MatsSoft: MATS SaaS

MATS Low-code lets you develop your own digital services and applications with 5-10x less resource. MATS gives you a custom fit with all the digital features and communications you need but is more cost-effective than off-the-shelf solutions. It's extremely fast and simple to use with eLearning or 3-day onboarding training.


  • British Low-code technology built and supported in the UK.
  • Configurable business rules, database and process design for digital services.
  • Configurable mobile and web interface design with branding features.
  • Standard integrations with popular ERP CRM AI & Cloud applications.
  • Scalable, secure and resilient Cloud or Private Cloud hosting options.
  • Configurable realtime dashboards and reporting highlight bottlenecks and service insights.
  • Configurable database, process, business rules, automation and case management design.
  • Built-in communications adaptors for SMS, Social Media and bulk email.
  • Template accelerators with pre-built functionality available which can be customised.
  • Rapid onboarding with eLearning or 3 day essentials training course.


  • Build digital services faster using template accelerators and prebuilt components.
  • Increase capacity using non-IT staff as Low-code citizen developers.
  • Build cost effective solutions which fit better than point products.
  • Digitally transform services and add mobile capability faster.
  • Avoid lengthy overruns and spiralling costs with proven Low-code approach.
  • Reduce per-seat application costs with custom, multichannel systems of engagement.
  • Improve citizen experience via automated multi-channel communications and self-service.
  • Simplify IT using standard technology for citizen and operational services.
  • Collaborate and share applications via MATS Community and App Share.
  • Create better services with access to comprehensive digital capabilities.


£20.00 per user per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

4 8 0 3 4 2 3 9 0 7 1 6 2 4 7



Janice Rock

0330 363 0300

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints We do not have any inherent service constraints.
System requirements
  • MATS is a modern web browser system.
  • MATS requires Chrome, Edge, IE11, Firefox and Safari.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Target response times are subject to the contracted level of Netcall SolutionCare: Standard - Target 90 minutes initial response Comprehensive - Target 90 minutes initial response
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels MatsSoft support is provided via our online portal & telephone. Support is typically included in the licencing model. Our sys-admin team monitor the health of all deployments 24/7 and react to automated alerts. Support is classified P1 -> P4 with the following resolution target times; 100% in 6 Working Hours, 100% in 2 Business Days, 100% in 10 Business Days & 100% in 18 Business Days.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started MATS has an accredited training program which may be provided on-site, at our Training Academy or alternatively via online sessions. We also provide Train the Trainer courses for solutions built on the platform which may be arranged on-site or at our Training Academy. Full user documentation is provided for the platform.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction At any point data can be extracted via API integration to another system or by file exports. Both are easily configured in the build area.
End-of-contract process Once we have received written notice of termination the service, it will be scheduled for closure at the agreed date. We will work with you to ensure your data is extracted in the format you require.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The MATS platform has been designed to work equally well when used on both desktop and mobile devices. Application interfaces are fully responsive. Whilst applications must be designed and built using a desktop device, the vast majority of user interfaces components will work equally well on either. Some features are designed to take advantage of the large screen sizes of a desktop device while some features require access to native mobile functionality so are only available on mobile. MATS applications can be used via a web interface or a native app including offline capability.
Service interface No
What users can and can't do using the API The MATS platform has a Generic REST adaptor that allows you to configure a connection to any REST based resource. Should you find the configuration options don’t support a feature needed to utilise the resource in question then please inform us and we’ll attempt to add the feature to improve the generic adaptor.

In addition we have a number of adaptors created for specific solutions, they are listed here:

Finally API endpoints can be exposed using REST or SOAP. This allows you to configure endpoints and methods that third parties can consume to pull & push data or trigger events/actions.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation All aspects of MATS can be customised by users with build access.


Independence of resources MATS instances run on dedicated virtual instances using AWS, Azure or Google Compute cloud hosting providers. Where co-location or on-premise hosting has been requested a resilient architecture with duel data centres will typically be implemented.


Service usage metrics Yes
Metrics types Number of active instances
Pages per minute
User logins
Records created per minute
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can export their data from a MATS solution via CSV, API or ODBC connection.
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability MATS has an agreed Service Availability of 99.5%, 24/7. Service credits can be discussed as part of your contract.
Approach to resilience For hosted environments, disaster recovery is built in via a secondary failover environment. For on-premise, you would be responsible for providing the failover environment.
Outage reporting Email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels MATS has a range of security controls to ensure the security requirements will be met. These include built in Role management, Security Policy, Login Control, Object permissions and Interface permissions.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials.

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials
Information security policies and processes Based on the requirements of Cyber Essentials and ISO27001, we have the following policies in place:
Acceptable Usage Policy
Audit Policy
Backup Policy
Change Management Policy
Corporate Information Security Policy
Data Classification & Handling Policy
Data Destruction Policy
Development Standard Policy
Encryption Policy
Exceptions Policy
Firewall Policy
Forensic Readiness Policy
Incident Handling Policy
Monitoring & Logging Policy
Network Architecture Policy
Patching Policy
Physical Security Policy
Protective Monitoring Policy (requires checking)
Remote Access Policy
Secure Build Policy
Security Awareness and Training Policy
Starters and Leavers Policy
Wireless Access policy
Password Policy

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Where there are minor or major releases to the platform, each application or instance contains a versioning audit trail and an ability to update to the latest versions. Release notes are included to allow impact analysis of updates.

Major revisions to the platform are pen tested by independent testers and evidence and results can be provided on request.
Vulnerability management type Supplier-defined controls
Vulnerability management approach As part of the Business Continuity Plan (BCP), a Business Impact Analysis (BIA) is completed along with a Risk Analysis. This establishes the threats and provides a route to mitigate against those threats.

Once a notice has been received by our technical team of a patch release, which could arrive from multiple sources, it’s prioritised and the patch(es) made during a period of in-activity, out of hours.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Integrit monitors servers for file-system changes and alerts the MatsSoft systems team when files change unexpectedly. It is a reactive system.
Incident management type Supplier-defined controls
Incident management approach Any security incidents are captured within the MatsSoft Information Security Management System (ISMS). The customer nominated contact is informed.

Users may report incidents via our Support portal.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £20.00 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial MatsSoft offers trial versions of the MATS software either as blank instances with builder support or with accelerator content already included. We term this service the 'MATS Innovation Lab' and it provides prototyping and proof of concept services free of user license costs. Please ask us for more information.

Service documents

Return to top ↑