YUDU Sentinel

YUDU Publisher

YUDU Publisher provides easy digital publishing to browser and to custom apps, and allows the control of who can access published items.

Upload content as PDF and optionally add enhancements such as embedded multimedia and interactivity. Responsive content for small screen reading is also supported.


  • Publish to browser or custom cross-platform app
  • Responsive layout mode for reading on phone screens
  • Organise published items and documents by category
  • Unified search across all documents
  • Annotations and highlighting with cross-device synchronisation
  • Offline reading and document access
  • Embed multimedia and feedback widgets
  • Built-in analytics on document viewing patterns


  • Publish your content across all device types
  • Control access to restrict content to its intended audience
  • Make sure users always see the latest version of documents
  • Publish large content volumes quickly and easily
  • Enhance content for maximum visual impact
  • Deliver to a custom branded cross-platform app
  • Publish any content: magazines, catalogues, ebooks, business documentation etc
  • In-app purchasing for ecommerce apps and publications


£500 per licence per year

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

4 4 4 8 7 8 7 6 1 2 7 1 8 0 2


YUDU Sentinel

James O'Brien



Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
No relevant constraints
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 24 hours excluding weekends and UK bank holidays.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
First level support response is provided during UK working hours via email and phone, with an assigned technical account manager, at no additional cost. Tickets are managed using ZenDesk.

Support tickets are escalated to second-level development staff where required.
Support available to third parties

Onboarding and offboarding

Getting started
We provide extensive guidance and support resources at https://help.yudu.com/. Online training via webinar and/or onsite training are also available at an additional cost.
Service documentation
End-of-contract data extraction
Data consists of i) content that the users have published through the service, and ii) records of the users as used for authentication etc.

Published content is typically already available to users since they provided it in the first place. Users may download the published version of the content if they wish, though since it uses a custom publication format that is of limited use without the rest of the platform.
End-of-contract process
The contract price includes access to the publishing platform and support by email and phone, as well as all hosting and bandwidth costs for published content.
Bureau publishing services, additional support such as on-site training, design projects etc. are available at an additional cost.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
PhoneView ensures that documents are smoothly fitted to any screen size.
Service interface
Description of service interface
The interface allows you to upload, manage, enhance and publish your digital documents to web, iOS, Android or Windows apps.
Accessibility standards
None or don’t know
Description of accessibility
Content published through the platform can be provided in a responsive HTML format allowing font resizing and text to speech using mobile devices' built in support.
Accessibility testing
Content published to iOS apps with a responsive version of the content can generally be accessed using the device's built-in accessibility features. Preliminary testing with Windows-based assistive technology for text to speech indicates that further development would be needed to make the content accessible. Accessibility testing has not been performed on the publishing platform itself.
What users can and can't do using the API
Using the API clients can upload and publish or depublish content, as well as control which users have access to which pieces of content.

The API provides a subset of the functionality available through the main publishing UI, but includes all of the most important publishing options.
API documentation
API documentation formats
API sandbox or test environment
Customisation available


Independence of resources
Intensive operations are queued for asynchronous processing by a separate set of servers, meaning site responsivity is unaffected by heavy usage.


Service usage metrics
Metrics types
Built-in metrics show aggregate viewing statistics for published items, such as visit count, page views and interaction counts.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Other data at rest protection approach
Data is stored on AWS s3 storage instances. Encryption at rest could be supported as an add-on.
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
The nature of the service is that users already have their content, and the platform allows them to publish it in a custom format to a defined audience, so data export is not normally required.
Data export formats
Other data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We will use commercially reasonable efforts to make Publisher available 99.95% of the time. In the event YUDU does not meet the goal of 99.95% availability in a given calendar month (“Monthly Uptime Percentage”), you will be eligible to receive a Service Credit.

The credit shall be calculated as five (5) percent of the Customer’s monthly spend with the us for each of the SLA targets unto a maximum of a ten (10) percent credit, where the monthly spend is defined as the total invoiced amount for the calendar month period of the month affected by downtime.
Approach to resilience
We use multiple datacentre locations, using load balancers to span across datacentres using Amazon Web Services (AWS). Databases are similarly configured for multiple availability zones and automatic failover using AWS RDS. Filestores (S3) use multiple storage locations to ensure no data is lost, with CloudFront's CDN acting as a near-ISP high speed cache for serving of content in the United Kingdom and around the world, as required.

Each server type (web, task, etc.) has at least two (and often 3-5) instances running constantly to ensure no single point of failure.
Outage reporting
Any planned out-of-hours downtime is shown ahead of time in a message screen shown to users logging on to the platform. In the event of an outage, updates are sent to clients and users via a Twitter account.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Admin level users with access in the system to data from more than one client are subject to more stringent password requirements, and admin accounts are subject to periodic review.

Higher level access such as to the database or server configuration is only available to the development team, and requires connection via a secure VPN.
Access restriction testing frequency
Less than once a year
Management access authentication
Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
We are with AWS, who are CSA STAR accredited.
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Security policy is managed by the CTO, Head of Security and CEO, based on reference to relevant standards such as ISO27001 wherever it's practical to follow those guidelines.
Information security policies and processes
Security policies are enforced by an assigned Security Officer for each office/department of the company. These report to a single Head of Security, who in turn report to the CTO and CEO.

All employees agree to the company security policy on joining, and are required to report any lapse of the policy to the appropriate Security Officer so that it can be addressed. Security Officers also monitor and periodically review to identify any points of concern.

We are currently working towards our ISO22301 certification.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change requests from customers, internal and external stakeholders are assessed by an internal review team at least once per quarter, with non-trivial development items discussed (including any impact of the change to other components of the system), reviewed and accepted for the following quarter, with all subsequent development being peer-reviewed and tested before release.

Separate internal teams are maintained for development items that are less than a couple of man-days, reviewed and implemented as time allows from the support developer team resources.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential threats are assessed from multiple documented sources, from commonly used resources like the OWASP project (https://www.owasp.org/index.php/Main_Page), as well as mailing lists and security updates (typically critical, high) for the client-facing software we use.

Speed of deployment is usually within a week for critical vulnerabilities, but depends on individual assessment of the issue - for example, the recent Intel hardware issues (Spectre and Meltdown) had fixes that crippled the servers they were deployed on, requiring more extended deployment timescales and further testing.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Internet facing servers are hardened to use only essential ports, with penetration testing against the public interfaces. Clients are free to arrange external penetration testing by appointment.

Any compromise detected is dealt with as a Tier 1 support issue (most urgent), with the entire development and support team being involved.

In the event of a security breach as defined by the Data Protection Legislation or any such event that may impact on the customer's data, we will upon discovery notify the customer without undue delay and in any event within 48 hours.
Incident management type
Supplier-defined controls
Incident management approach
Clients may report incidents via telephone, email or a support/ticket system (Zendesk), which will keep them up to date of the progress of their support tickets. This information is permanently available to clients for their internal reports.

Support items are classified according to impact, urgency and sorted either into a dedicated support team member or, if requiring developer level support, assigned into a queue system for that support.

Common events typically have documented processes for support staff to resolve without developer level support.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£500 per licence per year
Discount for educational organisations
Free trial available
Description of free trial
30 day free trail to access the platform for standard projects.

Service documents

Return to top ↑