AFTER PREMISE LTD

APDocs Documentation Management

APDocs document management platform is perfect for the collation and management of project documentation. Turn the collation of documentation into streamlined, automated submission and review processes. Already available with pre-defined document templates for Health & Safety File and O&M collation including integration with Smartsheets and BIM Models.

Features

  • Electronic Health and Safety file and O&M manual collation
  • Track and manage compliance and key certification documents
  • Flexible file formats: PDF, Office 365, Video, Image, BIM, CAD
  • Consistent project and documentation delivery workflows across projects
  • Template driven document structures and review workflows
  • Web enabled software to provide access across multiple device types
  • Multiple security levels ensure access to sensitive documents is controlled
  • Tracking of documentation deliverables against plan
  • Integration with Smartsheets and BIM Models
  • Documents are fully searchable for improved visibility of building components

Benefits

  • Define standard structures and workflows across projects
  • Remote user access through a secure user authorisation portal
  • Pre-defined filing structures and document standards provide clarity of requirements
  • Deliver better quality handover documents in less time
  • Virtual document controller increases management effectiveness
  • Real-time reporting dashboards provide accurate progress reporting against plan
  • Fully managed service allowing you to concentrate on outcomes
  • Benefit from AWS security model. Highly resilient and highly available
  • Tracks expiry dates on compliance documentation to facilitate re-certification
  • No user licences - access for contractors and sub-contractors

Pricing

£850 a unit a year

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 12

Service ID

4 2 4 4 7 1 4 7 1 4 3 4 3 6 1

Contact

AFTER PREMISE LTD Lesley Vanbeck
Telephone: 07468 565469
Email: gcloud@afterpremise.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
APDocs is a completely serverless application that runs on the AWS Cloud. You need only an internet connection and a browser to use our service. There is browser support for Safari, Firefox, Chrome, Edge. The service is available 24x7x365 and planned maintenance access restrictions are rare. Documents are loaded to cloud storage so client should ensure that their internet connections have sufficient capacity to manage the transfer of their documents, particularly where large files are being stored.
System requirements
  • There are no specific licence requirements for system users.
  • One of the following browsers: Safari, Firefox, Chrome or Edge
  • Existing Smartsheet licences to use the Smartsheet integration
  • Existing BIM Modelling software to use the BIM model integration

User support

Email or online ticketing support
Email or online ticketing
Support response times
Email support during normal business hours, 09:00-17:00 Mon-Fri. APDocs has a unique logging system built in that aims to provide a more proactive, rather than ticket-based support service. Any error message, e.g. read, update or login attempt, is automatically routed to the support email. The support team see errors in real time giving a quicker response. Extended support can be provided and pricing will be based on requirements using the SFIA rate card.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Each account will be allocated a key support contact who will be responsible for provision of all support to the client. Onsite support can be supplied at the appropriate rate as quoted in the SFIA framework for this service depending on the support requirement. Fees and support will be agreed with the account lead once support requirements are defined. There is also a dedicated support email: team@afterpremise.com
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Each form on the APDocs solution has specific help text. We provide onsite training based on the client's final template & workflow selection. Courses are the structured around roles and responsibilities: content providers, content reviewers, administrators.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
APDocs is designed to physically file documents to match your selected data structure. It is, therefore, possible to copy your files to a local datastore in an understandable format.
End-of-contract process
Free file structure copy to your local file store. We can extract all your history from our Blockchain but this will be at additional cost. In order to do this will employ the 'Solution configuration and implementation' resource as per our rate card. The work will be regarded as Professional Service as seen in our pricing document.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service is a web application that has been designed to be fully responsive for mobile devices. All forms are built around the responsive Twitter bootstrap.
Service interface
No
API
Yes
What users can and can't do using the API
APDocs is entirely API driven. All our forms receive and send data using open API POST calls. Users will require a set of API keys and a Cognito authentication token.
API documentation
No
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The service is template driven both in terms of manual structure and workflows. New templates can be developed for buyers. Functionality amendments will be discussed with buyers for inclusion in either their own specific service configuration or for inclusion in the overall product as open source amendments. In this case the enhancements will be developed at reduced SFIA rates.

Scaling

Independence of resources
APDocs runs as a serverless solution. Every access to APDocs triggers an AWS Lambda process that reads and writes data for you. AWS Lambda is designed to readily scale allowing for massive parallel processing.

Analytics

Service usage metrics
Yes
Metrics types
APDocs is used on a consumption model. You can track how many or how much of each consumption category you have used at and point. These are amount used of purchased storage, document upload processing and document read processing.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Never
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
AWS adheres to independently validated privacy, data protection, security protections and control processes. (Listed under “certifications”).
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
We recommend a free solution called Cloudberry to download from your project repository. We issue you with limited life Amazon AWS access keys to enable a secure connection.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF *data would be exported in the original submission format
  • XLSX
  • CAD(DWG)
  • DOCX
  • BIM(IFC)
  • JPG
  • MP4
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • PDF
  • XLSX
  • CAD(DWG)
  • DOCX
  • BIM(IFC)
  • JPG
  • MP4
  • BIM Model - IFC

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
We also use the AWS Web application Firewall (WAF) which helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives control over which traffic to allow or block to web applications by defining customizable web security rules.
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
AWS currently provides SLAs for several services. Due to the rapidly evolving nature of AWS’s product offerings, SLAs are best reviewed directly on the AWS website via the link below: https://aws.amazon.com/legal/service-level-agreements/
Approach to resilience
The AWS Business Continuity plan details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximizing the effectiveness of the recovery and reconstitution efforts and minimizing system outage time due to errors and omissions.

AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.

Customers are responsible for implementing contingency planning, training and testing for their systems hosted on AWS. AWS provides customers with the capability to implement a robust continuity plan, including the utilization of frequent server instance back-ups, data redundancy replication, and the flexibility to place instances and store data within multiple geographic regions across multiple Availability Zones.
Outage reporting
Public dashboard; personalised dashboard with API and events; configurable alerting (email / SMS / messaging).

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
APDocs follows the AWS shared responsibility model. Users first have to login to obtain an access token. We use AWS Cognito. All APDocs forms require this token. At the API level we test check for this token and, additionally, a client specific API key. Next we check what APDocs knows about this user and the form being used. We verify that do we know this user on the specific project they are trying to access. Once here the user's role and security level are then tested to see if any further data restrictions are necessary.
Access restrictions in management interfaces and support channels
APDocs uses a role-based and security-level based matrix. All management interfaces test for management roles. Document access levels are : open, restricted, secure and secret. Additionally, each stage of the workflow has the concept of a team. For example, you might have a reviewer role, but, for this document at this stage of the workflow you are not on the team. Following the AWS security model, in this case, your access would degrade to read-only. It is possible to set your system up to expressly require end-users/read-only users to be on the team even to read.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Username or password
  • Other
Description of management access authentication
Management access follows the same model as user access. It is possible to give a management role but still restrict which documents can be accessed.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
After Premise builds applications based on the security by design principle. Our in-house governance process ensures that all aspects of the solution use the available AWS security features for each of the application elements thereby both security of the cloud and security in the cloud.
Information security policies and processes
After Premise is a small company and responsibility for the security policies lies with the two directors. All implementations are reviewed by the directors to ensure that our principle of security by design has been followed.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have separate AWS accounts for development, staging and production. Changes are promoted from our MS Team Development portal and allocated a unique change id. All source code is held on AWS Code Commit.
The development cycle is test driven. Only once every test has passed the code branch is it then merged back into our master branch to have a solution test set run in our staging area. We use AWS CodeDeploy which helps maximize our application availability during the software deployment process. Software deployments can easily be stopped and rolled back if there are errors.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
AWS Security performs vulnerability scans on the host operating system, web applications, and databases in the AWS environment. Approved 3rd party vendors conduct external assessments (minimum frequency: quarterly). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.

AWS Security monitors newsfeeds/vendor sites for patches and receives customer intelligence via http://aws.amazon.com/security/vulnerability-reporting/.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
AWS deploys (pan-environmental) monitoring devices to collect information on unauthorized intrusion attempts, usage abuse, and network/application bandwidth-usage. Devices monitor:

• Port scanning attacks
• Usage (CPU, processes, disk utilization, swap rates, software-error generated losses)
• Application metrics
• Unauthorized connection attempts

Near real-time alerts flag incidents, based on AWS Service/Security Team- set thresholds.

Requests to AWS KMS are logged and visible via our account’s AWS CloudTrail Amazon S3 bucket. Logs provide request information, under which CMK, and identify the AWS resource protected through the CMK use.
Incident management type
Supplier-defined controls
Incident management approach
Changes to AWS services and features follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is via explicit access system requests, subject to owner review and authorisation.

Teams set bespoke change management standards per service, underpinned by standard AWS guidelines.

All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), final approval by authorised party.

Emergency changes follow AWS incident response procedures. Exceptions to change management processes are documented and escalated to AWS management.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£850 a unit a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Our trial allows for one project to be configured for 10 users, using up to 10GB of storage to load up to 100 documents over three months. This requires configuration and setup of users. Buyers are encouraged to contact gcloud@afterpremise.com to discuss requirements and agree the templates to be used.

Service documents