YUDU Publisher provides easy digital publishing to browser and to custom apps, and allows the control of who can access published items.
Upload content as PDF and optionally add enhancements such as embedded multimedia and interactivity. Responsive content for small screen reading is also supported.
- Publish to browser or custom cross-platform app
- Responsive layout mode for reading on phone screens
- Organise published items and documents by category
- Unified search across all documents
- Annotations and highlighting with cross-device synchronisation
- Offline reading and document access
- Embed multimedia and feedback widgets
- Built-in analytics on document viewing patterns
- Publish your content across all device types
- Control access to restrict content to its intended audience
- Make sure users always see the latest version of documents
- Publish large content volumes quickly and easily
- Enhance content for maximum visual impact
- Deliver to a custom branded cross-platform app
- Publish any content: magazines, catalogues, ebooks, business documentation etc
- In-app purchasing for ecommerce apps and publications
£500 per licence per year
- Education pricing available
- Free trial available
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||No relevant constraints|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Within 24 hours excluding weekends and UK bank holidays.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
First level support response is provided during UK working hours via email and phone, with an assigned technical account manager, at no additional cost. Tickets are managed using ZenDesk.
Support tickets are escalated to second-level development staff where required.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||We provide extensive guidance and support resources at https://help.yudu.com/. Online training via webinar and/or onsite training are also available at an additional cost.|
|End-of-contract data extraction||
Data consists of i) content that the users have published through the service, and ii) records of the users as used for authentication etc.
Published content is typically already available to users since they provided it in the first place. Users may download the published version of the content if they wish, though since it uses a custom publication format that is of limited use without the rest of the platform.
The contract price includes access to the publishing platform and support by email and phone, as well as all hosting and bandwidth costs for published content.
Bureau publishing services, additional support such as on-site training, design projects etc. are available at an additional cost.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||PhoneView ensures that documents are smoothly fitted to any screen size.|
|Description of service interface||The interface allows you to upload, manage, enhance and publish your digital documents to web, iOS, Android or Windows apps.|
|Accessibility standards||None or don’t know|
|Description of accessibility||Content published through the platform can be provided in a responsive HTML format allowing font resizing and text to speech using mobile devices' built in support.|
|Accessibility testing||Content published to iOS apps with a responsive version of the content can generally be accessed using the device's built-in accessibility features. Preliminary testing with Windows-based assistive technology for text to speech indicates that further development would be needed to make the content accessible. Accessibility testing has not been performed on the publishing platform itself.|
|What users can and can't do using the API||
Using the API clients can upload and publish or depublish content, as well as control which users have access to which pieces of content.
The API provides a subset of the functionality available through the main publishing UI, but includes all of the most important publishing options.
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Independence of resources||Intensive operations are queued for asynchronous processing by a separate set of servers, meaning site responsivity is unaffected by heavy usage.|
|Service usage metrics||Yes|
|Metrics types||Built-in metrics show aggregate viewing statistics for published items, such as visit count, page views and interaction counts.|
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||Other|
|Other data at rest protection approach||Data is stored on AWS s3 storage instances. Encryption at rest could be supported as an add-on.|
|Data sanitisation process||No|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||The nature of the service is that users already have their content, and the platform allows them to publish it in a custom format to a defined audience, so data export is not normally required.|
|Data export formats||Other|
|Other data export formats||N/A|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
We will use commercially reasonable efforts to make Publisher available 99.95% of the time. In the event YUDU does not meet the goal of 99.95% availability in a given calendar month (“Monthly Uptime Percentage”), you will be eligible to receive a Service Credit.
The credit shall be calculated as five (5) percent of the Customer’s monthly spend with the us for each of the SLA targets unto a maximum of a ten (10) percent credit, where the monthly spend is defined as the total invoiced amount for the calendar month period of the month affected by downtime.
|Approach to resilience||
We use multiple datacentre locations, using load balancers to span across datacentres using Amazon Web Services (AWS). Databases are similarly configured for multiple availability zones and automatic failover using AWS RDS. Filestores (S3) use multiple storage locations to ensure no data is lost, with CloudFront's CDN acting as a near-ISP high speed cache for serving of content in the United Kingdom and around the world, as required.
Each server type (web, task, etc.) has at least two (and often 3-5) instances running constantly to ensure no single point of failure.
|Outage reporting||Any planned out-of-hours downtime is shown ahead of time in a message screen shown to users logging on to the platform. In the event of an outage, updates are sent to clients and users via a Twitter account.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
Admin level users with access in the system to data from more than one client are subject to more stringent password requirements, and admin accounts are subject to periodic review.
Higher level access such as to the database or server configuration is only available to the development team, and requires connection via a secure VPN.
|Access restriction testing frequency||Less than once a year|
|Management access authentication||Dedicated link (for example VPN)|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||01/01/2016|
|CSA STAR certification level||Level 2: CSA STAR Attestation|
|What the CSA STAR doesn’t cover||We are with AWS, who are CSA STAR accredited.|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||Security policy is managed by the CTO, Head of Security and CEO, based on reference to relevant standards such as ISO27001 wherever it's practical to follow those guidelines.|
|Information security policies and processes||
Security policies are enforced by an assigned Security Officer for each office/department of the company. These report to a single Head of Security, who in turn report to the CTO and CEO.
All employees agree to the company security policy on joining, and are required to report any lapse of the policy to the appropriate Security Officer so that it can be addressed. Security Officers also monitor and periodically review to identify any points of concern.
We are currently working towards our ISO22301 certification.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Change requests from customers, internal and external stakeholders are assessed by an internal review team at least once per quarter, with non-trivial development items discussed (including any impact of the change to other components of the system), reviewed and accepted for the following quarter, with all subsequent development being peer-reviewed and tested before release.
Separate internal teams are maintained for development items that are less than a couple of man-days, reviewed and implemented as time allows from the support developer team resources.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Potential threats are assessed from multiple documented sources, from commonly used resources like the OWASP project (https://www.owasp.org/index.php/Main_Page), as well as mailing lists and security updates (typically critical, high) for the client-facing software we use.
Speed of deployment is usually within a week for critical vulnerabilities, but depends on individual assessment of the issue - for example, the recent Intel hardware issues (Spectre and Meltdown) had fixes that crippled the servers they were deployed on, requiring more extended deployment timescales and further testing.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Internet facing servers are hardened to use only essential ports, with penetration testing against the public interfaces. Clients are free to arrange external penetration testing by appointment.
Any compromise detected is dealt with as a Tier 1 support issue (most urgent), with the entire development and support team being involved.
In the event of a security breach as defined by the Data Protection Legislation or any such event that may impact on the customer's data, we will upon discovery notify the customer without undue delay and in any event within 48 hours.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Clients may report incidents via telephone, email or a support/ticket system (Zendesk), which will keep them up to date of the progress of their support tickets. This information is permanently available to clients for their internal reports.
Support items are classified according to impact, urgency and sorted either into a dedicated support team member or, if requiring developer level support, assigned into a queue system for that support.
Common events typically have documented processes for support staff to resolve without developer level support.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£500 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||30 day free trail to access the platform for standard projects.|