Falanx Cyber Ltd

Knack - Low-Code Application and Database Pilot Development platform

Knack is an easy to use Low-Code development platform that Securestorm can provide as a pilot development service that lets you quickly build online applications and data databases as a proof of concepts. With Knack you can structure data, connect by linking related records together and extend data with integrations.


  • Easy Low-Code development
  • Build a custom solution that fits your exact needs
  • 14 day free trial!
  • Create flexible interfaces with tables, forms, searches, maps, etc
  • Create database objects types that add powerful functionality
  • Get started quickly with templates you can customise and tweak
  • Control users access to specific content, via roles and permissions
  • Add payments to create powerful E-Commerce applications
  • Knack provides flexible tools to easily implement realtime workflows
  • Customise Knacks's functionality, interface/design, with CSS and Javascript


  • Completely Customise to User Needs
  • Suitable for OFFICIAL classified workloads and information
  • Low code development enables rapid creation and deployment of services
  • Live Data, Instant Insights
  • Plays Well With Others via API and Webhook Integtations
  • Free support with live chat, with english-speaking humans
  • Accept Payments With No Coding (Easy E-Commerce)
  • Speed & Security Reliability - suitable for OFFICAL data
  • Automated notifications allow for easy sharing of data
  • Mobile Access allows for anytime anywhere input/delivery of business data


£30 per unit per month

Service documents

G-Cloud 10


Falanx Cyber Ltd

Tom Evans



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints N/A
System requirements N/A

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Securestorm can provide email support, Monday to Friday between 9am and 5pm, UK time, with response within 24 hours.
Knack provides a range of support options depending on the subscription plan purchased: Basic Support includes email and online ticketing support via their online support site, Monday to Friday between 10am and 6pm EST, USA time, with response within 1 - 2 days, as well as web chat support from within the Knack platform, which is within 24 hours response time. See out service description for more details on the Support packages available in the subscription plans.
User can manage status and priority of support tickets No
Phone support No
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Chat is great for general questions on how to build your app. Even if Knack support aren't immediately available we'll reply as soon as possible. Knack web chat availability is Monday - Friday 10am to 6pm EST USA, although you'll often find Knack support on at other hours. Knack web chat is accessible from within the Knack development platform, by simply clicking on the Knack logo icon in the bottom right-hand corner of the builder screen.
Web chat accessibility testing None.
Onsite support Yes, at extra cost
Support levels Securestorm free email support is available Monday to Friday, 9am to 5pm, UK, with a response within 24 hours. Securestorm can provide on-site support, configuration and consultancy, as part of a separate Cloud Support Service on the Digital Marketplace.
The Knack.com online support site has a range of FAQs, guides and manuals, free and available 24/7.
Knack Basic Support: free online ticketed support, and web-chat support are both available Monday to Friday, 10am to 6pm EST, USA, with response within 1 - 2 days.
Knack Priority Support: same as Basic, but also includes phone or Skype support, within 24 hours.
Knack Premier Support: includes a dedicated Support Manager, and same day response.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Knack.com has an online support site that includes a "Getting Started" page, with easy to follow instructions, documentation, videos, case studies and guidance. As a provider of application and database services, knack.com (together with its affiliates, "Knack") offers its customers (also known as subscribers), and their customers and users, the means to acquire and disseminate electronic data, files and information. While Knack acknowledges that the internet can provide a forum for free and open dissemination of information, Knack reserves the right to take certain preventative or corrective actions as it deems appropriate. To this end, Knack has developed this Knack Acceptable Use Policy (this "Policy"), which supplements certain terms of each customer's respective service agreement and is intended as a guide to such customer's rights and obligations when utilizing Knack's services.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Knack has Zero data lock-in. Export your records at any time into CSV, text, or JSON files.
End-of-contract process At the end of the contract or subscription period, access to the Knack dashboard will be closed, and the data cleansed. It is suggested that prior to the cut off date, that any data that is to be retained, is downloaded as either a CSV, JSON or text file.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The applications built on Knack can be viewed on mobile devices. It is suggested that desktops or laptops are used to access the Knack Builder service.
Accessibility standards WCAG 2.0 AAA
Accessibility testing WCAG 2.0 AAA site checking service has been conducted against the platforms web interface.
What users can and can't do using the API Knack offers a comprehensive API that gives designers and developers full access to update and customize Knack applications. Users can: use the Knack API to create, retrieve, update, and delete application records; use client-side JavaScript to trigger actions when your users perform specific events in your live applications; use CSS to customize your application's design, including the layout, colours, and text. The Knack API is organized around REST. Has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors. Knack use built-in HTTP features, like HTTP authentication and HTTP verbs, which are understood by off-the-shelf HTTP clients. The API follows most conventions of RESTful architecture. Any requests which require authentication must always be authenticated, as our servers do not retain information from previous requests. Our routes are reliably simple and lack more than a few levels of nesting. All data sent to and from the API must be in JSON format. Knacks online guides provide example API requests throughout the documentation.
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation As Knack is a "Low Code" development platform, it is fully customisable. You determine the database object structure. You design the pages, views, workflows and reports of the application. The platform developers/builders have full control of the customisation, and can even change CSS and add JavaScript as required.


Independence of resources Knack is built on AWS cloud infrastructure and as such, has been architected to scale on demand without effecting user services. Number of applications, quantity of records and storage used are limited based on the level of subscription plan. The plan limits are stated and tracked on the users platform dashboard.


Service usage metrics Yes
Metrics types Number of applications built, records used and amount of storage used. These metrics are displayed on the application builder dashboard.
Reporting types Real-time dashboards


Supplier type Reseller providing extra support
Organisation whose services are being resold Knack.com

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Knack.com has Zero data lock-in. Export your records at any time into CSV, text, or JSON files.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • Text
Data import formats
  • CSV
  • Other
Other data import formats JSON

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Knack provides a 99.9% uptime guarantee. This means that for any given month, while unlikely, it is possible that Knack may experience an average downtime of up to 2678 seconds excluding scheduled maintenance. If an outage exceeds a cumulative of 2678 seconds in a month, Knack will credit 5% of the Your base monthly recurring fee for the affected account, per hour of downtime. THE TOTAL CREDIT ALLOWANCE PER MONTH IS CAPPED AT 100% of THAT MONTH'S MONTHLY RECURRING FEE FOR THE AFFECTED ACCOUNT. This guarantee covers Knack's internal infrastructure including application and database servers, routers, switches, the cables connecting them, and connectivity to our backbone providers. This guarantee does not cover email delivery. Scheduled Maintenance means any maintenance on the equipment and services that affect the uptime of Knack, for which You are notified at least 24 hours in advance. Notice of Scheduled Maintenance will be provided to your account administrator by a method elected by Knack (email or telephone). Nothing in this agreement shall prevent Knack from conducting emergency maintenance on an as-needed basis.
Approach to resilience Knack is built on AWS cloud infrastructure, and has been built to be resilient by design. Multiple Databases - Knack mitigates database failures by storing your data in multiple databases, so if one database goes down the other databases can pick up the slack. Each change made to your database immediately propagates to these redundant versions. Multiple Locations - Having multiple databases won't help if they are all stored in a single location. One well placed meteor landing and those databases are gone. Knack mitigates location failure by storing the extra databases in different geographic locations. Built in Redundancy - Knack uses AWS features like Auto-Scaling and Elastic Load Balancing to ensure that our production systems remain online and traffic is always routed to healthy instances. Knack continuously replicates your data and have it ready to bring online if any primary nodes fail. Offline Backups - Knack stores physical backup files in a separate location from the servers as a final safeguard in case of major catastrophe. These backups are made daily and are encrypted using AES-256 encryption keys.
Outage reporting Email alerts will be provided for any scheduled or unscheduled down time. In the event that scheduled maintenance may unduly affect Your operations, it shall be Your responsibility to so notify Knack Technical Support via https://www.knack.com/tech-contact/ to discuss any necessary arrangements.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication Password Protection - Password protect your apps with encrypted password technology, so that only authenticated users can access it. You can configure multiple registration options for adding new users. Advanced Logins - Integrate your Active Directory or LDAP users for Single Sign On to limit access to your established users. IP Blocking - Optionally restrict access to your app to specific IP addresses or IP blocks. Record Level Security - Design your application so that each logged-in user can only access the records that are connected to them.
Access restrictions in management interfaces and support channels VPN Access - All access by Knack employees to customer data is governed by a secure virtual private network. This access is monitored and can be revoked at any time. Access Logging - Every access request to your data by a Knack employee is logged and time-stamped. We can confirm exact access by the Knack team to any data in the unlikely case that this log is needed. Support Access - The Knack team will sometimes need to access your data for support services. We only do this at your request and when necessary to resolve the issue.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 EY CertifyPoint
ISO/IEC 27001 accreditation date 11/11/2016
What the ISO/IEC 27001 doesn’t cover The Amazon Web Services ISO27001 certification includes the infrastructure that the Knack Platform is built on. The Knack platform, however, is not included within the ISO27001 certification scope.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 11/11/2016
CSA STAR certification level Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover The Amazon Web Services CSA STAR certification includes the infrastructure that the Knack Platform is built on. The Knack platform, however, is not included within the CSA STAR certification scope.
PCI certification Yes
Who accredited the PCI DSS certification Coalfire Systems, Inc.
PCI DSS accreditation date 25/01/2018
What the PCI DSS doesn’t cover The Amazon Web Services (AWS) PCI DSS certification covers the AWS infrastructure that the Knack platform is built on. The Knack platform is not covered by the certification scope.
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • National Cyber Security Centre certified Cyber Security Consultancy

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards Securestorm is Cyber Essentials certified. The underlying infrastructure is provided by Amazon Web Services, who are: ISO27001:2013, PCIDSS, CSA CCM, SOC2, BSI C5 and Cyber Essentials certified.
Information security policies and processes Securestorm has implemented an Information Security Policy, including: Data Protection and Privacy, Classifications, Backup and Recovery, Encryption, Data Erasure and Destruction, Change Management and Testing. All processes that staff are required to follow are detailed in the Securestorm Employee Handbook. All security issues are report to the Securestorm CISO.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Infrastructure is provided by AWS - See AWS SOC2 Report, September 2016, CC7.4. See also AWSCA-6.1 - Applies a systematic approach to managing change.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Infrastructure is provided by AWS - See AWS SOC2 Report, September 2016, CC3.1, CC6.1, CC7.4.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Infrastructure is provided by AWS - See AWS SOC2 Report September 2016, CC3.1, CC6.2, CC7.4.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Knack DDoS Mitigation - AWS provides a robust platform that is not only pre-built to mitigate some attacks, but it also allows Knack to react quickly to spread out impact if there is an attack. Infrastructure is provided by AWS - See AWS SOC2 Report September 2016, CC3.1.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £30 per unit per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Try Knack free for 14 days. No credit card required and you can cancel at any time. The free trial version includes: Up to 20,000 records; 2 GB of storage; build up to 3 applications; and Basic Support.
Link to free trial https://www.knack.com/r/hmgg1018


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑