Softools Ltd

Softools is a Zero code App build and deployment platform

Softools is a web-based application platform where off-the-shelf and custom apps can be designed, built and deployed in hours. Softools business process apps replace 1,000s of simple or complex legacy or Excel-based applications that are not secure, not scalable, not mobile, not integrated, not supported and not fit-for-purpose.


  • Softools runs in a secure and scalable cloud
  • All Apps are built and deployed with zero code
  • New site set up in minutes
  • Security and permissions is built in
  • Mobile first design means it works on all devices
  • 1000's of off the shelf apps available
  • Apps built in hours not weeks/months
  • Workflow options built in
  • 100's of different reports and dashboards available
  • Replaces Business Critical Excel based processes


  • Visibility and tracking of data
  • Cloud based - use anytime anywhere
  • Bespoke solutions BUT without bespoke code
  • Allows you to connect and exchange data with internal systems
  • Softools is fast to build, deploy and use
  • Hosted on the Microsoft Azure hosting platform
  • "Single source of the truth" for data
  • Scalable to enable 1 million users and 1,000s of apps
  • Security and permissions available out of the box
  • Dashboards and reports are always live


£240 per user per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

1 3 4 8 8 4 2 5 8 9 0 8 6 4 2


Softools Ltd

Andy Bruce

01491 412 400

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Softools can take data feeds from other systems such as SAP / Oracle / Sales Force, so can be used as an add on to those services, but is mostly used stand alone
Cloud deployment model
Public cloud
Service constraints
Needs an internet connection and a modern (HTML5) compliant browser
System requirements
  • Internet Connection
  • Modern browser (HTML5 compliant)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Online ticketing support provides response within xxx hours
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Level 1 support: all SofTools applications contain a high level of online support. This includes:

o The ‘Virtual Consultant’ form specific help for users providing ‘quick tips’ on how to complete the

best practice templates

o The more comprehensive Online Coach provides a full e-learning capability which reflects

different learning styles

o All system screens also contain context sensitive online help

o Finally, all users have access to the web-based system FAQs – an online forum containing

frequently-asked questions and answers on all aspects of operation

 Level 2 support: is provided to users via the internal (client) Administrators. 99% of all support calls

relate to question of what aspect of the application to use when – these can only be answered by internal

experts and managers

 Level 3 support: SofTools provide technical help to client Administrators and internal technical staff via

the email and telephone help desk facility. Levels of support are defined in the Service Level Agreement

which forms part of the standard contract with the individual client
Support available to third parties

Onboarding and offboarding

Getting started
Onsite training will be provided initially to the customer, allowing training of those within the organisation who will train the bulk of the users / new users etc. User documentation is also provided. Online FAQs and telephone support are also available.
Service documentation
Documentation formats
Other documentation formats
On line support site
End-of-contract data extraction
User can extract their own data at the end of the contract, or data can be provided to the customer in a suitable format
End-of-contract process
Following notice of termination of the contract, Softools will work with the customer to ensure a smooth hand back of data and close down of the system. This is included in the ongoing cost of the licences.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Service interface
What users can and can't do using the API
All aspects of Softools are available via API's

The whole platform is API based
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
All elements can be customised, including Apps / Reports / Homapges


Independence of resources
We are in a multi tenant environment, part the platform architecture auto scales using Microsoft Azure work load and scaling management


Service usage metrics
Metrics types
Logged statistics on usage, numbers of users, data storage
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Other
Other data at rest protection approach
Option for encryption at rest available for single tenant enviroments
Data sanitisation process
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Via API, or CSV, or word
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99% up time guaranteed
Approach to resilience
Redundancy available if required, via CDN and replication services
Outage reporting
Email alerts

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Same as the main platform - admin is determined by permissions set up within the system
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Covered under the Microsoft Azure hosting platform
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
See azure trust centre
CSA STAR certification level
Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
ISO 9001 accreditation means we have policy documents covering security
Information security policies and processes
We have in place an information security policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Agile Sprints with internal systems tracking activity and progress
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Microsoft Azure manages this as part of the service
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Microsoft Azure manages this as part of the service
Incident management type
Supplier-defined controls
Incident management approach
Internal systems with email based logging

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£240 per user per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑