Softools Ltd

Softools is a Zero code App build and deployment platform

Softools is a web-based application platform where off-the-shelf and custom apps can be designed, built and deployed in hours. Softools business process apps replace 1,000s of simple or complex legacy or Excel-based applications that are not secure, not scalable, not mobile, not integrated, not supported and not fit-for-purpose.


  • Softools runs in a secure and scalable cloud
  • All Apps are built and deployed with zero code
  • New site set up in minutes
  • Security and permissions is built in
  • Mobile first design means it works on all devices
  • 1000's of off the shelf apps available
  • Apps built in hours not weeks/months
  • Workflow options built in
  • 100's of different reports and dashboards available
  • Replaces Business Critical Excel based processes


  • Visibility and tracking of data
  • Cloud based - use anytime anywhere
  • Bespoke solutions BUT without bespoke code
  • Allows you to connect and exchange data with internal systems
  • Softools is fast to build, deploy and use
  • Hosted on the Microsoft Azure hosting platform
  • "Single source of the truth" for data
  • Scalable to enable 1 million users and 1,000s of apps
  • Security and permissions available out of the box
  • Dashboards and reports are always live


£240 per user per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

1 3 4 8 8 4 2 5 8 9 0 8 6 4 2


Softools Ltd

Andy Bruce

01491 412 400

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Softools can take data feeds from other systems such as SAP / Oracle / Sales Force, so can be used as an add on to those services, but is mostly used stand alone
Cloud deployment model Public cloud
Service constraints Needs an internet connection and a modern (HTML5) compliant browser
System requirements
  • Internet Connection
  • Modern browser (HTML5 compliant)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Online ticketing support provides response within xxx hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Level 1 support: all SofTools applications contain a high level of online support. This includes:

o The ‘Virtual Consultant’ form specific help for users providing ‘quick tips’ on how to complete the

best practice templates

o The more comprehensive Online Coach provides a full e-learning capability which reflects

different learning styles

o All system screens also contain context sensitive online help

o Finally, all users have access to the web-based system FAQs – an online forum containing

frequently-asked questions and answers on all aspects of operation

 Level 2 support: is provided to users via the internal (client) Administrators. 99% of all support calls

relate to question of what aspect of the application to use when – these can only be answered by internal

experts and managers

 Level 3 support: SofTools provide technical help to client Administrators and internal technical staff via

the email and telephone help desk facility. Levels of support are defined in the Service Level Agreement

which forms part of the standard contract with the individual client
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite training will be provided initially to the customer, allowing training of those within the organisation who will train the bulk of the users / new users etc. User documentation is also provided. Online FAQs and telephone support are also available.
Service documentation Yes
Documentation formats Other
Other documentation formats On line support site
End-of-contract data extraction User can extract their own data at the end of the contract, or data can be provided to the customer in a suitable format
End-of-contract process Following notice of termination of the contract, Softools will work with the customer to ensure a smooth hand back of data and close down of the system. This is included in the ongoing cost of the licences.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Service interface No
What users can and can't do using the API All aspects of Softools are available via API's

The whole platform is API based
API documentation Yes
API documentation formats Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation All elements can be customised, including Apps / Reports / Homapges


Independence of resources We are in a multi tenant environment, part the platform architecture auto scales using Microsoft Azure work load and scaling management


Service usage metrics Yes
Metrics types Logged statistics on usage, numbers of users, data storage
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Other
Other data at rest protection approach Option for encryption at rest available for single tenant enviroments
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Via API, or CSV, or word
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99% up time guaranteed
Approach to resilience Redundancy available if required, via CDN and replication services
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Same as the main platform - admin is determined by permissions set up within the system
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Covered under the Microsoft Azure hosting platform
ISO/IEC 27001 accreditation date See
What the ISO/IEC 27001 doesn’t cover See
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date See azure trust centre
CSA STAR certification level Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach ISO 9001 accreditation means we have policy documents covering security
Information security policies and processes We have in place an information security policy

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Agile Sprints with internal systems tracking activity and progress
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Microsoft Azure manages this as part of the service
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Microsoft Azure manages this as part of the service
Incident management type Supplier-defined controls
Incident management approach Internal systems with email based logging

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £240 per user per year
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑