C365Cloud

Formation Software

Formation Software is a self-serve digital form generator which adapts to your business and individual processes. Link your organisation's field and office based operations. You can collect data efficiently and securely on any iOS and Android device or via web forms. Suitable for use in any industry.

Features

  • Mobile Data Capture
  • Dynamic Form Design
  • Real-time Reporting
  • Multi Language Support
  • Automated Data Processing
  • Work Management System
  • Secure Audit and Evidence Capture
  • Full Off-Line Functionality
  • Conditional Logic
  • Make online data available offline within data capture forms

Benefits

  • Capture all data on any device in your standard format
  • Update data capture forms quickly and instantly publish changes
  • Streamlined data capture. Do it once; do it right
  • Send information and data in real time to field staff
  • Third party integration without the need to write code
  • Add mobile to your existing systems
  • Reduce paperwork with digital forms
  • Who, What, When, Where, Why - Audit trails
  • Complies with ISO 27001 and assists with GDPR compliance
  • Improved communication between the field and office

Pricing

£5 to £61 per user per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

3 5 8 7 1 5 9 3 6 2 7 1 1 3 7

Contact

C365Cloud

Holly Yates

01924 669940

hyates@compliance365.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Any SQL or MySQL based IT platforms (without the need for Coding).

Works with a range of document management systems (e.g. M-Files and DocuWare).

Full API suite allows two-way integration into any IT platform.
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints
There are no constraints within Formation. Following training, Users can have the ability to administer their system according to business requirements.

Upgrades will be made as required to support device OS upgrades.

Maintenance arrangements can be discussed with individual clients and any software updates will be conducted to minimise disruption.
System requirements
We support iOS & Android current versions (minus two)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our standard SLA response time is 8.30am to 5.30pm Monday to Friday. We do offer weekend support at an extra cost if required by the client.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support and Development resources are based in the UK, including CRM and back office systems. Phone and helpdesk support is available during normal business hours. Mobile application and Field based operative development and support is based in the UK and is available via Phone and Helpdesk (08:00-19:00 Monday-Friday). Second and third line support services are also available via the same location, with a dedicated Account Manager based in the UK.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Stroma would fully engage with the client and users of the system to ensure a managed deployment of the service. This is achieved by following the process below:

Scoping - On site scoping is completed by a Formation Consultant to produce an agreed scope of works.

Build - Formation will be configured to reflect the agreed scope of works.

Deploy - Live and Test/Training environments are deployed to the client.

Train - Full on site training is provided. This is customised to meet the needs of each client to reflect the specific deployed solution with bespoke documentation delivered.

Review - Continuous improvement is delivered utilising feedback from users.

Support - Ongoing 'business as usual' support is provided as detailed.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
All data will be made available to the client in a format requested. Back-up and destruction processes will be adhered to in line with the requirements of our ISO 27001 management policy.
End-of-contract process
All services will be decommissioned on the agreed date. Any data that is required to be transferred will be made available via a secure and agreed process.

Formation adheres to the requirements of ISO 27001 and we would process the removal of user data in line with the current Data Protection Act and General Data Protection Regulation (GDPR).

Data transfer would be processed in line with the agreed contract terms. Additional costs to the client would only be incurred in circumstances whereby an unusual data transfer request was received beyond the agreed contract terms.

Using the service

Web browser interface
No
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Formation Management Studio (Desktop Service) is used to configure the environment, including the creation of bespoke forms. It is also used to view and interrogate completed form data.

Formation Mobile (Mobile Service) is used for data collection via an iOS or Android mobile device.
Service interface
No
API
Yes
What users can and can't do using the API
Accredited Partners and customers can take advantage of the Formation API to build an integrated solution that meets their requirements and incorporates existing IT systems. The Formation API uses a REST web service to provide a range of functions for integration.

Proprietary integrations into Database technology (SQL and MySQL), Document Management solutions and CRM/ERP also exist.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
User permissions is a custom feature within the software. This allows clients to create User Groups and determine which users have the ability to create bespoke forms within the software.

The solution is designed as a 'Zero Code' product allowing users access to customise and configure all elements inside the solution, depending on their permissions.

Forms can be created which are digital replicas of traditional paper based documents to enable digital data collection.

Users can also build custom workflows. This can include:

- generation of documents (multiple output designs for each data capture form)
- email notifications
- IT systems and database updates

Users are able to configure their own statuses based upon the type of information which is entered into the data capture form (i.e. rule based statuses).

Scaling

Independence of resources
Formation is a cloud-based solution built on a virtual environment with active resource management. This ensures sufficient resources are available to the servers at all times, including during peak usage.

Additionally, specific resource pools are assigned to each client to manage service demands.

Analytics

Service usage metrics
Yes
Metrics types
Management reporting and analysis is provided by SQL Reporting Services (SSRS). SSRS is a leading reporting platform provided by Microsoft, delivering a range of reporting functionality. This includes automated reports, subscription reporting, web portal and embedded application reporting.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported in a number of ways. This includes: csv; xml; JSON; txt; PDF; Word.

In addition, data can be automatically exported to any SQL or MySQL server whether this is in the Cloud or On Premise.

Full API suite is available for the export of data to any IT system.
Data export formats
  • CSV
  • Other
Other data export formats
  • API suite
  • JSON
  • Word
  • Xml
  • Txt
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • Xml
  • Extracts from any client database

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Formation is designed to be operational 24 hours a day, 7 days a week. Specific SLAs can be discussed and determined by the client. This would include arrangements for refunds in the event of any part of the service being unavailable for a given period of time which contravened one or more of the SLAs.
Approach to resilience
All data is held in UK data centres to a Tier 2 standard. Locations are ISO 27001 and PCI compliant. All data is replicated in real-time to our secondary data centre. Further information is available on request.
Outage reporting
Any outages or service disruptions will be communicated to clients via email. Details are published on the secure support portal (this is not a public facing portal).

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Managers can be assigned administrative privileges in the Formation Management Studio. They would be determined as Super Users with the ability to create forms, assign forms and create additional users. Additional privileges can also be determined to restrict access to individual forms and functions on the Formation Mobile application.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International
ISO/IEC 27001 accreditation date
17/01/2013
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Stroma complies with the requirements of ISO 27001. Our objectives and reporting structure is enshrined within our information security policy. This policy applies to all business functions within Stroma to include information systems, networks, the physical environment and people. A copy of our information security policy can be provided on request. Overall responsibility for information security rests with the Managing Director.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Any changes to the software are fully documented in release notes which communicated to all clients prior to any software updates. These are issued in line with the contract management and document control procedures set out in our ISO 9001-accredited Quality Management System.

An established and ITIL-aligned review process ensures the client’s needs and requirements are adequately understood, defined, and documented; that we have the capability and resources to meet the requirements and that they are met throughout the term of the contract. Records of the review are maintained. Changes and amendments are documented and communicated to all relevant staff.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our Incident Management Plan addresses disruptions to premises, ICT systems, data, staff and equipment, which is enshrined within our Quality Management System. This includes responsibilities and procedures when an incident poses a risk to continuous service delivery (based on comprehensive risk assessment). It helps the company recover quickly and effectively from an unforeseen disaster or emergency. It is reviewed on an annual basis.

Data is continuously replicated across multiple geographically dispersed data centres, resulting in a minimum recovery point objective of 10 seconds. Full backups are completed according to client requirements.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Protective Monitoring Processes are conducted in line with industry best practice along with physical threat protection on all servers and external services where tracking and logging of all connections and interactions takes place.

The data is held in a format that can be used to analyse access in an audit situation – users have access to this via the User Interface.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our Incident Management Plan addresses disruptions to premises, ICT systems, data, staff and equipment, which is enshrined within our Quality Management System. This includes responsibilities and procedures when an incident poses a risk to continuous service delivery (based on comprehensive risk assessment). It helps the company recover quickly and effectively from an unforeseen disaster or emergency. It is reviewed on an annual basis.

Data is continuously replicated across multiple geographically dispersed data centres, resulting in a minimum recovery point objective of 10 seconds. Full backups are completed according to client requirements.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£5 to £61 per user per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Formation is available to trial for 30 days, with use of the standard package for up to 10 users. It allows users to build up to 3 forms on Android, iOS or Desktop. A minor fee of £650 covers training and configuration.

Service documents

Return to top ↑