Kaldor Ltd (Pugpig)

Pugpig Publish

Pugpig Publish is the mobile publishing platform that powers content apps that work perfectly across tablet, mobile and web all in one go.

You can use Pugpig for publishing magazines, brochures, journals, pamphlets, educational materials and more, and you can get up and running in a matter of days.


  • Publishes magazines, brochures, catalogues, journals or any documents
  • Content ingested from any CMS or source
  • Native support for iOS, Android and web (online and offline)
  • Articles, video, podcasts, products, promotions,
  • Fully integrated analytics through GA and others
  • Integrated with all push providers (e.g. UA, AppBoy)
  • Supports all app stores (iTunes, Google Play, Amazon)
  • Used by the biggest publishing brands in the world
  • Full integration with authentication systems
  • Full search capabilites


  • Publish content across all platforms with one process
  • Get content apps up and running in a few days
  • Requires no technology expertise
  • Supports publishing to editions or to a live stream
  • A much more engaging way to communicate
  • Can be fully open or secured through authentication
  • Use our dashboard to manage and track app performance
  • Allows you to capture user analytics and interests/opinions/feedback
  • Add advertising and promotions quickly and easily


£10000 per licence per year

Service documents

G-Cloud 10


Kaldor Ltd (Pugpig)

Jonny Kaldor

+44 203 405 5238


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to We integrate and act as the mobile publishing channel for any CMS. We have tight integration in particular for Drupal and Wordpress, but can work with many others
Cloud deployment model Public cloud
Service constraints None
System requirements No requirements - technology is hosted by us.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Critical - 1 hour
High - 2 hours
Medium - 4 hours
Low - 2 days
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible We use either Citrix Go to Meeting, Skype or Google Hangouts. We can support other tools if needs be
Web chat accessibility testing Not known
Onsite support Yes, at extra cost
Support levels Available upon request based on requirements
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our standard product is shipped with a starter pack which provides all the support necessary to get your app up and running.
Documentation is available for configuring, customising and using the platform.
Training is also provided by our onboarding team
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction All data is held in a CMS in structured form and can be exported through various means.
End-of-contract process At the end of the contract, the buyer can choose to continue for an additional 12 months or to cancel the contract.
Pugpig pricing includes everything you need to operate the service.
Additional packs for integration with 3rd party systems and for template design can purchased but are not always required

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Our architecture is fully architected to work across all devices, specifically mobile.. This can be demonstrated upon request
Accessibility standards None or don’t know
Description of accessibility We use Zendesk and therefore support their accessibility features...
Accessibility testing None
Customisation available Yes
Description of customisation Pugpig is a fully customisable platform. - All aspects of the service can be customised.
Customisation can be executed by us or by your own technology team (or supplier)


Independence of resources All our services are hosted on AWS servers with all the appropriate load balanced capabilities configured. All managed by Datapipe.
Our CDN is provided by Fastly


Service usage metrics Yes
Metrics types We integrate with the leading analtics engines including Google Analytics, Flurry, Omniture out of the box. We can also integrate other systems as required
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach No user data is held at any time by our systems.
We integrate with third parties for these services.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach If held in our Wordpress instance, through standard Wordpress tools.
Otherwise, data is held in your own CMS
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • XML
  • HTML
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • XML
  • HTML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability For the customer facing aspects of the solution, the only pieces of critical infrastructure are Amazon AWS and Fastly, both of which offer > 99.9% availability on their SLAs.
Approach to resilience Available on request,
All managed on AWS through Datapipe. Our critical pieces of infrastructure (Amazon S3/EC2/RDS/SQS/Cloudsearch, and Fastly CDN) are all designed with resilience in mind.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Each customer receives a unique domain for the management interface (e.g. company.admin.pugpig.com). Clients can choose to restrict access to their domain by IP range if required. We ensure data is segmented between customers.

We provide various roles for customers so, for example, different users can access billing information vs content.

Our support channels are all based on ZenDesk, so we piggyback on their security systems.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach All managed on AWS through Datapipe.
Information security policies and processes Available on request,
All managed on AWS through Datapipe.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach NOTE: On request, we can provide a full SIG Lite (http://sharedassessments.org/products/2017-sig-lite-bundle/) document that provides a large amount of detail on many of the questions in this and the following sections.

All source code and configuration is managed using BitBucket (Atlassian hosted Git). Tickets are managed via Atlassian JIRA. All configuration is stored in Laravel .env files, not in source code, but is version controlled. We have an audit trail in the database and in log files of all configuration changes made through the user interface.

Our clients regularly run their own Pen Tests.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All operating systems are automatically patched overnight with any security patches - we would rather risk a bug than a security hole. The patches are rolled out to thousands of other (Ubuntu) servers around the world, and we have only ever had one instance of a security patch introducing a problem, and a new patch that fixed it was released within hours.

We automatically upgrade our other systems (for example Wordpress) when security patches are released.

Our management company (Datapipe) performs vulnerability assessments, and alert up to issues.

We subscribe to the Ubuntu Security mail lists (ubuntu-security-announce@lists.ubuntu.com)
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our managing company, Datapipe, perform vulnerability scans, and have a layer of intrusion detection on top of the Amazon AWS systems which also provide some.

To date, none of our systems have been compromised. However, the servers are all emphemeral so can be rebuilt should something happen. They are isolated from one another using Amazon security rules, and separate VPCs for different environment. Not that we don't own any physical servers or have our own network, so the surface area is small.

We have additional systems that monitor the operation system/software of our servers.
Incident management type Supplier-defined controls
Incident management approach All of our critical incident reporting (Incidents/Tasks/etc) are reported and monitored via Datapipe's Cloud Based ticketing system.

Users report incidents to use via telephone or our support system if relevant. We provide incident reports to our users via email, although to date we have not had to do this.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £10000 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial We are able to create free simple trial and demo apps for limited use. These are fully functioning and are accessible for a number of weeks. They are not available for commercial use, only for trial purposes.
More complex proofs of concept can also be developed on a day rate
Link to free trial Www.pugpig.com - has links to many of our apps


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑