A cloud hosted platform enabling the rapid development of smartphone apps and content for iOS, Android and Windows Phone. Capita deploys configured apps to the relevant stores, with the platform then being utilised to control content, forms, integration, workflow and branding. PCI compliant payments are also supported.
- Creation of apps and editing of app pages and content
- Design templates for a simple and professional look and feel
- Smart, non-technical form designer with reusable form controls
- API allowing integration to back office applications
- Built-in integration to Twitter and RSS feeds
- Sends notifications to app users
- Payments; customers can make secure payments for services in seconds
- Use of a mobile device’s integral GPS functionality
- Capture and review of submitted data from users
- Reporting on app usage
- Easily create, deploy and update functionally rich branded, tailored apps
- Achieve cost and time savings through effective channel shift
- Back office system and payments integration; delivering more for less
- Develop with pace; create professional and engaging apps with ease
- Deliver with agility; manage content proactively over time
- Simple, low code development; publish professional content quickly without coding
- Rich functionality offers large choice of features from one platform
- Use insight to drive strategy; inbuilt engagement and behaviour tracking
- Promote your organisation’s digital identity to a much wider audience
- Quickly create positive, productive two-way dialogue with customers
£3000 per instance per year
Capita Business Services Limited
Capita Business Services Ltd
0870 240 7341
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||The service is an end-to-end digital platform enabling organisations to deliver exceptional customer service. Advantage Digital Enterprise incorporates the Advantage Digital Portal, Advantage Digital Forms and Contact Manager, Advantage Digital Smart Apps and Advantage Digital Local Welfare Assistance/Scottish Welfare Fund solutions. These individual components are all available via G-Cloud.|
|Cloud deployment model||Private cloud|
Advantage Digital Smart Apps (public facing) shall provide at least 99.5% availability during scheduled operating hours, defined as 24 hours a day, 365 days per year, excluding scheduled downtime. The Management Console (internal facing) shall provide at least 99.0% availability during supported office hours, defined as 8am-6pm Monday-Friday, excluding English public holidays and scheduled downtime.
Scheduled downtime covers tasks including, but not limited to, new releases (software upgrades) and server patching. In cases of unscheduled downtime for emergency changes, we will endeavour, but cannot guarantee, to complete work outside normal office hours (9am-5.30pm Monday-Friday).
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Response times apply Monday–Friday, 08:00-18:00.
High Severity (must be logged by telephone): day-to-day work cannot be continued, or assistance needed to meet business-critical deadlines. We aim to respond within one working hour and, whenever possible, provide a solution/advise how quickly a solution will be available.
Medium Severity: day-to-day work can be continued, but there is still a requirement for a speedy resolution. We aim to respond within four working hours.
Low Severity: day-to-day work can be continued but the problem is minor. We aim to respond within two working days.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Help Desk requests are logged on a call tracking system and dealt with in priority and severity order. The Help Desk is operated Monday-Friday, 08:00-18:00. Requests are logged online, by email or by telephone.
High Severity: day-to-day work cannot be continued, or assistance needed to meet business-critical deadlines. We aim to respond within one hour.
Resolution: continuous monitoring and customer updating until the fault is resolved, which we aim to be within four hours.
Medium Severity: day-to-day work can be continued, but there is still a requirement for a speedy resolution. We aim to respond within four working hours.
Resolution: whenever possible, a solution will be given or we will advise how quickly a solution will be available, within eight hours.
Low Severity: day-to-day work can be continued and the problem is minor. We aim to respond within two working days.
Resolution: whenever possible, a solution will be given or we will advise how quickly a solution will be available, within five working days.
A technical account manager is available under the standard escalation procedure within our Service Charter.
The cost of on-site support consultancy is detailed in the pricing document.
|Support available to third parties||No|
Onboarding and offboarding
Onboarding to Advantage Digital Smart Apps can be a very swift process and delivered within any reasonable timescale, varying accordingly to Project dependencies and deliverables. Once requirements have been analysed and configuration of the base mobile app has been completed, on-site training will be delivered, supported by a comprehensive set of user documentation. This documentation is updated in line with each release of the software and is provided in PDF format. Training will focus on how to use the Management Console to create content and pages within the app, at which point most customers liaise internally to create and build all the content required.
Once all the content has been created, the Go Live readiness process is initiated. This involves the Customer providing mandatory information required for app store submissions, usually including required artwork files and logos. It also involves copying the app from the Test Environment into the Live Environment. Once this stage has been completed, the app can be released for live use.
To support the onboarding process, Capita can provide a range of services including Project Management, Business Analysis, Technical Consultancy and Business/Training Consultancy.
|End-of-contract data extraction||The data extraction format may be via standard methods such as CSV, SQL database extract or XML. At the end of the Contract, Capita and the buyer will determine the most appropriate method of data extraction depending upon the buyer’s specific requirements and availability.|
|End-of-contract process||At the end of the Contract, Capita and the buyer will determine the most appropriate method of data extraction depending upon the buyer’s specific requirements and availability. This process will be fully scoped and project managed with Capita’s technical staff. Any cost associated with end of Contract activity will be provided as scoped.|
Using the service
|Web browser interface||No|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Advantage Digital Smart Apps enables any organisation to design and deploy professional, corporate smartphone apps. The service has therefore been designed to work primarily on mobile devices.
The Management Console is a back-office solution and not therefore seen as being required to be responsive on mobile devices.
|Accessibility standards||None or don’t know|
|Description of accessibility||
The Smart Apps platform is a content management system where customers have control over their own design.
The platform currently uses the Material design for apps. Material design’s built-in accessibility considerations will help customers accommodate all users’ accessibility issues.
|Accessibility testing||We do not do any specific interface testing currently, but are actively investigating this as part of our ongoing product enhancement process.|
|What users can and can't do using the API||
There are a range of web services which allow approved third parties to pull data in or out of the system and send notifications in a secure manner. This data can relate to the app content, such as events, points of interest, news articles etc, but also analytics data such as app usage.
The web services use a REST interface and the data is formatted as JSON. There are test tools available in the Management Console.
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||The service includes a Management Console which is equivalent to a CMS system controlled by administration users. This can be used to change the content of the app by adding text, pages, links, images, etc, and this will update in real-time when users who have the app downloaded refresh the app content.|
|Independence of resources||This is an Azure cloud service managed by Microsoft, and we will scale the service elastically on demand to ensure a consistent customer experience.|
|Service usage metrics||Yes|
|Metrics types||Metrics detailing Smart App downloads can be provided to the buyer on request. Smart App data can be analysed through integration with Google Analytics.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||
Sensitive data fields are encrypted in the SQL Azure database.
Persistent personal data is stored via vendor defined secure storage (eg, iOS Keychain).
|Data sanitisation process||No|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
All Smart App content is managed through the Management Console. There are a number of reports available to be run online, and the results of these can then be extracted in CSV, XML and MS Excel formats. These reports include data from citizens’ form submissions.
We are happy to discuss any further data export requirements you may have.
|Data export formats||
|Other data export formats||
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||Other|
|Other protection within supplier network||The network is contained within the Azure platform and data flow security is internally managed by Microsoft to industry leading security standards.|
Availability and resilience
Advantage Digital Smart Apps, as a public-facing web application, shall provide at least 99.5% availability during scheduled operating hours, defined as 24 hours a day, 7 days per week, 365 days per year, excluding scheduled downtime.
The Management Console internal-facing web application shall provide at least 99.0% availability during supported office hours, which is defined as 8am to 6pm Monday to Friday, excluding English public holidays and excluding scheduled downtime.
The scheduled downtime will cover tasks including, but not limited to, new releases (software upgrades). In addition to the scheduled downtime there will be occasions where Capita is required to initiate unscheduled downtime for emergency changes. In exceptional cases when emergency changes are required, we will endeavour, but cannot guarantee, to complete this work outside of the core normal office hours (9am-5.30pm Monday to Friday).
Specific requirements pertaining to refunds regarding service level agreements will need to be discussed with the individual buyer at the time of procurement.
|Approach to resilience||Detailed information on our resilience procedures and processes is available on request.|
|Outage reporting||Email alerts for planned periods of outage are issued to customers at least two weeks in advance. In the event of an unplanned outage, email alerts will be sent detailing the issue and the progress of a resolution.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||Some Smart Apps incorporate a one-time access code, otherwise no authentication is required where non-personal data is presented through the app.|
|Access restrictions in management interfaces and support channels||
Access to the Smart Apps Management Console is by username and password.
Access to the Capita Support Portal is controlled by username and password. All new customers with responsibility for contacting the Support Desk are encouraged to register on the Support Portal. If customers contact us by telephone or email, their details are first matched to an existing registration. If none exists, they are either asked to register or, if appropriate, the details of their call are linked to a colleague who is registered.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
As part of Capita Business Services, we work to policies and standards that are aligned with ISO27001, these are agreed and signed off by the Group CEO and cascaded to the businesses via an internal intranet site and email communication. In addition, each year when staff complete their annual training they agree to comply with both Group and Business Unit Level policies.
Information Security staff as well as Capita Audit complete announced and unannounced checks to ensure that the policies and standards are being followed. Any non-conformities are reviewed and dealt with appropriately.
Information Security is dealt with at all levels of the business including at the Business Unit, Divisional Unit and Capita Group.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||As part of the ISO27001 Accredited ISMS we have a defined and documented change control process. At the core of this change control process is an assessment on all areas of the system including security. If the risk to security is deemed to be high, it is assessed by Information Security. All Change requests are stored on a CRM system and as part of our 27001 audit schedule are randomly checked to ensure accurate record-keeping is maintained and the process followed.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
The solution is hosted in the Microsoft cloud in SQL Azure and Cloud Services. Microsoft maintain the major configuration, patching and updates of platforms these services run on, including the database, operating system and network. Security Health Monitoring is configured across our Azure estate to ensure compliance with best practice.
The Management Console is built on a third party RAD platform, p-tested annually. Significant changes require review by an external security manager. Once available, required patches to this software can be applied in less than 24 hours. App patches are subject to third party store approval and may take longer.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Security Health Monitoring in Azure will flag significant issues in the platform configuration. Additionally, logging within the solution identifies a number of unusual behaviours, such as repeated failed security credentials or access from outside of certain geographic locations. All security issues are reported to an external security manager to assess the risk and review/support the resolution.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
We have a defined, approved and tested Incident Management process, the process has a list of example incidents that are designed to cover a wide range of scenarios. All staff are made aware of the incident reporting process and randomly tested for effectiveness.
Incident reports will be passed to relevant customers if there has been an impact to their environment or data.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£3000 per instance per year|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|