GDPR compliant Smart Forms SaaS that lets people setup surveys, events, polls, tests and custom secure data collection by building forms from their browser. Remove paper and legacy uncontrolled data collection methods.Move your manual processes online with zero programming. Secure data workflow, file uploads, signatures, payments, emailer & reporting.
- Software as a Service & Utility charged
- Used by anyone with word processing or spreadsheet type skills
- Data collected can be DIY archived, downloaded or deleted
- GDPR Compliant Data Collection
- Place your data in your chosen Cloud geography
- ISO27001 & ISO27018 compliant for In Confidence Data collection
- Transparent Data Encryption at rest using AES) & Hashing
- Removes uncontrolled data footprints e.g. email & Office Documents
- Data reporting and exportable into business intelligence tools
- Works across all browsers and devices, mobile, PC, Mac, Tablet
- Works on any device, mobile, tablet, PC, Mac
- Control data footprints e.g. data held in email
- Enables your Privacy Markings for GDPR
- Dashboard on Data Ageing for GDPR
- GDPR Forms based workflow approval with dashboard approval status
- Encrypted data at rest and in transit
- Data Protection (Data Processor) tagging for GDPR
- Data always Classified & Owned by Customer for GDPR
- Data offload at anytime for GDPR compliance
- Collect data easily and securely from any device anywhere
£100 to £500 per user per year
- Education pricing available
Smart Forms Team
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Our SaaS Software can be served from our Cloud or installed on your Private Cloud or your Public Cloud on or off your premises anywhere globally.|
|Cloud deployment model||Hybrid cloud|
|Service constraints||We also support Single Sign On. SSO is fully supported but depends on further integration works with each customers individual triple AAA model (Authentication , Authorisation & Accounting).|
|System requirements||Any browser as a client|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Ticket acknowledgment is under an hour
Ticked investigation is within one hour
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Free support (not usability or training) is provided via email and then telephone contact with online screen sharing tools e.g. Skype (or similar acceptable) Screen Share.
Support timeframe options are : 9 a.m to 5p.m. (UK GMT) as standard
A TAM ( technical account manager) is provided for organisations of 10,000 user or more (chargeable option).
|Support available to third parties||No|
Onboarding and offboarding
|Getting started||Example Smart Forms and pre-provided free templates are provided along with support videos.|
|End-of-contract data extraction||
Our customers can download all their data at any time during their contract on day 1 or last day.
The system has a download data facility which also deletes any data on our service securely.
|End-of-contract process||On contract end or termination the customer can DIY extract all their data to process as required or to enable simple DIY moving to another provider.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
The service fully mobile responsive for users accessing any Smart Forms built by the service.
The authoring of the Smart Forms is desktop based via a browser.
|Accessibility standards||WCAG 2.0 AA or EN 301 549|
|Accessibility testing||UI testing with focus groups.|
|Description of customisation||Custom Forms can be designed by our bureau service based on a customers statement of works and our day rate development service.|
|Independence of resources||We can instantiate a dedicated instance on private or public cloud where required.|
|Service usage metrics||Yes|
|Metrics types||Auto created reporting & auto created graphing on usage.|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Data is downloadable at any time via our export facility into CSV or XLS Spreadsheet format.
Images are downloaded as the original.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||Txt|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||99.95% SLA with Service Credits provision for any service loss.|
|Approach to resilience||Available on request.|
|Outage reporting||Email as we need to assimilate if it's third party influenced e.g. an Internet failure|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
Only authorised individuals are provided with support account access.
Account viewing for troubleshooting is provided to our support staff without revealing customers passwords.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||Less than 1 month|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Less than 1 month|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
We operate an independent security function (a person's role) to ensure separation from production to negate "checking our own homework".
We also operate a "Chaos Monkey" to ensure that security is tested, again, with independence from our day to day operational functions.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||We follow a Change Control process based on IBM's TSO Change Control System. This cements our Dev into Ops process that became forgotten when Cloud was born.|
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||We apply the latest patches based on first testing new patches in our testing Cloud (Pre-Production/Staging) Infrastructure environment, with corresponding equivalent configuration/roles of the Production Environment VMs.|
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||
We employ an automated based protective monitoring service.
Potential compromises are advised to the account holders nominated email.
Incident response conforms to Data Protection & GDPR advisory and escalatory policies.
|Incident management type||Undisclosed|
|Incident management approach||
Our pre-defined processes for common events are available to customers.
Users report incidents via their provided account management contact.
Incident reports are provided on demand.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£100 to £500 per user per year|
|Discount for educational organisations||Yes|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Terms and conditions document||View uploaded document|