Createful Ltd

Mobile App design & build

We specialise in the design and development of bespoke mobile applications for both iOS and Android. Our user centric approach allows our dedicated, in-house team to work closely with you to rapidly design, develop and deliver on time and within budget. All work undertaken from our studio in Bournemouth, Dorset.

Features

  • Native iOS and Android apps
  • Multi platform hybrid apps & React Native
  • Integration with existing and development of bespoke APIs
  • End-to-end solutions with bespoke back-ends
  • Send notifications to app users
  • Apps for Phones, Tablets, TVs, In-Car, Wearables and Voice-first-devices

Benefits

  • User centric, carefully considered UX and design process
  • Platform specific considered design
  • Robust agile development process
  • High performance, robust secure and scalable solutions
  • Rigorous testing and quality assurance process
  • On-going automated monitoring, analytics and proactive support & maintenance

Pricing

£650 to £750 per person per day

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

7 1 3 4 6 5 7 5 3 6 5 1 3 2 3

Contact

Createful Ltd

Kriss Bennett

+441202551667

government@createful.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
None
System requirements
IOS or Android App Store or Enterprise Deployment

User support

Email or online ticketing support
Email or online ticketing
Support response times
Mon-Fri (excl. Bank Holidays), triage within 1 hour.
Weekends & out of hours, dependant on individual client support package.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support packages are tailored to the requirements of each individual client project.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We can provide in-depth training to help our clients use the service. This can be done on-site or remotely, backed up with supporting documentation.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Full backup of all source files and databases.
End-of-contract process
At the end of contract, if not renewed and the existing solution is to be retained, the buyer will need to cover the full cost of migration. This is something we can offer as a service, or can be an activity carried out by the new supplier.

Using the service

Web browser interface
No
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
This service is mobile device specific so is not applicable to a desktop service.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Every solution we deliver is unique to our clients' needs.

Scaling

Independence of resources
If an app has a data backed API then this is deployed on client-specific, dedicated VPS servers.

Analytics

Service usage metrics
Yes
Metrics types
Google Analytics
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
This is largely dependant upon the bespoke solution we deliver. Typically this would be completed through a export mechanic within the app or through a web portal.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • Dependant upon app requirements
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • Dependant upon app requirements

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The Amazon AWS servers we use have a guaranteed Monthly Uptime Percentage (https://aws.amazon.com/ec2/sla/).
Approach to resilience
Available on request.
Outage reporting
Email alerts.

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
This is dependant upon client requirements, but typically an app is publicly available. Any administration areas are restricted by IP address to only authorised known list and controlled through authentication process.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Description of management access authentication
Plus IP restricted access through Firewall configurations

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials
Information security policies and processes
Details contained within our Information Security Policy and is available upon request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Details contained within our Change Management Policy and is available upon request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Details contained within our Vulnerability Management Policy and is available upon request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Details contained within our Vulnerability Management Policy and is available upon request.
Incident management type
Supplier-defined controls
Incident management approach
Details contained within our Support Management Policy and is available upon request.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£650 to £750 per person per day
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑