Microports.Net t/as Folding Space

Folding Space DWLMS/RMM (Document Warehouse & Library Management with Requests Management Module)

Folding Space Document Warehouse & Library Management System (DWLMS) including Requests Management Module (RMM) is a web based application for physical record, box and file storage management, retrieval, scanning, electronic document presentation and destruction. DWLMS/RMM can be hosted locally at a client site, or offered as a managed hosting service.


  • Asset Management
  • Records Management
  • Box & File Management
  • Real-time Reporting
  • Comprehensive Auditing
  • Secure Document Access
  • Single Unified View
  • Web Application - Browser Access
  • Open Schema


  • Track all physcial assets in physical or virtual locations
  • Demonstrate 'duty of care' & 'chain of custody'
  • Audit every interaction with a record, including digital signatures
  • Secure document and record access with AD & LDAP integration
  • All barcode reader devices supported, including PDAs and wireless tablets
  • Configurable Record retention policies, including notifications and destructions
  • Integrated Request Management Module including reporting & inventory management
  • Workflow management for storage, returns, withdrawals, scanning, destruction & QA.
  • Administrative reporting suite including performance, capacity management and retention
  • In-built invoicing & statements module for managing rates and terms


£20 to £40 per user per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

4 7 4 0 4 2 5 0 6 8 7 6 8 6 2


Microports.Net t/as Folding Space

chris massey

0121 2368979


Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Folding Space have integrated DWLMS/RMM with: Documentum EDM, Kofax, McKesson PAS, Allscripts/ Oasis PAS, Lorenzo PAS, Orion Healthcare Rhapsody Integration Engine, SharePoint, Xerox X-PIM and Kofax.
Cloud deployment model
Private cloud
Service constraints
System requirements
  • Server running Windows 2008 R2 Upwards
  • Server should be IIS Enabled
  • Server should have a minimum of 8GB RAM
  • Server should have a quad core processor
  • Server should have My SQL Database
  • End User devices should have 2Ghz processer and 2GB RAM
  • End User devices require a modern web browser
  • Virtual or Physical Server

User support

Email or online ticketing support
Email or online ticketing
Support response times
As a Standard Operating Procedure, Folding Space provides its customers and/or partners with unlimited remote support
via the online Customer Support Portal and via fax, email & telephone to the Partner or Folding Space as appropriate
during standard UK office hours.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Folding Space Customers utilise our Support Portal for Technical Support, the portal is managed by our technical lead and available online (24 x 7).

Once logged and escalated all calls are reviewed, triaged, categorised and worked towards resolution in line with the agreed Service Level Agreement (SLA). Telephone and email support is also provided; typically during normal business hours with out-of-hours escalation relevant to the SLA threat/support level.

For response times, aligned with ITIL recommendations, we would work with the Customer to identify ‘business critical’ application processes (such as data entry or retrieval) and agree acceptable response times for these (excluding environment and network latency) which are then measured and analysed in quarterly service review meetings.

Where necessary any failure to comply with these measurements can then automatically invoke high priority support cases. For example; Priority 1 and 2 incidents - severe system disruptions - are typically measured by a one-hour response and four-hour resolution maximums.
Support available to third parties

Onboarding and offboarding

Getting started
Initial engagement includes mapping of the 'As-Is' processes and agreeing the 'To-Be'. Fixed fee final costs are submitted and a Project Plan is agreed. Folding Space take an Agile approach to project management. The risks & issues associated with the project flow from the weekly RAID teleconference. All implementations are run in accordance with Prince2 and milestones for quality control, and review, are managed during implementation.
An Agile approach to solution delivery requires a collaborative working relationship where iterative deliverables, user feedback and testing within an open and honest communications environment are an integral part of the process.
During the pre-Go Live phase, this iterative & collaborative process will be facilitated and supported by the provision of an online, secure & dedicated Customer Support Portal.
The Customer Portal is the customer facing half of our Company Communications & Support Portal which is also used internally by the technicians committed to the project and which is reviewed and authorised by our Technical and QA Management with escalation to the relevant Director.
Folding Space offer both onsite systems training for authorised System Administrators as well as ‘train the trainer’ for end user training. All training materials are provided in an editable form.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Upon contract cessation or a termination event, we would provide a machine readable copy of all data/metadata held in the DWMLS/RMM (e.g. CSV or XML). Folding Space will work with the Customer and agree an exit plan to ensure continuity of service. Upon request Folding Space will help to migrate data to a replacement supplier in line with the exit plan. Folding Space will ensure that the additional exit plan clearly sets out the methodology for achieving an orderly transition of services. The exit plan will set out full details of timescales, activities and roles and responsibilities of the Parties for: ● the transfer of any technical information, instructions, manuals and code reasonably required to enable a smooth migration ● the strategy for export of data and documents to replacement supplier, including conversion to open standards or other standards as required ● the transfer of Project Specific IPR items and other customisations, configurations and databases ● the testing and assurance strategy for exported data
End-of-contract process
The Customer is able to terminate the contract, after the minimum term (2 years) by giving notice to the Company within the first nine months of any year following the renewal anniversary; that is, within the nine months following the Annual Renewal which is every twelve months from the Commencement date. Termination will then occur in the twelfth month following the Renewal Anniversary. We would agree an exit plan to ensure the secure and safe export of the Customer’s data and co-operate in any migration support. Typically we would provide a machine-readable copy of all data/metadata held in the database (e.g. via CSV or XML).

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The DWLMS/RMM is completely web-services based for application access, delivered via URL and therefore, subject to local network configuration and exposure, access can be shared to mobile workers, via mobile and / or tablet devices in accordance with wider access policies. This may be via direct URL to open the firewall for web access to those mobile workers specifically or, more typically in our experience, the mobile workers make use of their own VPN connection to the network.

The DWLMS application can either be accessed via URL directly or through client-server connections such as Citrix or Terminal Services/Remote Desktop.
Service interface
What users can and can't do using the API
Folding Space DWLMS/RMM has a complete library of API, Invocation and Rendering Web Services available to ensure all manner of interfacing, integration and data exchange with other applications. And we have a philosophy of ‘open schema’ sharing of our database approach with our Customers so that customer IT can collaboratively access and utilise the database themselves.

Typically integrations fall into 3 categories: sharing data attributes; for example metadata or reference data held in 3rd party systems; sharing and linking entities between DWLMS/RMM and an external system; for example linking an electronic document held within an Electronic Document Management (EDM) system such as Sharepoint with the referenced physical file/barcode held within DWLMS; finally, the bi-directional invocation in context of DWLMS/RMM to or from a 3rd party system; for example when viewing a record for a file in DWLMS/RMM being able to click and view the electronic document held in EDM, or from a 3rd party CRM being able to invoke DWLMS/RMM in the context of a client to view an inventory. Folding Space has a long history of providing bespoke integrations with 3rd party applications which include SharePoint, Documentum, Xerox X-PIM and Kofax.
API documentation
API documentation formats
  • ODF
  • PDF
  • Other
API sandbox or test environment
Customisation available
Description of customisation
DWLMS/RMM metadata schema taxonomies can be customised and are unlimited and generated/managed per customer installation so you can have as many metadata (or nested or relational metadata) attributes as you wish (customer self-service).


Independence of resources
We provide a dedicated, (physical or virtual) server & storage cluster per customer rather than a multi-tenant cloud based service. This improves security, system management and offer guarantees in performance. Folding Space software is developed with industry standard, scalable, Microsoft.NET Framework and SQL database server technologies.
Extensive Performance and Load tests are performed to ensure that our systems are both resilient and scalable. C# is used to program WCF Web Services, ASP.NET websites, and rich HTML5 user interfaces.

DWLMS/RMM provides for horizontally scalable solutions which support multi-nodes at application and data levels for the highest levels of security and integrity.


Service usage metrics
Metrics types
The data-windfall from an DWLMS/RMM implementation falls into two areas: 'Audit Information' - MI on usage patterns, and 'Asset Management' statistics.

Authorised Users have the ability to export such data at will, to build their own data relationships and reports directly using BI tools such as SQL Reporting, Crystal Reports, QlikView and similar.

Optionally, Folding Space provide our DCV – Dashboards, Charting & Visualisation Toolset as a web service that enables real-time data reporting & presentation. Folding Space DCV enables easy, instant reporting across the organization with user permissions defining what they can (and cannot) see.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export data into .csv files directly from within the DWLMS.

DWLMS also provides the ability for users to search, filter & then export or print.

DWLMS system administration also enables the batch exporting of data.

Upon contract cessation or a termination event, we would provide a machine readable copy of all data/metadata held in the DWLMS Repository (e.g. CSV or XML).
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
CPA Foundation VPN Gateway
TLS (HTTPS or VPN) version 1.2 or later
Legacy SSL or TLS (HTTPS or VPN)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Managed Hosting Service Level Agreement: Network Connectivity will be 100% available, excluding maintenance. Data Centre will be 100% available including power and cooling, excluding maintenance. Hardware Problems with servers, firewalls, load-balancers, and switches will be fixed within 1 hour of fault diagnosis. Hardware problems with SAN equipment will be fixed within 4 hours of problem identification. High availability network devices will be 100% available. The DWLMS/RMM design approach includes a proposed multi-node load balanced environment at the application level with no single points of failure to meet the SLA's. Maintenance and upgrades are always planned and scheduled in partnership with the Customer and designed so as to avoid or minimise downtime. The multi-node load balanced approach enables individual application servers to be taken out of the load balancer for upgrades or maintenance on a staged basis.
Approach to resilience
Externally: independent penetration tests, security tests and performance tests have been successfully undertaken by customers such as HMCS (Her Majesty's Courts Service), House of Commons, Foreign and Commonwealth Office, IPSA (Independent Parliamentary Standards Authority), Scottish Parliament and the Welsh Assembly as well as various NHS Trusts and Local Authorities.

Internally: DWLMS automatically audits every user interaction including date/time, user, device and audit action type and audit action description.

Server-side: Customer data is securely stored within the DWLMS for use by the Customer alone.

Software maintenance of the DWLMS by Folding Space does not normally touch upon the data.

Updates/upgrades are planned and deployed to a test environment before going live.

We secure all data exchanges via HTTPS or SFTP. Our ‘thin’ client-side approach to data exchange means that data integrity and security is maximised as nothing is transferred from the secure server-side; it is merely accessed and viewed (i.e. not stored locally).
Outage reporting
The Folding Space Customer Support Portal includes a facility for automated alerts sent to the Customer and to internal designated staff responsible for resolving support issues. This Portal provides a complete environment for feedback & communications incorporating an incident logging, triage response and issue/fix monitoring service; effectively, a complete structured, threaded and audited case management & acceptance testing system. The Customer Support Portal is also used internally by the technicians committed to the project and which is reviewed and authorised by our Technical and QA Management with escalation to the relevant Director.

Identity and authentication

User authentication needed
User authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
DWLMS includes a Role Management facility which enables administrators to grant access rights, privileges and permissions for individual users and groups of users – roles and associated permissions can be defined and customised as desired .
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
QMS International Ltd
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Folding Space systems are designed, built, operated and tested by Prince2 and ITIL accredited practitioners to ISO 9000 and ISO 27001 quality assurance procedure standards. We are ISO 27001 certified.

DWLMS supports complete document & record management in compliance with all national standards & guidelines, including the NHS and HMRC and other similar UK standards like:
Cabinet Office: e-Government Metadata Standard
JISC Digital Media: Directory of Metadata Schemas and Related Standards (Higher Education)
The National Archives: Electronic Records Management Systems - Metadata Standard
Information security policies and processes
Folding Space ISMS Policy document available upon request.

An Information Asset Register (IAR) for logging and tracking the receipt and usage of 3rd Party Data is maintained by Folding Space. The National Archives IAR template has been extended and is used by Folding Space in recognition of the nature of the Folding Space business and the diversity of data received from various 3rd Parties (e.g. customers, partners.)
The Folding Space Compliance Manager is responsible for the creation, maintenance and monitoring of the Information Asset Register.

The intended recipient of any information asset supplied from outside the company is responsible for pre-receipt alerting and registering the asset with the Compliance Manager immediately upon receipt.

The Folding Space Technical Manager or Project & Support Manager (as appropriate at the time) are responsible for the secure access, deployment and storage of each information asset.

Information assets can only be accessed by individuals that have appropriate authorisation according to the classification of the information and their need to access for work purposes.

The Technical Manager or Project & Support Manager are responsible for the return or destruction of the information asset as determined by the Compliance Manager and in agreement the relevant Asset Owner.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All CCN's are logged in the Folding Space Customer Support Portal . An Account Manager ensures continued direct liaison and communications between all parties. We assign an accredited Prince2 Practitioner for the full project lifecycle and ongoing support, as well as assigning a Director of the company to undertake strategic and overall responsibility for the project. All these measures fully support the establishment and successful operation of an ITIL-aligned Change Request & Control process.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Risk management is aligned to ISO27001 and is driven from Board level. Regular vulnerability testing identifies potential threats, vulnerabilities and mitigates risks through appropriate controls to reduce the risks to people, information and infrastructure to an acceptable level. This process takes full account of relevant statutory obligations and protections, including the Data Protection Act, Freedom of Information Act, the Official Secrets Act, Equality Act and the Serious Organised Crime and Police Act.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Technical support is provided as per the agreed SLA. System and software support is provided via system health monitoring and in response to feedback received via the Support Portal. In an on-premise installation, remote diagnostics and operational technical remedial investigation/action is provided. In a Managed Hosted Service we monitor Firewall CPU, Memory, network interface utilisation, system disk usage, port status for Windows services and Ping monitoring and, if thresholds are exceeded, generate an automated support ticket. In addition, we also configure a URL monitoring check. Typically, penetration testing cycles are agreed with the Customer for the duration of the contract.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incidents are managed via the Customer Support Portal.
Once logged and escalated all calls are reviewed, triaged, categorised and worked towards resolution in line with the agreed SLA.
Folding Space agree acceptable response times for business critical application processes with the Customer, these are then measured and analysed in quarterly service review meetings. Any failure to comply with these measurements automatically invokes high priority support cases.

A management escalation procedure is also agreed to ensure that issues requiring direct management intervention are in place. Typically, this encompasses invocation of a chain of command, emergency and out of hours contact facilities.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£20 to £40 per user per month
Discount for educational organisations
Free trial available

Service documents

Return to top ↑