Mendix is the fastest and easiest platform to build and continuously improve Mobile and Web apps at scale. It is the only high productivity application platform (hpaPaaS) that provides a comprehensive, integrated set of tools for the entire application life cycle(ALM), from ideation and development through deployment and operation.
- Low Code - Deliver 10x faster than traditional methods
- Mobile and Multi-Channel Apps- Build once, run across platforms.
- Smart and Connected- Leverage new technologies, integrate any system.
- DevOps- Continuous delivery with built-in DevOps and platform APIs
- Cloud Native– Stateless architecture with self-service scaling and HA.
- Multi-cloud Deployment- Deploy in your cloud of your choice.
- Quality Assurance– Proactively monitor quality and automate functional testing.
- Security– Build apps that automatically adhere to the highest standards
- Openness– Benefit from APIs and open standards at every level.
- Extensibility- Seamlessly extend your applications with custom code.
- Achieve unprecedented time to value with 10x higher productivity.
- Go fast without putting critical business functions at risk.
- Build Web, Mobile, tablet apps that exceed business expectations
- Build Smart Apps with actionable insights and increase business velocity
- Employ openness at every level, reducing integration costs
- Business users can create applications with no prior coding experience
- Allow Business and IT to collaborate to speed app development
£7 per user per month
- Education pricing available
Mendix Technology Limited
|Service constraints||None, please refer to system requirements.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Critical: < 1 hour
High: < 2 Extended Office Hours
Medium: End of next Business Day
Low: End of next Business Day
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Mendix Platform Support is offered 24/7, 52 weeks per year via the Mendix Support Portal, Mendix Community Forum and Telephone
Mendix also provides a Customer Success Manager who is responsible to ensure the success of clients implementations and projects.
|Support available to third parties||Yes|
Onboarding and offboarding
Mendix provides a full on-boarding program with our Digital Execution Program to get clients up and running extremely quickly.
Mendix offers free online training for all platform users. Our Introduction Course will quickly get your team up to speed so you can build robust and adaptable Mendix applications in days. To explore more advanced features and topics there is free access to online documentation and a very active forum and community. To further build your expertise Mendix provides Expert Webinars that are given by community Experts around platform.
In addition to online training Mendix provides (on site) Classroom Training and Certification and Consulting services as detailed in the SFIA document.
|Other documentation formats||Video Training|
|End-of-contract data extraction||
Mendix protects your investment in model-driven development, with a fully documented formal meta model. Details can be found at https://world.mendix.com/display/MXSDK/Mendix+SDK+Home
In addition to this, Mendix provides a Model API & SDK for exporting models including meta data, export to other RAD Platforms, 3GL programming languages (Java, .Net, Python, etc..) and Export to your target architecture (Spring, Hibernate, etc..)
Models can be exported at any time and reimported for later use; even after contract end, Mendix models will still run in the Mendix Free Edition
The Mendix contract covers the Mendix platform and runtime services. Any model or application developed and deployed on the platform remains the IP of the customer and as such can be migrated as mentioned above should the contract end.
Even after this, the model could be imported and used on the Mendix free edition albeit with limitations on users and uptime.
Using the service
|Web browser interface||Yes|
|Using the web interface||
The Mendix 'Home' Portal environment provides a set of capabilities for ideation, requirements capture, creation, deployment, monitoring and ongoing management of applications.
Designed to simplify every step of the application lifecycle through a collaborative, role based web portal, Mendix home provides tools for both business and IT users to deliver applications with unrivalled speed to market.
In addition to the platform itself, all apps created within Mendix are also accessible through web or mobile interfaces.
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||
Mendix is committed to providing support for all users, including those with special needs. Due to the dynamic, client side nature of Mendix applications however, the WCAG standard is not apprropriate; our goal is to conform to the WAI-ARIA.
The Web Accessibility Initative for Accessible Rich Internet Applications (WAI-ARIA) has been an official W3C recommendation since March 2014.
In addition to the above, Mendix provides an implementation of the UK Government Front end Kit providing compliance to .gov UI/UX standards.
|Web interface accessibility testing||Mendix is committed to testing with assistive technology users, for example those with colour blindness or other eyesight impairments. This testing is typically delivered as part of the testing of applications developed on the platform and is therefore customer deployment specific.|
|What users can and can't do using the API||
Mendix provides 2 levels of API, both of which are completely public, open and fully documented.
Application-level APIs. Every application built using the Mendix platform has powerful API options and every element of the application model can be easily provided as part of the API through REST or SOAP services.
Platform-level APIs. The core platform functionality is accessible through APIs, which allow developers to access and integrate Mendix with other tools and applications—for example, build and deploy APIs to support continuous integration.
|API automation tools||
|Other API automation tools||Jenkins|
|API documentation formats||
|Command line interface||Yes|
|Command line interface compatibility||
|Using the command line interface||
Mendix offers a command line interface to many aspects of the platform. From installation to server management and monitoring, package build and deploy etc..
The m2ee command line tool can be used to connect to the Mendix Runtime, issuing commands like setting loglevels, asking how many users are logged in, show currently running actions inside the application, or even telling it to shut down.
The MxBuild command line can be used to deploy and build a Mendix Deployment Package from a Mendix Project. MxBuild can be used to manually instigate a package build or run 'as a service' waiting for a post message instructing it what to build.
|Independence of resources||Resources are independent for each customer.|
|Infrastructure or application metrics||Yes|
|Other metrics||Application metrics are configurable and exposed through OData|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
A backup of all data (model and database) is made on a daily basis for the Acceptance, Test, and Production Environments. Backups are stored in secured locations that are geographically dispersed. Backups are available for restore as follows:
Nightly Backups: maximum 2 weekshistory (counting from yesterday)
Sunday Backups: maximum 3 monthshistory (counting from yesterday)
Monthly Backups (1stSunday of each month): maximum 1 yearhistory (counting from yesterday)
In addition to the Mendix backup schedule, users can initiate their own backups as desired.
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Users schedule backups through a web interface|
|Backup recovery||Users can recover backups themselves, for example through a web interface|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||Mendix guarantees 99.9% availability of the Cloud Services on which the Application Model runs in Production. Maintenance windows, force majeure, disruptions in third party webservices, internet outages and other circumstances beyond Mendix’s reasonable control are excluded.|
|Approach to resilience||Mendix Cloud hosting is built upon multiple datacenters and/or IaaS providers to provide resilience. Furthermore, disaster recovery procedures and testing are in place and part of Mendix security framework which is independently assessed by an external auditor (ISAE3402).|
|Outage reporting||Mendix provides a public dashboard and email alerts to report outages. This dashboard can be found at https://status.mendix.com|
Identity and authentication
|Access restrictions in management interfaces and support channels||The Cloud Portal allows administrators to manage users (defined in MxID) and configure role-based access for users to environments to deploy and manage apps. The Cloud Portal security interface is integrated into the project dashboard, so you have a 360° view of all access rights for a specific person within the context of an app. Mendix enforces the segregation of duties between (at least) the developer and application administrator, whose roles are both safeguarded using personal accounts. Mendix will not allow you to configure a general management account, to ensure that all actions are traceable to a person.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
|Devices users manage the service through||Directly from any device which may also be used for normal business (for example web browsing or viewing external email)|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Ernst&Young|
|ISO/IEC 27001 accreditation date||09/02/2018|
|What the ISO/IEC 27001 doesn’t cover||Please be referred to Mendix ISO/IEC27001:2013 certificate, which is made available to Mendix customers and prospects upon request and under NDA.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||Mendix has adopted 46 security controls from the ISO27001:2013 ISMS (Information Security Management System). These security controls are assessed by an independent auditor and disclosed in an ISAE3402 Type II assurance report.|
|Information security policies and processes||All employment and contractor agreements shall include a clause for the employee or contractor to comply with Mendix policies, including Mendix Information Security Policy|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Code changes are peer-reviewed first including mandatory unit tests. Then automated tests are run and manual exploratory testing is done by a tester. If all tests pass, the change is merged to master.
Mendix monthly releases follow a two-week process where a nightly build is followed by a code freeze on day 1 and then 1 week of regression, performance and security testing. On day 7 a new nightly build is created and labeled as Release Candidate. This RC goes through one week of integration testing and manual exploratory testing before it is released to public on day 14.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Mendix performs regular vulnerability scans on Mendix Cloud infrastructure and Mendix corporate network.
To allow for pro-active vulnerability management product managers and the Information Security Officer follow multiple security RSS-feeds, newsletters, websites of information security interest groups.
Furthermore, the Mendix Platform and Mendix Cloud hosting infrastructure undergoes regular penetration tests performed by a third-party vendor specialised in information security. Mendix issues these penetration tests at least once per year to ensure it meets the highest security standards and is part of the Mendix security controls, which are independently assessed and disclosed in our ISAE3402 Type II report.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Mendix detective security controls include, but are not limited to: active monitoring of log files, configuration changes and network anomalies.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Incidents need to be reported by submitting tickets via the Mendix Support Portal. This enables for all required information to be properly logged and incidents can be addressed in the fastest and most efficient manner. The support portal provides all information about the progress and status of reported incidents. In addition to the portal, the support phone is available to directly communicate regarding any support related questions. Critical incidents reported in the Mendix Support Portal have to be followed by a phone call to the support phone in order to immediately determine the best communication line while handling the ticket.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||Other|
|Other virtualisation technology used||Xen|
|How shared infrastructure is kept separate||Each Mendix Application consists of an acceptance and production environment (and optional a test environment). All these environments are a Mendix App Environment. A Mendix App Environment is a grouping of an dedicated virtual application server (Mendix Business Server) and a dedicated virtual database server. This Mendix App Environment includes host-based firewalls, web server, and database services and are logically isolated from other environments.|
|Price||£7 per user per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
The Mendix free trial version contains the full capability to gather ideas, plan and model applications through 1-click deployment and operation.
It contains up to 10 users with a small container and the application goes dormant after 1.5hrs. of inactivity, and automatically resumes when the application is launched. Excludes add-ons.
|Link to free trial||https://signup.mendix.com|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|