Mockingbird Consulting Ltd

Managed LoRaWAN Infrastructure

A fully managed long-range, low-power, Internet of Things platform from sensor to data analysis


  • Long Range, Low Power data collection to manage your environment
  • Fully managed data collection and analysis platform for the IoT
  • Deployed to a cloud provider or datacentre of your choosing


  • Centralised data collection from hundreds or thousands of devices
  • Rapidly deploy sensors across rural and urban environments
  • Full data analysis included, with API's available for direct query


£499 per instance per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11


Mockingbird Consulting Ltd

Matthew Macdonald-Wallace


Service scope

Service scope
Service constraints None
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Depends on support contract agreed, but between 1 and 8 business hours where there is no 24x7 contract in place, and between 15 minutes to 4 hours if 24x7 contract has been agreed.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support No
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Unsure, HTML-based
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels Support costs are included in the monthly platform costs and vary depending on the services required.

We provide all levels of support from UK business Hours through to 24x7 support
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started On site training and documentation are provided as standard, with additional workshops on more advanced features also available
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction All of the data is accessible via an API in documented open formats and can be extracted by the client at any time.

We are also able to provide an export of all data in a range of formats including CSV, JSON, and XML.
End-of-contract process At the end of the contract, there will be an option to either renew, or to be provided with all the data contained within the platform in an agreed format.

If the client wishes to migrate to their own installation of a similar platform, there will be additional consultancy charges to assist with that migration.

Using the service

Using the service
Web browser interface Yes
Using the web interface All functionality is available through the web interface including the creation of nodes, gateways, and integrations with other platforms.
Web interface accessibility standard None or don’t know
How the web interface is accessible No idea, not tested
Web interface accessibility testing None
What users can and can't do using the API All of the functionality of the web interface.
API automation tools Other
Other API automation tools None as yet, but Terraform is on the way
API documentation Yes
API documentation formats Open API (also known as Swagger)
Command line interface No


Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources Depending on the product requested, we either scale the shared platform based on demand or provide a dedicated cluster for the client that is solely for their use.
Usage notifications Yes
Usage reporting
  • Email
  • Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics IoT Device/Gateway Metrics
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach Data is all stored on cloud providers or in client data centre, so we would expect to use existing disk-encryption services as they are available to us.
Data sanitisation process No
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
Backup controls Backups are fully managed and configured by Mockingbird Consulting based on client need.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability SLA is based on the SLA's of the underlying cloud provider/datacentre, and any refunds for unmet SLA's will also be tied to the refund policy of the cloud provider/datacentre chosen.

This will be negotiated on a per-project basis due to the number of variables involved.
Approach to resilience All clusters as deployed in an "N+1" configuration as a minimum specification, with additional options available on request.

All configuration is kept as "infrastructure as code", and the platform can be redeployed from scratch in under 1 hour.
Outage reporting Depends on the customer's preference, however we can provide alerting via email, slack, webhook, or SMS (additional charges may be incurred for some of these methods).

Public dashboards and API's are available for some components of the platform on request.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Role-based Access control is applied to all areas of our platform.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We are working towards various standards including the CyberSecurity award, however at present we do not have this in place.
Information security policies and processes All members of staff report directly to the board, failure to follow policies results in appropriate action being taken, and where staff do follow policies consistently they are rewarded.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes are made under the "Infrastructure as Code" approach, and require a pull request and all the appropriate checks in the CI pipeline to pass before they can be merged, providing a full audit trail of who and what was changed.

All commits are linked back to the ticketing system, so we are able to track where a request came from and who approved the development time.
Vulnerability management type Undisclosed
Vulnerability management approach Alerts are sent to Operations Team whenever updates are available, roll out of these updates are then agreed with the customer.

Patch levels and schedules are negotiated based on customer need at point of contract, however all patches are tested in a staging environment before deployment.

Information about potential threats are obtained from and the appropriate open source projects.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We use host and network-based intrusion detection systems, as well as anti-virus and platform monitoring.

Responses follow a pre-defined procedure which will be made available to the client at the start of the contract.

Security incidents are triaged within 15 minutes of being detected, further action is taken depending on the assessed severity.
Incident management type Supplier-defined controls
Incident management approach Incident management procedures follow our internal guidelines based on years of experience managing incidents within the IT industry.

These procedures are available upon request.

Incidents can be reported via telephone, email, or a support ticket, and reports are provided within 48 hours of an incident being resolved.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres Depends on Cloud Provider and Data Centre selected for use by the client


Price £499 per instance per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial 7 days full access to trial version of the platform, with the option to convert to a paid-for version without data loss.

We cannot provide a free trial of gateways and end devices at this time, however we are willing to consider a discounted period for hardware

Service documents

odt document: Pricing document odt document: Terms and conditions
Service documents
Return to top ↑