G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Loqiva are still valid.
Loqiva

Loqiva City Services Platform & Mobile App

Loqiva is a mobile city services platform for Councils and BIDs that provides residents and visitors with personalised information, a say on relevant local issues and the ability to pay for goods and services through a dedicated mobile app. Loqiva offers a turnkey, customisable solution for smart city initiatives.

Features

  • Mobile App (iOS & Android)
  • Client Administration Dashboard
  • Local Business Dashboard
  • Content Personalisation
  • Content Management System
  • Feedback & Reporting Tools
  • Location Triggered Content
  • IoT Connectivity
  • Payments
  • Analytics

Benefits

  • Create one place for citizen communication
  • Increase user engagement with cloud intelligence
  • Retain data ownership
  • Create efficiencies and cost savings
  • Support local businesses with insights and marketing tools
  • Streamline revenue generation
  • Connect smart city initiatives
  • Grow community participation

Pricing

£10,000 to £80,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@bcf2501c-565b-4e7f-8b37-d7ef5885835b.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

4 7 8 9 2 6 6 8 9 3 9 9 0 3 5

Contact

Loqiva <removed>
Telephone: <removed>
Email: <removed>@bcf2501c-565b-4e7f-8b37-d7ef5885835b.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Loqiva aggregates data and information from a range of third-party services including the customer's website, Twitter, YouTube, Google's mapping APIs and other data sources.
Cloud deployment model
Public cloud
Service constraints
Loqiva requires the customer to register with Google so that Google Maps, Places and Routes can be delivered through the App. The customer is billed by Google separately for this cost. As part of the annual fee, Loqiva maintains the platform and responds to third-party service updates as quickly as possible. Hosting and bandwidth for typical client use is also included in this. Beyond predefined limits, fees for additional bandwidth use are charged.
System requirements
  • Web Browser (Chrome, Safari or Edge, for Administration)
  • An Android or iOS Smartphone (to download App)
  • Google Maps Platform Account (for Mapping)
  • Stripe Account (for Payments)
  • Flurry (for Mobile Analytics)

User support

Email or online ticketing support
Email or online ticketing
Support response times
We respond to questions for free within one working day or typically faster. Premium support packages guarantee faster response times and an emergency number is provided at weekends.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We use a third-party product which complies with Web Content Accessibility Guidelines. We have tested its use with assistive technologies like VoiceOver.
Onsite support
Yes, at extra cost
Support levels
Loqiva provides different kinds of support to suit each customer's requirements. We have a package for on-site training and different packages for remote support.

A) On-Site Training:

One of our consultants will visit the customer's premises and provide group or one-to-one training. This is charged at a rate of £500 per day plus travel and accommodation costs.

B) Remote Training, User & Technical Support:

Free - Customers email for support. We will respond within one working day, email or call back where required during business hours. Suitable for small administrative teams that require infrequent support.

Premium - Customers chat online with us. We will respond as soon as possible (immediately or within 2-3 hours during business hours) or call back where required. Emergency 'out of hours' number also provided.

T1 (£500 pcm) - 1 day's dedicated support a month. Suitable for small administrative teams that require a faster response guaranteed.

T2 (£1000 pcm) - 2 to 3 days dedicated support a month. Suitable for larger administrative teams that require a faster response guaranteed.

T3 (£2000 pcm) - 5 days dedicated support a month. Suitable for larger organisations with multiple administrators that require a faster response guaranteed.
Support available to third parties
No

Onboarding and offboarding

Getting started
We prefer to onboard customers with 1 day's onsite training as a minimum, backed up by remote support until users are confident in using the platform to achieve their objectives. Building the public user base is a collaborative process and we can be engaged to suggest strategies to support this alongside questions about the user interface. The system is fully supported by user documentation and a series of videos explaining Loqiva's key features.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The customer is able to extract data from Loqiva by requesting a CSV file for each of the tables containing anonymised or aggregated data. Data linked to individuals is not provided for download in CSV format unless the customer can demonstrate each user's explicit permission in a manner compliant with local data regulations.
End-of-contract process
Once the customer provides notice to end the contract, Loqiva will propose a schedule to close the platform typically over a 3 month period. Key dates will be agreed between the customer and Loqiva to i) notify all users, ii) notify all suppliers/data providers, iii) identify and wind-down necessary platform services, iv) shut down the platform, v) reconcile payments, vi) ensure eligible data is download or transferred vii) provide a data erasure certificate. Included in the price of the contract is the technical decommissioning of the system including data erasure. What is excluded are any customer or supplier outreach requirements, specialist research or work on data permissions, custom technical work, bespoke data transfer needs or dedicated customer liaison,

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Loqiva's smartphone app has been designed for iOS and Android phones. The app is used to deliver Loqiva's services to public users.

The Client Administration Dashboard and Local Business Dashboard are accessed through a web browser on a desktop or a mobile device. The web pages are mobile-responsive and there is no difference in functionality between desktop and mobile views.
Service interface
Yes
Description of service interface
Loqiva provides administrators and local businesses with a web dashboard to configure and update services. Users are provided with personal credentials to log-in to the platform and make changes. All the services accessible to each type and level of user are presented clearly in the navigation options available for each profile. The service can be modified by the user through the form or controls presented on the relevant page. Public smartphone users can configure the services using the "My Account" page on the app.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We have used VoiceOver to test Loqiva's accessibility in relation to the service interfaces. We continue to work on accessibility.
API
No
Customisation available
Yes
Description of customisation
Loqiva can be customised in a number of ways:

Upon Installation -
The app and web interfaces can be themed to suit the customer's brand and colours. Naming conventions and modules can be defined. These customisations are managed by Loqiva.

In System Settings -
Interest categories, business user privileges, data feeds and other configuration settings can be adjusted by the customers with SuperAdmin credentials.

By Administrators -
Administrators can access different parts of the content management system depending on the privileges assigned to their level. Content changes can be made, alerts set, surveys created and sent and more.

By Local Businesses
Local business can log-in through their dashboard, update their profile, offer targeted rewards to public users, update the system events calendar and create location-triggered alerts.

By Adding Custom Modules -
Loqiva provides the framework for custom modules to be developed rapidly where there is need for a custom service. For example, a local Council might wish to add a "Parking Finder" service using the API of the incumbent parking vendor. This module might appear as a new option on the smartphone app and client administration dashboard.

Scaling

Independence of resources
Council customers are provided with single-tenanted virtual machines with load balancers. BIDs are provided with multi-tenanted virtual machines with load balancing features. Resources at the data centre are monitored and can be scaled to meet requirements.

Analytics

Service usage metrics
Yes
Metrics types
Loqiva offers a wide range of metrics and analytics to Client Administrators and Local Businesses.

Metrics provided to Administrators provide a guide to use of the platform by Public Users each week, as well as subscriptions generated by Local Businesses. Meanwhile analytics provide insights as to demographic information.

Local Businesses are provided with metrics in relation to people with the app walking by their premises, the number of rewards alerted to them and claimed. Analytics in the form of demographic information is also provided.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users need to make an information request. Data is manually exported by the Loqiva team and is placed in a secure repository on the server for the user to download. A process is being developed for users to do this remotely.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our SLA ensures hosting and platform availability uptime for a minimum of 98% of each month. Below this, customers are eligible for a refund equivalent to 10% of that month's fee (Annual Fee / 12 = 1 Month's Fee). We do not offer compensation for loss of business.
Approach to resilience
This information is available on request.
Outage reporting
We report service outages to customers using email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
We restrict access to key interfaces and support channels through the use of administrative privileges. Each user is shown the service interfaces required to perform their role.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We approach security governance using internal policies informed by best practise. These cover controls for all employees including management of confidential data, keeping emails safe, managing passwords properly and transferring data. For network administrators and system developers, further controls and guidelines are put in place.
Information security policies and processes
Security reporting is the responsibility of the CTO and CEO. The following policies and procedures have been put in place - Acceptable Use Policy, Access Control Policy, Change Management Policy, InfoSec Policy, IR Policy, Remote Access Policy and an Email Communication Policy. Disaster Recovery and Business Continuity strategies are in place. Data is managed in accordance with GDPR.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All new features are architected and assessed for security issues prior to development. Changes to services are made within a development framework which prevents security vulnerabilities from occurring. Components are tracked and regularly reviewed.
Vulnerability management type
Undisclosed
Vulnerability management approach
Potential threats to our services are assessed by our development team. We upgrade our services in line with best practise and our analysis of the threat. Information about potential threats comes from third-party vendors and suppliers alongside insights from advisors and industry commentators.
Protective monitoring type
Undisclosed
Protective monitoring approach
We identify potential compromises through in-house penetration testing prior to release. Live code is assessed regularly by our CTO. Vulnerabilities are assessed through external penetration testing. We respond immediately to any incidents.
Incident management type
Undisclosed
Incident management approach
We have an in-house reporting process for incidents. These are logged and made known to clients beyond a pre-specified severity level. Users are able to report incidents via phone or email for our team to investigate.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10,000 to £80,000 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@bcf2501c-565b-4e7f-8b37-d7ef5885835b.com. Tell them what format you need. It will help if you say what assistive technology you use.