BGO SOFTWARE OOD

Metaforms

Web based software for data collection, building and publishing online forms. It includes also mobile devices access via a mobile app. Designed to transfer paper based forms to the web.

Features

  • online forms platform
  • online forms builder
  • pdf printing
  • business forms
  • real time reports
  • users and groups access management

Benefits

  • quickly create and publish online forms
  • assign and track forms progress
  • collect and analyze collected data
  • quickly migrate paper based forms to web

Pricing

£500 per instance per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

5 0 6 8 8 6 8 3 6 0 6 1 4 5 7

Contact

BGO SOFTWARE OOD

Ivan Lekushev

359888606559

ivan@bgosoftware.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints No. It doesn't.
System requirements
  • Microsoft Windows Server
  • 2 CPU cores, 8GB RAM
  • Client computers running a recent browser version

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Urgent tickets are resolved in 1 hour. Out of work hours and weekends support is available at extra cost.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing Screen magnifiers and screen readers.
Onsite support Yes, at extra cost
Support levels We provide 2 levels of support: Standard: Includes 24/7 tickets, working hours phone support, 20 hours per year free development and customization support for building reports and customizing the software. Gold: Dedicated account manager, dedicated cloud support engineer, 24/7 tickets, working hours phone support, 40 hours per year free development and customization support for building reports and customizing the software. 1 day reaction to start building customized reports and data extracts.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Online and onsite training. User manuals are downloadable from the system itself.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction The data is provided as a SQL Server database backup, and/or excel spreadsheets and csv files.
End-of-contract process Usually there is an exit plan strategy negotiated and provided at the beginning of the contract. That can vary depending on the customer needs. All the data belongs to the customer so the minimum is that the data is provided as a SQL Server backup file with a protocol of receipt at the end of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile devices are used for data collection. The forms designer tools are not available for mobile.
Service interface Yes
Description of service interface There is a web based admin console which allows the users to create forms, modify and maintain certain aspects of the platform.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing Screen magnification tools and screen readers.
API Yes
What users can and can't do using the API The service has an API which offers the full capabilities for storing and fetching data.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The buyers can order implementation of their forms as a service and also custom development of software extensions.

Scaling

Scaling
Independence of resources The service can be automatically scaled up by the underlying infrastructure.

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach All data is exportable in CSV format directly from web interface. Forms are printable also as PDF.
Data export formats
  • CSV
  • ODF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The guaranteed availability according to our SLA is 99.95% If there is less availability the customer is compensated by deducting the proportional amounts from the monthly bill.
Approach to resilience Our service runs on VMWare high availability clusters. Each node has two identical physical servers for redundancy. There is a SAN storage network with high availability power supply and RAID 10 arrays. At least two alternative network routes are used per node.
Outage reporting Email alerts and support tickets.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels User management, user roles and admin
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Ongoing ISO27001 and ISO9001 certifications

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes IEC 27001 and GDPR.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We follow ITIL practices.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Security patches are deployed in 2-3 hours after detection. There is quarterly security scan done by third party.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We schedule quarterly security scans and use the reports by our security assessment provider. High-impact patches are applied immediately.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach The incidents are stored in our internal system - JIRA and follow ITIL practices. They are escalated to the relevant team - network engineering, hardware or software development (R&D).

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £500 per instance per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial The full functionality is included for 10 days.

Service documents

Return to top ↑