TheAppBuilder Ltd

TheAppBuilder Mobile App and Secure Content Publishing Platform

TheAppBuilder Platform provides a secure content management and publishing solution for mobile devices. Targeted at identifiable groups of users, that are typically mobile, with limited or no access to Intranets, difficult to engage and yet are key to the success of an organisation. Enhancing employee engagement across the enterprise.


  • Create iOS, Android apps for smartphones and tablets
  • Create HTML5 Webapps for Smartphones, tablets and desktop devices
  • Publish content (including multimedia) across all devices
  • Manage users to control who can access content
  • Manage distribution of iOS and Android apps
  • Send notifications to all users or a segment of users
  • Facilitate digital discussion between employees in a secure environment
  • Distribute documents and other files securely and with user control
  • Conduct surveys and polls and illicit feedback from all employees
  • Comprehensive analytics integration to provide clear usage reports


  • Increase employee engagement by improved access to information
  • Positively influence organisational culture by setting the tone of dialogue
  • Leverage organisational knowledge by facilitating dialogue across departments
  • Reduce cost by increasing efficiency for mobile workers
  • Reduce IT costs by optionally implementing controlled secure BYOD options
  • Extend the reach and enhance the quality of management communications
  • Reduce digital discrimination as a result of any device approach
  • Improve 'directness' of communication, especially for disconnected workers
  • Understand concerns and ambitions of the workforce via gathering feedback
  • Create an attractive recruitment landscape, fostering innovation


£1000.00 per licence per month

Service documents

G-Cloud 9


TheAppBuilder Ltd

James Scott


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Platform availability is limited to web-app, Android and iOS.
Version support of all platforms for at least two years.
Planned maintenance will be notified 72 hours ahead of time and be completed outside of UK working hours
System requirements
  • Modern Browser for Admins, Chrome, Firefox, IE11, MSEdge or Safari
  • End users must have either, iOS, Android or modern browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support is Monday to Friday, 09:00 to 17:00 only

Critical Impact - Response in 2 hours
Significant Impact - Response in 4 hours
Minor Impact - Response in 8 hours
Low Impact - Response in 24 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels - Support is included within Licence
- Dedicated support desk and ticket management system
- Levels of support outlined below:

(A) Critical Impact

Has a critical adverse effect on Business processes. Results in a complete network interruption causing a severe impact on service availability.
Impacts a large group (50+) of end users with no workaround.
Causes significant impact(s) to the Business.

(B) Significant Impact

Critical functionality or network access interrupted. A moderate number (20+) of staff are affected with no workaround.
No workaround is possible

(C) Minor Impact

The service interruption impact increases over time.
No acceptable workaround is possible.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Client administrators will be given access to the app via email, as well as downloading the preview application from public app stores (iOS, Android). A kick off meeting will be held to define the configuration of the app, and to arrange training of the CMS. Training can be provided either onsite or online. There will also be access to a document repository for user documentation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Client administrators can request a bulk extract of their content data and user data via the support portal. There are also tools within the CMS to extract media and user data.
End-of-contract process There is no additional cost to leave the service. Users data can be exported via CSV, as well as content data.

Client data will be removed within an agreed timescale after end of contract.

There will be no cost unless there is a requirement to liaise with another platform provider to migrate data.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service TheAppBuilder is a platform that is designed for mobile and tablet devices. In addition, the platform also delivers a full desktop browser experience reflective of the mobile App and designed to function with a very similar user experience in both environments.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Interface testing is carried out using online tools.
What users can and can't do using the API API users to be able to create content on and retrieve content from the platform.

Various platform configurations can be made via the API
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation TheAppBuilder platform enables and empowers the user to have complete control over the content, organisation and structure contained within a published mobile App. The ease of use of the platform ensures there are minimal barriers to creating engaging, attractive and accessible content, that is easily managed and updated both by a content manager and in the future, by user generated content. The Platform provides content and digital asset libraries that ensure consistency of style and brand. The content management system within the platform maximises the use of 'drag and drop' technology and ensures that the creation of an App is straightforward and intuitive and can be undertaken by non technical team members. The published App can be readily managed and maintained by non technical staff. The ease of use sets TheAppBuilder platform apart from other mobile development solutions.


Independence of resources We track usage of the service on a regular basis and if we were to identify any potential capacity issue then we can elect to move a particular customer to a different server or we can enhance the server farm capability. Since our last major upgrade in early 2016, there have been no potential issues that have required any changes to the current server farm capability.


Service usage metrics Yes
Metrics types TheAppBuilder provides clients the ability to integrate Google Analytics to track user consumption of the apps.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Client Administrators can bulk export user data from the CMS. For any other data extract requirements, client's can request this via the support portal.
Data export formats
  • CSV
  • Other
Other data export formats
  • Json
  • .zip
Data import formats
  • CSV
  • Other
Other data import formats
  • All popular media formats (mp4, jpeg, png, pdf etc)
  • Plain text

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We will commit that our software service will be available 100% of the time in a given month, excluding Maintenance. Scheduled maintenance will be notified 72 hours in advance and will be carried out during off-peak UK hours. Other customer requested maintenance will be scheduled and agreed with the individual customers in advance.
Approach to resilience Available on individual client request
Outage reporting Planned outages for scheduled maintenance will be notified to customer administrators via e-mail 72 hours in advance. These will be scheduled for periods outside of UK peak hours. Any unplanned or unforeseen outages will again be communicated via e-mail and followed up with a complete explanation of the reason for the outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication Management can specify which of these options are to be enabled.

For 2-factor authentication the users registered mobile number is used.

Identity federation is currently limited to ADFS via SAML 2.0 but Google Apps and MS Office 365 are possible upon request.

Where simple username and password is the desired option, a strong password policy is enforced and the communication is via encrypted channels. Attempted logins are monitored and a lock out process is in place.
Access restrictions in management interfaces and support channels These are managed by an access control policy, as set out by ISO 27001:2013.

Each client is assigns an organisational administrator who will have access to all administrator tools on the platform as well as an account to the support ticket management system.

Organisational administrators can request editor access for other admin users. This is limited and reviewed on a periodic basis.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 MBTRADA
ISO/IEC 27001 accreditation date 12/1/201716/01/2017
What the ISO/IEC 27001 doesn’t cover Loading Bay
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Cyber essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes TheAppBuilder have established and maintain a Management System as a means of providing a structured process for the achievement of continuously improving Information Security. The company prepares and effectively implement documents procedures in accordance with the requirements of the Information Security Management System (ISMS).

It is the policy of our company to ensure:

• Information is only accessible to authorised persons from within or outside the company.
• Confidentiality of information is maintained.
• Integrity of information is maintained throughout the process.
• Business Continuity plans are established, maintained and tested.
• All personnel are trained on information security and suspected weaknesses are reported and investigated.
• Procedures exist to support the policy including both end user and technical plans.
• Business requirements for availability of information and systems will be met.
• The I.T. Manager is responsible for implementing and policy and ensuring staff compliance in their respective departments.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change management is handled as part of our Production Release Management Cycle as all clients utilise the same version of the platform. According to our agile methodology, a new version of the product can be released every two weeks. Product release notes are available to view on the CMS.
Vulnerability management type Undisclosed
Vulnerability management approach This detail is available on request.
Protective monitoring type Undisclosed
Protective monitoring approach This detail is available on request.
Incident management type Undisclosed
Incident management approach This detail is available on request.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1000.00 per licence per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A standard product features demonstration App can be provided online, on request. As requirements are firmed further understood, an initial 'Proof of Concept' App can be made available for further evaluation prior to a commitment to proceed to a full SaaS licence and Build.
Link to free trial


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑