Page Lizard

Mobile App Design and Development

Page Lizard builds bespoke iOS and Android mobile apps with expertise in delivering content to secure audiences. Clients are typically organisations who deliver content and communications - publications, learning materials, training manuals and newsletters - to their authenticated audience. Apps are built on Xamarin and come with a support package.


  • Mobile apps in Android and IOS.
  • Web experience viewer domain delegated or embedded.
  • Bespoke development of mobile and web apps to specification.
  • Ingest RSS, XML, JSON, ATOM, PDF and HTML.
  • Manage content from CMS and publish content to all streams.
  • Stream can deliver different content by device or user role.
  • Deliver searchable offline or online content .
  • Book marks, quiz and forms builder (CPD) and delivery.
  • Apps come with support and upgrade package
  • Authentication integration and synchronisation to satellite devices.


  • We help you identify the features your app needs
  • Our UI/UX designers create an app to test and refine
  • Apps are bespoke and built to your requirements
  • You can publish content from multiple sources
  • All types of content are words, pictures, video, audio
  • Production and technical support to help with content ingestion
  • Rich component set means rapid deployment of apps
  • Fully customisable authentication options
  • Full after-launch maintenance, support and upgrades
  • Embedable or domain sub-delegated web experience


£500 to £1800 per licence per month

Service documents


G-Cloud 11

Service ID

6 4 7 5 6 1 0 1 7 1 8 2 2 9 1


Page Lizard

Graham Duffill

0207 183 3690

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints No
System requirements N/A

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Provides ad-hoc support Monday to Friday 09:00 to 17:00
Critical response support at weekends and out of hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels All apps are provided with a support and maintenance package which includes keeping them up-to-date with iOS and Android platform changes.
We plan for periodic revisions of the app to enable clients to expand and change their apps based on audience feedback.
We help clients to respond to user technical problems, but do not deal with end-users directly. A more inclusive support agreement can be agreed based on specification.
We support the app-side of integrations - such as the CRM and CMS.
Our editorial, design and production staff will provide help in uploading content and communications. We also provide deadline production services for clients who want to outsource content updates.
We integrate push notifications, analytics and tracking into apps and provide client training and support in these.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We have an oboading process which startes with a discovery workshop - this captures the key features and requirements of the app, including the KPI business objectives.
The second stage is a design workshop to start to visualise these in action. This leads to a full set of interactive designs allowing stakeholders to try the app in a sumulated web environment.
The third stage is to create a scope of works, project management timesheets and billable costs.
The fourth stage is the app build with a set of initial releases to test functionality before an Alpha version if released for QA testing.
Apps can be released to a limited public audience before the final release.
Post-release bug fixing is factored into the process and we encourage clients to add extended functionality in staged releases.
We provide onboarding screens for end-users to help them use the app and deep analytical tracking for clients to understand how their app is being used.
Performance tracking is also set-up to monitor the app's health, monitor crashes and identify software fixes for future releases.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data can be extracted electronically via an XML or JSON feeds (Manually downloading assets themselves) or a zip files of JSON feed and all assets per issue, publication or stream.
End-of-contract process The app software and server side software is provided as SAAS and is not available to the client at the end of the contract.

All of the material provided by the client is available at no extra cost, including:
- Original designs and know-how generated during the set-up workshops
- All content and materials provided by the client
- All user data and analytics

At the end of the contract the client can download their data via any of the electronic feeds.

There are no specific costs associated with ending a contract and offboarding a client, unless they ask for assistance with transferring materials and knowledge which would then be chargedon a time and materials basis.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The two services are designed to be as close to the same as possible. As screen sizes and functionality differ between mobile and desktop we optimise our delivery apps to work best with the underlying operation system, SDK or browser whilst trying to replicate the feature accurately across the range of devices.
Service interface No
Customisation available Yes
Description of customisation The initial app design and build is fully-customised.
The app is connected to as many sources of content as required by the client.
Authentication services are also fully-customised on deployment and can connect to more than one system.
Once launched all content can be changed by the user. This can be done in their CMS if it is connected to the app. They can also upload and change content in the app's own CMS.
All apps are published in the client's own account in the iOS and Google Play stores, so the user retains control of the branding and messaging in the store.
Some areas of the app can also be updated by the user in real-time. When designing and building the app we will take note of which areas the client needs direct access to edit and change and plan accordingly.


Independence of resources Some of our underlying services automatically scale, but our core delivery systems are proactively and continuously monitored, adjusted and scaled by our technical team. We also use content delivery networks to maximize global delivery performance.

We can deploy our infrastructure to clients hosted environments if required but is subject to circumstances and agreement by management.


Service usage metrics Yes
Metrics types Metrics are provided as standard via 3rd party plugins : Google Firebase and analytics.

We have a standard set of events which are captured but bespoke events can be added. A rich reporting suite of options is available through the advanced set-up of Firebase.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be extracted electronically via an XML or JSON feeds (Manually downloading assets themselves) or a zip files of JSON feed and all assets per issue, publication or stream.
Data export formats Other
Other data export formats
  • XML (Manually downloading assets)
  • JSON (Manually downloading assets)
  • ZIP (XML or JSON) with assets included in zip
  • Bespoke requirements to specification e.g SQL queries
Data import formats
  • CSV
  • Other
Other data import formats
  • PDF
  • HTML
  • RSS
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Customized SPI fire walling and VPN connections are possible on request and at additional cost. Standard SPI fire walling is included in cost.

Availability and resilience

Availability and resilience
Guaranteed availability Hosting is with Azure which has the following SLA's on services used:
CDN - guarantee 99.9%
Cloud services and Virtual Machines - 99.95%

Historically we have greater than 99.999% / year unforeseen events.
We provide an SLA response time to any incident within 3 hours
Approach to resilience Available on request
Outage reporting A public dashboard

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication We integrate custom and bespoke login accounts on clients requests though a few off- the-shelf solutions are available like "Magic link", IP address white listing or OAUTH variations.
Access restrictions in management interfaces and support channels We have predefined roles which allows users administration, editor and publisher rights to the CMS. Role based rights are also used to limit access to content in app and in the web experience.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Underlying platforms and operating systems are patched up to date.
Apps and websites trap and report errors back to our sub systems and are monitored by the technical team.
We audit our own and 3rd party code before release.
We follow a request, change log, release and deploy process to identify changes and issues in code.
We do internal penetration testing and encourage external test by clients.
We train and regularly review our processes with our staff.
Information security policies and processes All issues from reporting, through fixing, source control and release are tracked internally through our development and management software for auditing purposes. Open issues are monitored by the project team, prioritized and driven to close. Issues beyond our control are escalated to providers or reported to 3rd parties to aid in resolving and securing our clients infrastructure. Issues not resolvable are reported back to the client to be assessed and mitigated and we lend support where possible.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All issues from reporting, through fixing, source control and release are tracked internally through our development and management software for auditing purposes. Open issues are monitored by the project team, prioritized and driven to close. Each bug is assessed, reviewed and tested by the development team before release. Since issues can be tracked back to source version we can rollback and track where issues were introduced and assess impact and deploy appropriate hot fixes where necessary.
Vulnerability management type Undisclosed
Vulnerability management approach We monitor industry forums and subscribe to platform and supplier specific alerts and announcements as well as general horizon scanning.
Issues are analysed and a patch developed based on security threat and internal assessments.
Critical security patches are generally developed and deployed in less than 24 hours. Less critical patches are delivered in line with SLA.
Protective monitoring type Supplier-defined controls
Protective monitoring approach N/A
Incident management type Supplier-defined controls
Incident management approach Clients can report incidents by email, phone or via our ticketing system. The reports and progress are available for clients to see but a member of our team will always email or confirm resolution of an issue via email or phone.

As previously started all incidents and issues are tracked and linked to our source control, project management and release processes and systems.

Major incidents will be reported on our public status page.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £500 to £1800 per licence per month
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑