, design projects etc. are available at an additional cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Standard viewing of documents on mobiles differ from desktops as they the user can fit the view to the viewing screen width and scroll or tap to zoom. If available, the PhoneView version is automatically served to the user when a mobile device is detected ensures that documents are smoothly fitted to any screen size.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
The interface allows you to upload, manage, enhance and publish your digital documents to web, iOS, Android or Windows apps.
Accessibility standards
None or don’t know
Description of accessibility
The interface has been assessed against WCAG 2.1AA using online tools and changes will be implemented to address any accessibility issue identified. Content published through the platform can be provided in a responsive HTML format allowing font resizing and text to speech using mobile devices' built in support.
Accessibility testing
Content published to iOS apps with a responsive version of the content can generally be accessed using the device's built-in accessibility features. Preliminary testing with Windows-based assistive technology for text to speech indicates that further development would be needed to make the content accessible. Accessibility testing has not been performed on the publishing platform itself.
API
Yes
What users can and can't do using the API
Using the API clients can upload and publish or depublish content, as well as control which users have access to which pieces of content.

The API provides a subset of the functionality available through the main publishing UI, but includes all of the most important publishing options.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
A full suite of tools is available for Users to enhance and customise documents. Documents can be customised with live external links, email links, page links and tables on contents, videos, animations, information pop-ups, sharing options and many more settings are available to customise the document.
Users can customise using the Overlay Editor for adding content and links and the settings can be accessed via the console.

Scaling

Independence of resources
Intensive operations are queued for asynchronous processing by a separate set of servers, meaning site responsivity is unaffected by heavy usage.

Analytics

Service usage metrics
Yes
Metrics types
Built-in metrics show aggregate viewing statistics for published items, such as visit count, page views and interaction counts.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Data is stored on AWS s3 storage instances. Encryption at rest is supported as an add-on option.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The nature of the service is that users already have their content, and the platform allows them to publish it in a custom format to a defined audience, so data export is not normally required.
Data export formats
Other
Other data export formats
N/A
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We will use commercially reasonable efforts to make Publisher available 99.95% of the time. In the event YUDU does not meet the goal of 99.95% availability in a given calendar month (“Monthly Uptime Percentage”), you will be eligible to receive a Service Credit.

The credit shall be calculated as five (5) percent of the Customer’s monthly spend with the us for each of the SLA targets unto a maximum of a ten (10) percent credit, where the monthly spend is defined as the total invoiced amount for the calendar month period of the month affected by downtime.
Approach to resilience
We use multiple datacentre locations, using load balancers to span across datacentres using Amazon Web Services (AWS). Databases are similarly configured for multiple availability zones and automatic failover using AWS RDS. Filestores (S3) use multiple storage locations to ensure no data is lost, with CloudFront's CDN acting as a near-ISP high speed cache for serving of content in the United Kingdom and around the world, as required.

Each server type (web, task, etc.) has at least two (and often 3-5) instances running constantly to ensure no single point of failure.
Outage reporting
Any planned out-of-hours downtime is shown ahead of time in a message screen shown to users logging on to the platform. In the event of an outage, updates are sent to clients and users via a Twitter account.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Admin level users with access in the system to data from more than one client are subject to more stringent password requirements, and 2FA with admin accounts are subject to periodic review.

Higher level access such as to the database or server configuration is only available to the development team, and requires connection via a secure VPN.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International
ISO/IEC 27001 accreditation date
Originally accredited on 6th September 2019, and renewed in 2020 and 2021
What the ISO/IEC 27001 doesn’t cover
A.10.1 Cryptographic controls:
A.10.1.1: Policy on the use of cryptographic controls
A.10.1.2: Key management

A.11 Physical and environmental security:
A.11.1.5: Working in secure areas
A.11.1.6: Delivery and loading areas

A.14.2 Security in development and support processes
A.14.2.7: Outsourced development

A.18.1 Compliance with legal and contractual requirements
A.18.1.5: Regulation of cryptographic controls
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
01/01/2016
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
We are with AWS, who are CSA STAR accredited.
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Security policy is managed by the CTO, Head of Security and CEO, based on reference to relevant standards such as ISO27001 wherever it's practical to follow those guidelines.
Information security policies and processes
Security policies are enforced by an assigned Security Officer for each office/department of the company. These report to a single Head of Security, who in turn report to the CTO and CEO.

All employees agree to the company security policy on joining, and are required to report any lapse of the policy to the appropriate Security Officer so that it can be addressed. Security Officers also monitor and periodically review to identify any points of concern.

We are currently working towards our ISO22301 certification.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change requests from customers, internal and external stakeholders are assessed by an internal review team at least once per quarter, with non-trivial development items discussed (including any impact of the change to other components of the system), reviewed and accepted for the following quarter, with all subsequent development being peer-reviewed and tested before release.

Separate internal teams are maintained for development items that are less than a couple of man-days, reviewed and implemented as time allows from the support developer team resources.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential threats are assessed from multiple documented sources, from commonly used resources like the OWASP project (https://www.owasp.org/index.php/Main_Page), as well as mailing lists and security updates (typically critical, high) for the client-facing software we use.

Speed of deployment is usually within a week for assessed critical vulnerabilities, but depends on individual assessment of the issue - for example, the recent Intel hardware issues (Spectre and Meltdown) had fixes that crippled the servers they were deployed on, requiring more extended deployment timescales and further testing.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Internet facing servers are hardened to use only essential ports, with penetration testing against the public interfaces. Clients are free to arrange external penetration testing by appointment.

Any compromise detected is dealt with as a Tier 1 support issue (most urgent), with the entire development and support team being involved.

In the event of a security breach as defined by the Data Protection Legislation or any such event that may impact on the customer's data, we will upon discovery notify the customer without undue delay and in any event within 48 hours.
Incident management type
Supplier-defined controls
Incident management approach
Major incidents are managed following the YUDU Incident Management Process document which is kept updated quarterly.
Clients may report incidents via telephone, email or a support/ticket system (Zendesk), which will keep them up to date of the progress of their support tickets. This information is permanently available to clients for their internal reports.

Support items are classified according to impact, urgency and sorted either into a dedicated support team member or, if requiring developer level support, assigned into a queue system for that support.

Common events typically have documented processes for support staff to resolve without developer level support.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

YUDU are pursuing strict environmental standards beyond the provisions of legislation.

In 2015 we migrated our infrastructure to Amazon Web Services (AWS), one of the world's leading data centre providers both in uptime and commitment to 100% renewable energy.

YUDU’s production offices (in Clitheroe) are powered by wind and solar energy, and we plan to broaden the scope of renewable power at our premises.

In addition to this, YUDU Publisher enables our clients to scale back their circulation of printed materials - creating substantial benefits for the environment.
Covid-19 recovery

Covid-19 recovery

YUDU Sentinel division has been successfully deployed throughout the COVID-19 pandemic to provide the vital link between the vulnerable house-bound and sheltering member of the public and volunteers and Council support groups. Digital Textbooks have been a vital service to allow children to learn from home and YUDU has seen a huge rise in demand during CODID which is continuing.
Tackling economic inequality

Tackling economic inequality

Consuming content on phones is a low cost way to make knowledge available to the widest possible community over all economic groups. Accessibility for those with motor or visual impairment can improve economic chances and YUDU is committed to ensure that accessibility applies to content delivered to mobile devices.
Equal opportunity

Equal opportunity

YUDU has a strict equal opportunities policy as part of our Ethics Policy
Wellbeing

Wellbeing

YUDU has a proud history of ensuring that the health and wellbeing of our staff is understood and acted upon when staff members experience difficulties at work or in their private lives. Through the pandemic weekly "Samlings" have been held on line for staff to participate and share stories. This has been a vital tool to avoid isolation and separation when working from home.

Pricing

Price
£500 a licence a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
30 day free trail to access the platform for standard projects.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@sentinelresilience.com. Tell them what format you need. It will help if you say what assistive technology you use.