TheAppBuilder Platform provides a secure content management and publishing solution for mobile devices. Targeted at identifiable groups of users, that are typically mobile, with limited or no access to Intranets, difficult to engage and yet are key to the success of an organisation. Enhancing employee engagement across the enterprise.
- Create iOS, Android apps for smartphones and tablets
- Create HTML5 Webapps for Smartphones, tablets and desktop devices
- Publish content (including multimedia) across all devices
- Manage users to control who can access content
- Manage distribution of iOS and Android apps
- Send notifications to all users or a segment of users
- Facilitate digital discussion between employees in a secure environment
- Distribute documents and other files securely and with user control
- Conduct surveys and polls and illicit feedback from all employees
- Comprehensive analytics integration to provide clear usage reports
- Increase employee engagement by improved access to information
- Positively influence organisational culture by setting the tone of dialogue
- Leverage organisational knowledge by facilitating dialogue across departments
- Reduce cost by increasing efficiency for mobile workers
- Reduce IT costs by optionally implementing controlled secure BYOD options
- Extend the reach and enhance the quality of management communications
- Reduce digital discrimination as a result of any device approach
- Improve 'directness' of communication, especially for disconnected workers
- Understand concerns and ambitions of the workforce via gathering feedback
- Create an attractive recruitment landscape, fostering innovation
£1000.00 per licence per month
- Education pricing available
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
Platform availability is limited to web-app, Android and iOS.
Version support of all platforms for at least two years.
Planned maintenance will be notified 72 hours ahead of time and be completed outside of UK working hours
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Support is Monday to Friday, 09:00 to 17:00 only
Critical Impact - Response in 2 hours
Significant Impact - Response in 4 hours
Minor Impact - Response in 8 hours
Low Impact - Response in 24 hours
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 AAA|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
- Support is included within Licence
- Dedicated support desk and ticket management system
- Levels of support outlined below:
(A) Critical Impact
Has a critical adverse effect on Business processes. Results in a complete network interruption causing a severe impact on service availability.
Impacts a large group (50+) of end users with no workaround.
Causes significant impact(s) to the Business.
(B) Significant Impact
Critical functionality or network access interrupted. A moderate number (20+) of staff are affected with no workaround.
No workaround is possible
(C) Minor Impact
The service interruption impact increases over time.
No acceptable workaround is possible.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Client administrators will be given access to the app via email, as well as downloading the preview application from public app stores (iOS, Android). A kick off meeting will be held to define the configuration of the app, and to arrange training of the CMS. Training can be provided either onsite or online. There will also be access to a document repository for user documentation.|
|End-of-contract data extraction||Client administrators can request a bulk extract of their content data and user data via the support portal. There are also tools within the CMS to extract media and user data.|
There is no additional cost to leave the service. Users data can be exported via CSV, as well as content data.
Client data will be removed within an agreed timescale after end of contract.
There will be no cost unless there is a requirement to liaise with another platform provider to migrate data.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||TheAppBuilder is a platform that is designed for mobile and tablet devices. In addition, the platform also delivers a full desktop browser experience reflective of the mobile App and designed to function with a very similar user experience in both environments.|
|Accessibility standards||WCAG 2.0 AA or EN 301 549|
|Accessibility testing||Interface testing is carried out using online tools.|
|What users can and can't do using the API||
API users to be able to create content on and retrieve content from the platform.
Various platform configurations can be made via the API
|API documentation formats||Open API (also known as Swagger)|
|API sandbox or test environment||Yes|
|Description of customisation||TheAppBuilder platform enables and empowers the user to have complete control over the content, organisation and structure contained within a published mobile App. The ease of use of the platform ensures there are minimal barriers to creating engaging, attractive and accessible content, that is easily managed and updated both by a content manager and in the future, by user generated content. The Platform provides content and digital asset libraries that ensure consistency of style and brand. The content management system within the platform maximises the use of 'drag and drop' technology and ensures that the creation of an App is straightforward and intuitive and can be undertaken by non technical team members. The published App can be readily managed and maintained by non technical staff. The ease of use sets TheAppBuilder platform apart from other mobile development solutions.|
|Independence of resources||We track usage of the service on a regular basis and if we were to identify any potential capacity issue then we can elect to move a particular customer to a different server or we can enhance the server farm capability. Since our last major upgrade in early 2016, there have been no potential issues that have required any changes to the current server farm capability.|
|Service usage metrics||Yes|
|Metrics types||TheAppBuilder provides clients the ability to integrate Google Analytics to track user consumption of the apps.|
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||Physical access control, complying with SSAE-16 / ISAE 3402|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Client Administrators can bulk export user data from the CMS. For any other data extract requirements, client's can request this via the support portal.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||We will commit that our software service will be available 100% of the time in a given month, excluding Maintenance. Scheduled maintenance will be notified 72 hours in advance and will be carried out during off-peak UK hours. Other customer requested maintenance will be scheduled and agreed with the individual customers in advance.|
|Approach to resilience||Available on individual client request|
|Outage reporting||Planned outages for scheduled maintenance will be notified to customer administrators via e-mail 72 hours in advance. These will be scheduled for periods outside of UK peak hours. Any unplanned or unforeseen outages will again be communicated via e-mail and followed up with a complete explanation of the reason for the outage.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||
Management can specify which of these options are to be enabled.
For 2-factor authentication the users registered mobile number is used.
Identity federation is currently limited to ADFS via SAML 2.0 but Google Apps and MS Office 365 are possible upon request.
Where simple username and password is the desired option, a strong password policy is enforced and the communication is via encrypted channels. Attempted logins are monitored and a lock out process is in place.
|Access restrictions in management interfaces and support channels||
These are managed by an access control policy, as set out by ISO 27001:2013.
Each client is assigns an organisational administrator who will have access to all administrator tools on the platform as well as an account to the support ticket management system.
Organisational administrators can request editor access for other admin users. This is limited and reviewed on a periodic basis.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||MBTRADA|
|ISO/IEC 27001 accreditation date||12/1/201716/01/2017|
|What the ISO/IEC 27001 doesn’t cover||Loading Bay|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||Yes|
|Any other security accreditations||Cyber essentials|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
TheAppBuilder have established and maintain a Management System as a means of providing a structured process for the achievement of continuously improving Information Security. The company prepares and effectively implement documents procedures in accordance with the requirements of the Information Security Management System (ISMS).
It is the policy of our company to ensure:
• Information is only accessible to authorised persons from within or outside the company.
• Confidentiality of information is maintained.
• Integrity of information is maintained throughout the process.
• Business Continuity plans are established, maintained and tested.
• All personnel are trained on information security and suspected weaknesses are reported and investigated.
• Procedures exist to support the policy including both end user and technical plans.
• Business requirements for availability of information and systems will be met.
• The I.T. Manager is responsible for implementing and policy and ensuring staff compliance in their respective departments.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Change management is handled as part of our Production Release Management Cycle as all clients utilise the same version of the platform. According to our agile methodology, a new version of the product can be released every two weeks. Product release notes are available to view on the CMS.|
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||This detail is available on request.|
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||This detail is available on request.|
|Incident management type||Undisclosed|
|Incident management approach||This detail is available on request.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£1000.00 per licence per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||A standard product features demonstration App can be provided online, on request. As requirements are firmed further understood, an initial 'Proof of Concept' App can be made available for further evaluation prior to a commitment to proceed to a full SaaS licence and Build.|
|Link to free trial||Theappbuilder.com/contact|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|