BGO SOFTWARE OOD

Metaforms

Web based software for data collection, building and publishing online forms. It includes also mobile devices access via a mobile app. Designed to transfer paper based forms to the web.

Features

  • online forms platform
  • online forms builder
  • pdf printing
  • business forms
  • real time reports
  • users and groups access management

Benefits

  • quickly create and publish online forms
  • assign and track forms progress
  • collect and analyze collected data
  • quickly migrate paper based forms to web

Pricing

£500 per instance per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

5 0 6 8 8 6 8 3 6 0 6 1 4 5 7

Contact

BGO SOFTWARE OOD

Ivan Lekushev

359888606559

ivan@bgosoftware.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
No. It doesn't.
System requirements
  • Microsoft Windows Server
  • 2 CPU cores, 8GB RAM
  • Client computers running a recent browser version

User support

Email or online ticketing support
Email or online ticketing
Support response times
Urgent tickets are resolved in 1 hour. Out of work hours and weekends support is available at extra cost.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Screen magnifiers and screen readers.
Onsite support
Yes, at extra cost
Support levels
We provide 2 levels of support: Standard: Includes 24/7 tickets, working hours phone support, 20 hours per year free development and customization support for building reports and customizing the software. Gold: Dedicated account manager, dedicated cloud support engineer, 24/7 tickets, working hours phone support, 40 hours per year free development and customization support for building reports and customizing the software. 1 day reaction to start building customized reports and data extracts.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Online and onsite training. User manuals are downloadable from the system itself.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The data is provided as a SQL Server database backup, and/or excel spreadsheets and csv files.
End-of-contract process
Usually there is an exit plan strategy negotiated and provided at the beginning of the contract. That can vary depending on the customer needs. All the data belongs to the customer so the minimum is that the data is provided as a SQL Server backup file with a protocol of receipt at the end of the contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The mobile devices are used for data collection. The forms designer tools are not available for mobile.
Service interface
Yes
Description of service interface
There is a web based admin console which allows the users to create forms, modify and maintain certain aspects of the platform.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Screen magnification tools and screen readers.
API
Yes
What users can and can't do using the API
The service has an API which offers the full capabilities for storing and fetching data.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The buyers can order implementation of their forms as a service and also custom development of software extensions.

Scaling

Independence of resources
The service can be automatically scaled up by the underlying infrastructure.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
All data is exportable in CSV format directly from web interface. Forms are printable also as PDF.
Data export formats
  • CSV
  • ODF
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The guaranteed availability according to our SLA is 99.95% If there is less availability the customer is compensated by deducting the proportional amounts from the monthly bill.
Approach to resilience
Our service runs on VMWare high availability clusters. Each node has two identical physical servers for redundancy. There is a SAN storage network with high availability power supply and RAID 10 arrays. At least two alternative network routes are used per node.
Outage reporting
Email alerts and support tickets.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
User management, user roles and admin
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Ongoing ISO27001 and ISO9001 certifications

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
IEC 27001 and GDPR.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow ITIL practices.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Security patches are deployed in 2-3 hours after detection. There is quarterly security scan done by third party.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We schedule quarterly security scans and use the reports by our security assessment provider. High-impact patches are applied immediately.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
The incidents are stored in our internal system - JIRA and follow ITIL practices. They are escalated to the relevant team - network engineering, hardware or software development (R&D).

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£500 per instance per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
The full functionality is included for 10 days.

Service documents

Return to top ↑