MatsSoft Limited

MatsSoft: MATS PaaS

MATS Low-code enables Agile, iterative development of digital services and applications with secure UK hosting and without coding. Configurable features include process, data, forms, rules, SLAs, reporting and automated communications via Email, Social Media and SMS. It's cost-effective, extremely fast and simple to use with eLearning or 2-day onboarding training.


  • Rapid application development platform based on leading British Low-code technology.
  • Drag-and-drop database, process, business rules, automation and case management design.
  • Create fully responsive, accessible interfaces and dashboards for any device.
  • Standard integrations with popular ERP CRM AI & Cloud applications.
  • Integrate with configurable APIs and extend platform with custom code.
  • Built on platform with 99.9% uptime SLA using container technology.
  • Secure UK AWS or private cloud hosting. Single or multitennant.
  • Bi-directional scaling including multi-server. Centralised application management and governance.
  • Build applications and share via MATS App Store and community.
  • Built-in communications adaptors for SMS, social, voice and bulk email.


  • Reduce dependency on critical IT development and consulting resources.
  • Overcome bottlenecks and create digital services with 5-10x less resources.
  • Reduce support load through standardized technology and application development.
  • Simplify application management with central control and modern container technology.
  • Start projects sooner with on-demand instance requests and minimal training.
  • Modernize app development using drag and drop, configurable components.
  • Build services faster using accelerator solutions with completely configurable features.
  • Improve citizen experience via automated multi-channel communications and self-service.
  • Get better insight with configurable real-time dashboards and reporting.
  • Remove outdated technology faster or extend core IT application life.


£20.00 per user per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10


MatsSoft Limited

Janice Rock

0330 363 0300

Service scope

Service scope
Service constraints We do not have any inherent service constraints.
System requirements
  • MATS is a modern web browser system.
  • MATS requires Chrome, Edge, IE11, Firefox and Safari.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We respond immediately with a ticket reference. Resolution is based on the priority of the request and aligned with the SLA provided to the customer.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels MatsSoft support is provided via our online portal & telephone. Support is typically included in the licencing model. Our sys-admin team monitor the health of all deployments 24/7 and react to automated alerts. Support is classified P1 -> P4 with the following resolution target times; 100% in 6 Working Hours, 100% in 2 Business Days, 100% in 10 Business Days & 100% in 18 Business Days.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started MATS has an accredited training program which may be provided on-site, at our Training Academy or alternatively via online sessions. We also provide Train the Trainer courses for solutions built on the platform which may be arranged on-site or at our Training Academy. Full user documentation is provided for the platform.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction At any point data can be extracted via API integration to another system or by file exports. Both are easily configured in the build area.
End-of-contract process Once we have received written notice of termination of the service, it will be scheduled for closure at the agreed date. We will work with you to ensure your data is extracted in the format you require.

Using the service

Using the service
Web browser interface Yes
Using the web interface The MATS platform has a native web architecture, designed to run in public or private hosting environments. The MATS Controller has a web interface, which provides a central console for initiating, managing and retiring MATS applications. The MATS application layer provides a single drag-and-drop web interface for building applications. Applications are designed and built by IT staff or citizen developers by configuring an extensive range of pre-built components. Web (or native mobile) interfaces are provided for internal users and citizens / service users along with dashboards and reporting where appropriate. All design aspects of these screens can be managed from the build area.
Web interface accessibility standard WCAG 2.0 AA or EN 301 549
Web interface accessibility testing This would typically be undertaken by clients.
What users can and can't do using the API The MATS platform has a Generic REST adaptor that allows you to configure a connection to any REST based resource. Should you find the configuration options don’t support a feature needed to utilise the resource in question then please inform us and we’ll attempt to add the feature to improve the generic adaptor.

In addition we have a number of adaptors created for specific solutions, they are listed here:

Finally API endpoints can be exposed using REST or SOAP. This allows you to configure endpoints and methods that third parties can consume to pull & push data or trigger events/actions
API automation tools Other
API documentation Yes
API documentation formats PDF
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources MATS instances run on dedicated virtual instances using AWS, Azure or Google Compute cloud hosting providers. Where co-location or on-premise hosting has been requested a resilient architecture with duel data centres will typically be implemented.
Usage notifications Yes
Usage reporting Other


Infrastructure or application metrics Yes
Metrics types
  • Number of active instances
  • Other
Other metrics
  • Pages per minute
  • User logins
  • Records created per minute
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • The platform user can backup platform/application configuration.
  • MatsSoft are responsible for backing up the application data.
Backup controls Backups performed by the user cannot be scheduled and the contents cannot be configured.
Datacentre setup
  • Multiple datacentres
  • Single datacentre with multiple copies
Scheduling backups Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability MATS has an agreed Service Availability of 99.95%, 24/7. Service credits can be discussed as part of your contract.
Approach to resilience For hosted environments, disaster recovery is built in via a secondary failover environment. For on-premise, you would be responsible for providing the failover environment.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels MATS has a range of security controls to ensure the security requirements will be met. These include built in Role Management, Security Policy, Login Control, Object Permissions and Interface Permissions.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials.

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials
Information security policies and processes Based on the requirements of Cyber Essentials and ISO27001, we have the following policies in place:
Acceptable Usage Policy
Audit Policy
Backup Policy
Change Management Policy
Corporate Information Security Policy
Data Classification & Handling Policy
Data Destruction Policy
Development Standard Policy
Encryption Policy
Exceptions Policy
Firewall Policy
Forensic Readiness Policy

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Where there are minor or major releases to the platform, each application or instance contains a versioning audit trail and an ability to update to the latest versions. Release notes are included to allow impact analysis of updates. Major revisions to the platform are pen tested by independent testers and evidence and results can be provided on request.
Vulnerability management type Supplier-defined controls
Vulnerability management approach As part of the Business Continuity Plan (BCP), a Business Impact Analysis (BIA) is completed along with a Risk Analysis. This establishes the threats and provides a route to mitigate against those threats. Once a notice has been received by our technical team of a patch release, which could arrive from multiple sources, it is prioritised and the patch(es) made during a period of in-activity, out of hours.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Integrit monitors servers for file-system changes and alerts the MatsSoft systems team when files change unexpectedly. It is a reactive system. Integrit is set-up on each individual machine. Monitoring for integrit is part of our Nagios configuration.
Incident management type Supplier-defined controls
Incident management approach Any security incidents are captured within the MatsSoft Information Security Management System (ISMS). The customer nominated contact is informed. Users may report incidents via our Support portal.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider AWS
How shared infrastructure is kept separate Customers are separated by VPC networks and security group controls.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £20.00 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial MatsSoft offers trial versions of the MATS software either as blank instances with builder support or with accelerator content already included. We term this service the 'MATS Innovation Lab' and it provides prototyping and proof of concept services free of user license costs. Please ask us for more information.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑