Capita Business Services Limited

Advantage Digital Smart Apps

A cloud hosted platform enabling the rapid development of smartphone apps and content for iOS, Android and Windows Phone. Capita deploys configured apps to the relevant stores, with the platform then being utilised to control content, forms, integration, workflow and branding. PCI compliant payments are also supported.

Features

  • Creation of apps and editing of app pages and content
  • Design templates for a simple and professional look and feel
  • Smart, non-technical form designer with reusable form controls
  • API allowing integration to back office applications
  • Built-in integration to Twitter and RSS feeds
  • Sends notifications to app users
  • Payments; customers can make secure payments for services in seconds
  • Use of a mobile device’s integral GPS functionality
  • Capture and review of submitted data from users
  • Reporting on app usage

Benefits

  • Easily create, deploy and update functionally rich branded, tailored apps
  • Achieve cost and time savings through effective channel shift
  • Back office system and payments integration; delivering more for less
  • Develop with pace; create professional and engaging apps with ease
  • Deliver with agility; manage content proactively over time
  • Simple, low code development; publish professional content quickly without coding
  • Rich functionality offers large choice of features from one platform
  • Use insight to drive strategy; inbuilt engagement and behaviour tracking
  • Promote your organisation’s digital identity to a much wider audience
  • Quickly create positive, productive two-way dialogue with customers

Pricing

£3000 per instance per year

Service documents

G-Cloud 9

747058448574647

Capita Business Services Limited

Capita Business Services Ltd

0870 240 7341

capitaconsultingtenders@capita.co.uk

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to The service is an end-to-end digital platform enabling organisations to deliver exceptional customer service. Advantage Digital Enterprise incorporates the Advantage Digital Portal, Advantage Digital Forms and Contact Manager, Advantage Digital Smart Apps and Advantage Digital Local Welfare Assistance/Scottish Welfare Fund solutions. These individual components are all available via G-Cloud.
Cloud deployment model Private cloud
Service constraints Advantage Digital Smart Apps (public facing) shall provide at least 99.5% availability during scheduled operating hours, defined as 24 hours a day, 365 days per year, excluding scheduled downtime. The Management Console (internal facing) shall provide at least 99.0% availability during supported office hours, defined as 8am-6pm Monday-Friday, excluding English public holidays and scheduled downtime.

Scheduled downtime covers tasks including, but not limited to, new releases (software upgrades) and server patching. In cases of unscheduled downtime for emergency changes, we will endeavour, but cannot guarantee, to complete work outside normal office hours (9am-5.30pm Monday-Friday).
System requirements
  • The latest version of either IE, Firefox or Chrome browser
  • Internet access for the Management Console
  • The current or minus one major Android or iOS versions

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times apply Monday–Friday, 08:00-18:00.
High Severity (must be logged by telephone): day-to-day work cannot be continued, or assistance needed to meet business-critical deadlines. We aim to respond within one working hour and, whenever possible, provide a solution/advise how quickly a solution will be available.
Medium Severity: day-to-day work can be continued, but there is still a requirement for a speedy resolution. We aim to respond within four working hours.
Low Severity: day-to-day work can be continued but the problem is minor. We aim to respond within two working days.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Help Desk requests are logged on a call tracking system and dealt with in priority and severity order. The Help Desk is operated Monday-Friday, 08:00-18:00. Requests are logged online, by email or by telephone.

High Severity: day-to-day work cannot be continued, or assistance needed to meet business-critical deadlines. We aim to respond within one hour.
Resolution: continuous monitoring and customer updating until the fault is resolved, which we aim to be within four hours.

Medium Severity: day-to-day work can be continued, but there is still a requirement for a speedy resolution. We aim to respond within four working hours.
Resolution: whenever possible, a solution will be given or we will advise how quickly a solution will be available, within eight hours.

Low Severity: day-to-day work can be continued and the problem is minor. We aim to respond within two working days.
Resolution: whenever possible, a solution will be given or we will advise how quickly a solution will be available, within five working days.

A technical account manager is available under the standard escalation procedure within our Service Charter.

The cost of on-site support consultancy is detailed in the pricing document.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Onboarding to Advantage Digital Smart Apps can be a very swift process and delivered within any reasonable timescale, varying accordingly to Project dependencies and deliverables. Once requirements have been analysed and configuration of the base mobile app has been completed, on-site training will be delivered, supported by a comprehensive set of user documentation. This documentation is updated in line with each release of the software and is provided in PDF format. Training will focus on how to use the Management Console to create content and pages within the app, at which point most customers liaise internally to create and build all the content required.
Once all the content has been created, the Go Live readiness process is initiated. This involves the Customer providing mandatory information required for app store submissions, usually including required artwork files and logos. It also involves copying the app from the Test Environment into the Live Environment. Once this stage has been completed, the app can be released for live use.
To support the onboarding process, Capita can provide a range of services including Project Management, Business Analysis, Technical Consultancy and Business/Training Consultancy.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The data extraction format may be via standard methods such as CSV, SQL database extract or XML. At the end of the Contract, Capita and the buyer will determine the most appropriate method of data extraction depending upon the buyer’s specific requirements and availability.
End-of-contract process At the end of the Contract, Capita and the buyer will determine the most appropriate method of data extraction depending upon the buyer’s specific requirements and availability. This process will be fully scoped and project managed with Capita’s technical staff. Any cost associated with end of Contract activity will be provided as scoped.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Advantage Digital Smart Apps enables any organisation to design and deploy professional, corporate smartphone apps. The service has therefore been designed to work primarily on mobile devices.

The Management Console is a back-office solution and not therefore seen as being required to be responsive on mobile devices.
Accessibility standards None or don’t know
Description of accessibility The Smart Apps platform is a content management system where customers have control over their own design.
The platform currently uses the Material design for apps. Material design’s built-in accessibility considerations will help customers accommodate all users’ accessibility issues.
Accessibility testing We do not do any specific interface testing currently, but are actively investigating this as part of our ongoing product enhancement process.
API Yes
What users can and can't do using the API There are a range of web services which allow approved third parties to pull data in or out of the system and send notifications in a secure manner. This data can relate to the app content, such as events, points of interest, news articles etc, but also analytics data such as app usage.
The web services use a REST interface and the data is formatted as JSON. There are test tools available in the Management Console.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The service includes a Management Console which is equivalent to a CMS system controlled by administration users. This can be used to change the content of the app by adding text, pages, links, images, etc, and this will update in real-time when users who have the app downloaded refresh the app content.

Scaling

Scaling
Independence of resources This is an Azure cloud service managed by Microsoft, and we will scale the service elastically on demand to ensure a consistent customer experience.

Analytics

Analytics
Service usage metrics Yes
Metrics types Metrics detailing Smart App downloads can be provided to the buyer on request. Smart App data can be analysed through integration with Google Analytics.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Other
Other data at rest protection approach Sensitive data fields are encrypted in the SQL Azure database.
Persistent personal data is stored via vendor defined secure storage (eg, iOS Keychain).
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach All Smart App content is managed through the Management Console. There are a number of reports available to be run online, and the results of these can then be extracted in CSV, XML and MS Excel formats. These reports include data from citizens’ form submissions.

We are happy to discuss any further data export requirements you may have.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • MS Excel
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network The network is contained within the Azure platform and data flow security is internally managed by Microsoft to industry leading security standards.

Availability and resilience

Availability and resilience
Guaranteed availability Advantage Digital Smart Apps, as a public-facing web application, shall provide at least 99.5% availability during scheduled operating hours, defined as 24 hours a day, 7 days per week, 365 days per year, excluding scheduled downtime.

The Management Console internal-facing web application shall provide at least 99.0% availability during supported office hours, which is defined as 8am to 6pm Monday to Friday, excluding English public holidays and excluding scheduled downtime.

The scheduled downtime will cover tasks including, but not limited to, new releases (software upgrades). In addition to the scheduled downtime there will be occasions where Capita is required to initiate unscheduled downtime for emergency changes. In exceptional cases when emergency changes are required, we will endeavour, but cannot guarantee, to complete this work outside of the core normal office hours (9am-5.30pm Monday to Friday).

Specific requirements pertaining to refunds regarding service level agreements will need to be discussed with the individual buyer at the time of procurement.
Approach to resilience Detailed information on our resilience procedures and processes is available on request.
Outage reporting Email alerts for planned periods of outage are issued to customers at least two weeks in advance. In the event of an unplanned outage, email alerts will be sent detailing the issue and the progress of a resolution.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Some Smart Apps incorporate a one-time access code, otherwise no authentication is required where non-personal data is presented through the app.
Access restrictions in management interfaces and support channels Access to the Smart Apps Management Console is by username and password.

Access to the Capita Support Portal is controlled by username and password. All new customers with responsibility for contacting the Support Desk are encouraged to register on the Support Portal. If customers contact us by telephone or email, their details are first matched to an existing registration. If none exists, they are either asked to register or, if appropriate, the details of their call are linked to a colleague who is registered.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes As part of Capita Business Services, we work to policies and standards that are aligned with ISO27001, these are agreed and signed off by the Group CEO and cascaded to the businesses via an internal intranet site and email communication. In addition, each year when staff complete their annual training they agree to comply with both Group and Business Unit Level policies.
Information Security staff as well as Capita Audit complete announced and unannounced checks to ensure that the policies and standards are being followed. Any non-conformities are reviewed and dealt with appropriately.
Information Security is dealt with at all levels of the business including at the Business Unit, Divisional Unit and Capita Group.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach As part of the ISO27001 Accredited ISMS we have a defined and documented change control process. At the core of this change control process is an assessment on all areas of the system including security. If the risk to security is deemed to be high, it is assessed by Information Security. All Change requests are stored on a CRM system and as part of our 27001 audit schedule are randomly checked to ensure accurate record-keeping is maintained and the process followed.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The solution is hosted in the Microsoft cloud in SQL Azure and Cloud Services. Microsoft maintain the major configuration, patching and updates of platforms these services run on, including the database, operating system and network. Security Health Monitoring is configured across our Azure estate to ensure compliance with best practice.

The Management Console is built on a third party RAD platform, p-tested annually. Significant changes require review by an external security manager. Once available, required patches to this software can be applied in less than 24 hours. App patches are subject to third party store approval and may take longer.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Security Health Monitoring in Azure will flag significant issues in the platform configuration. Additionally, logging within the solution identifies a number of unusual behaviours, such as repeated failed security credentials or access from outside of certain geographic locations. All security issues are reported to an external security manager to assess the risk and review/support the resolution.
Incident management type Supplier-defined controls
Incident management approach We have a defined, approved and tested Incident Management process, the process has a list of example incidents that are designed to cover a wide range of scenarios. All staff are made aware of the incident reporting process and randomly tested for effectiveness.
Incident reports will be passed to relevant customers if there has been an impact to their environment or data.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £3000 per instance per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑