Ancoris Limited


LumApps is the intranet recommended by Google for G Suite customers. It lets employees access their work environment: content, news, documents, communities, business apps or user directory. LumApps is designed to enable internal communication teams to be autonomous to manage the intranet.


  • Integrated with G Suite: Authentication and synchronisation with Google
  • Profiled content: Appropriate information, depending on user profile
  • Design and user experience fully customizable
  • News and articles
  • Widgets available (email, calendar, content list etc.)
  • Enriched User directory: Custom fields, skills, org. chart
  • Social features: communities to share information, photos, videos
  • Global search engine aggregates sources: contents, sites, Drive, user directory
  • Web Administration: Sites can be created by functional users


  • Create Digital workers, quickly onboard everyone in the digital world
  • Engage collaborators, spread corporate culture, ask for their feedback
  • Increase operational efficiency, tear down silos, provide the right information
  • Job board: Promote internal mobility.
  • Responsive design: offers high-quality user interface


£2300 per user per year

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

7 0 9 7 7 1 5 8 6 1 5 1 8 4 6


Ancoris Limited

David McLeman|Phil Jordan|Trevor Cook

+44 (0) 8452626745

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements Internet Connectivity with a modern web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 9 to 5 (UK time), Monday to Friday
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Very high priority with 4 hours response 24 hours a day is available,
Standard support is 72 hours response
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Guided on line training, on site training. Plus set up wizard.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Upon termination all data is supplied by in a readable format.
End-of-contract process Customers can export data, must complete before service expiry. Data is deleted after service end.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Responsive design for tablets and desktop.
Service interface No
Customisation available Yes
Description of customisation Look and feel , workflows, roles and responsibilities


Independence of resources Developed on highly scalable PAAS, hosted on Google cloud. . Already supporting 1,000s of customers.
Application developed using multi tenanted design principles.


Service usage metrics Yes
Metrics types Traffic, engagement and user adoption metrics
Reporting types
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold LumApps

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach At the end of the contract the data is provided to the customer.
Data export formats
  • CSV
  • Other
Other data export formats Google Docs
Data import formats
  • CSV
  • Other
Other data import formats Google docs

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99%
Approach to resilience Our delivery platform auto scales up to handle peak workloads. Data Centre provider can automatically fail over service to alternate data centres seamlessly to clients. Daily backups are taken to support emergency restoration in the unlikely event of some catastrophe.
Outage reporting Data centre outages are reported on a publicly accessible portal. Service disruption notifications which are planned are notified by email in advance. Unplanned service outages are notified publicly via our Twitter account.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels Google Single Sign On via OAuth or via Username/Password
Access restriction testing frequency At least every 6 months
Management access authentication Identity federation with existing provider (for example Google Apps)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Datacenter and PaaS supplier certified ISO/IEC 27001 by EY CertifyPoint
ISO/IEC 27001 accreditation date 11/5/2012
What the ISO/IEC 27001 doesn’t cover Data center and PaaS supplier certified to ISO/IEC 27001 , other elements which are covered by Appogee HR's Cyber Essentials Plus accreditation
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Data Center Hosting and Platform provider is certified to ISO 27001, SSAE16 / ISAE 3402 Type II: SOC 3, ISO 27017 Cloud Security, ISO 27018 Cloud Privacy
Information security policies and processes LumApps data security policy.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes documented in code repository. Auto-published for automated unit and system tests. Supplemented by ad-hoc testing. Sign off for production system which can run multiple concurrent versions. When new version validated it is pushed to all clients. Emergency fixes override this on management authority, post reviewed by Operations Team.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Our data centre provider has large Information Security Team including experts in information, application, and network security. They are maintain defense systems, security review processes, build infrastructure and implement policies. We also run independent vulnerability scans on a monthly basis which delivers an actionable report where it has findings.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach This involves our data centre provider tightly controlling the size and make-up of their attack surface through preventative measures, employing intelligent detection controls at data entry points, and employing technologies that automatically remedy certain dangerous situations.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our Data Centre's program is structured around the NIST guidance on handling incidents (NIST SP 800–61). Key staff are trained in forensics and handling evidence in preparation for an event, including the use of third-party and proprietary tools. Testing of incident response plans is performed for key areas. These tests take into consideration a variety of scenarios, including insider threats and software vulnerabilities.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2300 per user per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial 30 days

Service documents

Return to top ↑