Mobile App Design and Development
Page Lizard builds bespoke iOS and Android mobile apps with expertise in delivering content to secure audiences. Clients are typically organisations who deliver content and communications - publications, learning materials, training manuals and newsletters - to their authenticated audience. Apps are built on Xamarin and come with a support package.
- Mobile apps in Android and IOS.
- Web experience viewer domain delegated or embedded.
- Bespoke development of mobile and web apps to specification.
- Ingest RSS, XML, JSON, ATOM, PDF and HTML.
- Manage content from CMS and publish content to all streams.
- Stream can deliver different content by device or user role.
- Deliver searchable offline or online content .
- Book marks, quiz and forms builder (CPD) and delivery.
- Apps come with support and upgrade package
- Authentication integration and synchronisation to satellite devices.
- We help you identify the features your app needs
- Our UI/UX designers create an app to test and refine
- Apps are bespoke and built to your requirements
- You can publish content from multiple sources
- All types of content are words, pictures, video, audio
- Production and technical support to help with content ingestion
- Rich component set means rapid deployment of apps
- Fully customisable authentication options
- Full after-launch maintenance, support and upgrades
- Embedable or domain sub-delegated web experience
£500 to £1800 per licence per month
6 4 7 5 6 1 0 1 7 1 8 2 2 9 1
0207 183 3690
|Software add-on or extension||No|
|Cloud deployment model||
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Provides ad-hoc support Monday to Friday 09:00 to 17:00
Critical response support at weekends and out of hours
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
All apps are provided with a support and maintenance package which includes keeping them up-to-date with iOS and Android platform changes.
We plan for periodic revisions of the app to enable clients to expand and change their apps based on audience feedback.
We help clients to respond to user technical problems, but do not deal with end-users directly. A more inclusive support agreement can be agreed based on specification.
We support the app-side of integrations - such as the CRM and CMS.
Our editorial, design and production staff will provide help in uploading content and communications. We also provide deadline production services for clients who want to outsource content updates.
We integrate push notifications, analytics and tracking into apps and provide client training and support in these.
|Support available to third parties||No|
Onboarding and offboarding
We have an oboading process which startes with a discovery workshop - this captures the key features and requirements of the app, including the KPI business objectives.
The second stage is a design workshop to start to visualise these in action. This leads to a full set of interactive designs allowing stakeholders to try the app in a sumulated web environment.
The third stage is to create a scope of works, project management timesheets and billable costs.
The fourth stage is the app build with a set of initial releases to test functionality before an Alpha version if released for QA testing.
Apps can be released to a limited public audience before the final release.
Post-release bug fixing is factored into the process and we encourage clients to add extended functionality in staged releases.
We provide onboarding screens for end-users to help them use the app and deep analytical tracking for clients to understand how their app is being used.
Performance tracking is also set-up to monitor the app's health, monitor crashes and identify software fixes for future releases.
|End-of-contract data extraction||Data can be extracted electronically via an XML or JSON feeds (Manually downloading assets themselves) or a zip files of JSON feed and all assets per issue, publication or stream.|
The app software and server side software is provided as SAAS and is not available to the client at the end of the contract.
All of the material provided by the client is available at no extra cost, including:
- Original designs and know-how generated during the set-up workshops
- All content and materials provided by the client
- All user data and analytics
At the end of the contract the client can download their data via any of the electronic feeds.
There are no specific costs associated with ending a contract and offboarding a client, unless they ask for assistance with transferring materials and knowledge which would then be chargedon a time and materials basis.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The two services are designed to be as close to the same as possible. As screen sizes and functionality differ between mobile and desktop we optimise our delivery apps to work best with the underlying operation system, SDK or browser whilst trying to replicate the feature accurately across the range of devices.|
|Description of customisation||
The initial app design and build is fully-customised.
The app is connected to as many sources of content as required by the client.
Authentication services are also fully-customised on deployment and can connect to more than one system.
Once launched all content can be changed by the user. This can be done in their CMS if it is connected to the app. They can also upload and change content in the app's own CMS.
All apps are published in the client's own account in the iOS and Google Play stores, so the user retains control of the branding and messaging in the store.
Some areas of the app can also be updated by the user in real-time. When designing and building the app we will take note of which areas the client needs direct access to edit and change and plan accordingly.
|Independence of resources||
Some of our underlying services automatically scale, but our core delivery systems are proactively and continuously monitored, adjusted and scaled by our technical team. We also use content delivery networks to maximize global delivery performance.
We can deploy our infrastructure to clients hosted environments if required but is subject to circumstances and agreement by management.
|Service usage metrics||Yes|
Metrics are provided as standard via 3rd party plugins : Google Firebase and analytics.
We have a standard set of events which are captured but bespoke events can be added. A rich reporting suite of options is available through the advanced set-up of Firebase.
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Data can be extracted electronically via an XML or JSON feeds (Manually downloading assets themselves) or a zip files of JSON feed and all assets per issue, publication or stream.|
|Data export formats||Other|
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
|Other protection within supplier network||Customized SPI fire walling and VPN connections are possible on request and at additional cost. Standard SPI fire walling is included in cost.|
Availability and resilience
Hosting is with Azure which has the following SLA's on services used:
CDN - guarantee 99.9%
Cloud services and Virtual Machines - 99.95%
Historically we have greater than 99.999% / year unforeseen events.
We provide an SLA response time to any incident within 3 hours
|Approach to resilience||Available on request|
|Outage reporting||A public dashboard|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||We integrate custom and bespoke login accounts on clients requests though a few off- the-shelf solutions are available like "Magic link", IP address white listing or OAUTH variations.|
|Access restrictions in management interfaces and support channels||We have predefined roles which allows users administration, editor and publisher rights to the CMS. Role based rights are also used to limit access to content in app and in the web experience.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||You control when users can access audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
Underlying platforms and operating systems are patched up to date.
Apps and websites trap and report errors back to our sub systems and are monitored by the technical team.
We audit our own and 3rd party code before release.
We follow a request, change log, release and deploy process to identify changes and issues in code.
We do internal penetration testing and encourage external test by clients.
We train and regularly review our processes with our staff.
|Information security policies and processes||All issues from reporting, through fixing, source control and release are tracked internally through our development and management software for auditing purposes. Open issues are monitored by the project team, prioritized and driven to close. Issues beyond our control are escalated to providers or reported to 3rd parties to aid in resolving and securing our clients infrastructure. Issues not resolvable are reported back to the client to be assessed and mitigated and we lend support where possible.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||All issues from reporting, through fixing, source control and release are tracked internally through our development and management software for auditing purposes. Open issues are monitored by the project team, prioritized and driven to close. Each bug is assessed, reviewed and tested by the development team before release. Since issues can be tracked back to source version we can rollback and track where issues were introduced and assess impact and deploy appropriate hot fixes where necessary.|
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||
We monitor industry forums and subscribe to platform and supplier specific alerts and announcements as well as general horizon scanning.
Issues are analysed and a patch developed based on security threat and internal assessments.
Critical security patches are generally developed and deployed in less than 24 hours. Less critical patches are delivered in line with SLA.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||N/A|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Clients can report incidents by email, phone or via our ticketing system. The reports and progress are available for clients to see but a member of our team will always email or confirm resolution of an issue via email or phone.
As previously started all incidents and issues are tracked and linked to our source control, project management and release processes and systems.
Major incidents will be reported on our public status page.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£500 to £1800 per licence per month|
|Discount for educational organisations||No|
|Free trial available||No|