Social & Citizen Communication & Payments Apps
Provision of Apps and Web that deliver digital services to Citizens, Communities and Employees (Colleagues). Effectively Private Social Networks.
This is an evergreen cloud SaaS solution that delivers the functionality of a social, organisation, messaging, broadcast, communities as well as 1-1 collaboration.
A range of payments solutions are also included.
- Community Collaboration
- Management Organisation
- Event Organisation
- Payments Solutions and Open Banking
- Work Requests and Tickets
- Information Broadcast
- Interest Based Marketing and Advertising
- Private Social Network
- Publish content to communities of interest
- Reduce marketing costs where you know the recipient
- Democratise revenues for Citizens & Communities
- Self-organising platform for ease of beneifts
- Appealing way to get sensitive content out of WhatsApp Facebook
- Collaborate around people in need, communities, interests
- Manage payments and link to transactions
- Evergreen SaaS solution with your brand
- Evolving functionality - see www.padoq.com for latest
- Ability to share content you wish on public Padoq apps
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
The Apps are available for iOS and Android.
Web versions aim for compatibility with all modern browsers / versions.
UK only cloud at this point but obviously available internationally to consume.
|System requirements||Accessed by consumer technology so no specific requirements.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Problems are reporting by shaking the apps.
Support is available 24*7 since a public SaaS solution.
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
All support is included in the cost of the service (as in break / fix).
Extras would be for supporting any bespoke integration, content management or additional requirements or services you may request.
This is a Apps Store / Google Play distributed set of apps so the platform is designed to be available 24*7.
|Support available to third parties||Yes|
Onboarding and offboarding
There are public versions of Padoq on Apps Store and Google Play. Therefore we don't see many training needs.
However, we will prepare 'how to' guides as part of set-up if required explaining how to achieve your outcomes. We are very happy to do on-site training and help you make this a success in any way we can.
|End-of-contract data extraction||At this stage we will provide a data extract of all data on request. Our target is 1 week SLA and can plan this in advance with any migrations. We would collaborate in explaining the data structure as is quite flat based around social posts and post types. Payments history can be provided but we will meet out obligations to legal requirements for payments audit trails.|
- Data Extract
- Removal of Apps
Extras such as:
- Data mapping for your destination system
- Project costs related to your migration requirements above an extract
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Mobile solution looks like mobile apps and are native to iOS and Android. Desktop service makes full use of browser screen size and we expect more complex administration and MI tasks to be developed there. The solutions will have the same general user experience on all technologies.|
|Description of customisation||
Branding and colours can be customised.
It is possible to extend the solution as you wish in terms of development for integrations and connecting APIs etc. The Padoq team will do technical development.
The app itself has a high level of user customisation at 'app' level and for the admin of each 'group' within the system e.g. public or secret group, broadcast or classical social, post tags allowed etc
We are happy to do a gap analysis for you against requirements but find most configuration can be done by yourselves once the data structure is worked out.
|Independence of resources||
The design of the platform has been made using a number of asynchronous and synchronous approaches to messaging and as a social & payments platform it has been designed to scale.
Additionally, it is hosted in a Private Cloud environment for ease of addition of resources.
|Service usage metrics||Yes|
We provide social network KPIs at this time such as visitors, post analytics. Additionally, we analyse data for moderation and criminal activity.
Additional reporting and dashboards can be built to suit your needs as additional activity.
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||At this stage this is a request service given the nature of the social network platform.|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||Other|
|Other protection between networks||This is a public facing solution. If you want private network connections we will delivery to your specification.|
|Data protection within supplier network||
Availability and resilience
From our G-Cloud hosting partner:
Network availability - 100%
Infrastructure availability - 99.99%
Availability is based on the total number of operating hours of a given calendar month and excludes planned and emergency maintenance.
|Approach to resilience||
From our G-Cloud Hosting Partner:
Operates a 5.52MW tier 3 1,000 rack data centre estate. This contains multiple physically separate buildings, connected by dedicated fibre. High voltage power connections are provided from separate primary sub-stations. All mission-critical services including Standby Generation, Cooling systems and UPS (uninterruptible power system) are provided at N+1 or greater across the whole facility. The complex has a power density of over 6KW per square foot, providing diverse A & B power to each data rack, and all eCloud service platforms are supported from quadruple power feeds. The data centre complex is supported by 9MW of standby generation with over 100,000 litres of fuel storage and eight hour fuel supply SLA. All critical services are supported by 4.6MW of UPS power and 4.9MW of data centre cooling. The public sector hosting suite has fully resilient networking, switches, carrier-redundant leased lines, power and backup generators, all separated from the rest of the network and data centre complex.
As an App based solution availability depends on the user's device.
Any central issues around data provision will be communicated via the app.
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||
Initial 2-factor authentication then reliant on the device security e.g. iPhone facial recognition.
2FA is always on for our G-Cloud hosting provider with regards to platform access.
|Access restrictions in management interfaces and support channels||
From our G-Cloud hosting provider:
Management access to environments is strictly restricted to authorised and vetted personnel only. Granular access rights ensure individual personnel have access to only the resources they need in order to carry out their specific tasks and responsibilities. Logical and physical separation of access rights is provided, and all management interfaces are restricted to internal privileged networks and are not accessible to the internet or external networks.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||Yes|
|Who accredited the ISO 28000:2007||LRQA for our G-Cloud Hosting Provider.|
|ISO 28000:2007 accreditation date||23/06/2016|
|What the ISO 28000:2007 doesn’t cover||N/A|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Our G-Cloud hosting provider: Ultima Risk Management|
|PCI DSS accreditation date||22/08/2016|
|What the PCI DSS doesn’t cover||
Hosting provider's office network.
Additionally, Padoq uses MangoPay who have their own for payments services.
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
Padoq is awaiting approval for FCA authorisation as an Open Banking organisation and therefore takes security governance seriously.
The directors review the monitoring of traditional security and social moderation on a regular basis, maintaining governance. Additionally, the highest risk payments processing elements are performed by PCI DSS compliant providers.
|Information security policies and processes||We have our own information security policy related to our aggregation role of social & payments.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Padoq uses Agile processes for development and tracks all changes into releases that follow Apple and Google governance for publishing.
A change management system operational which documents all changes, responsible parties, time of change and senior-level sign off. All changes pass through a Change Advisory Board (CAB) at this stage comprising of at least two directors.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
From our G-Cloud hosing partner:
Vulnerability scan run once per month and critical vulnerabilities patched within 30 days. Additional vulnerability scan run after any significant change implementation.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
From our G-Cloud hosting partner:
Internally designed and developed threat monitoring system is run on all infrastructure.
Additionally Padoq has a its own monitoring solution for FCA compliance and social moderation requirements.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
From our G-Cloud hosting provider:
ISO27001-complaint processes and systems for incident response are operational.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£0.20 to £1.00 per user per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
Padoq apps are available on Google Play and Apple Apps Store now. You can create your own groups and communities on there. It is a freemium model with a generous proportion of free services, no time limitation.
You should use this G-Cloud service if you want your private social network.
|Link to free trial||Www.padoq.com|