Capita Business Services Limited

Capita One Digital Licensing Forms Package

This is a package of predefined, self-service, licensing forms covering a wide variety of services commonly required. The intuitive and flexible forms solution enables the digital capture and processing of data. Using the One Digital Contact Manager, the solution provides a single view of customer engagement.


  • A package of 17 common licensing forms.
  • Contact management with document upload and viewer for uploaded attachments.
  • Automated document production and messaging services (SMS, email, etc).
  • Sophisticated workflow, enabling task automation and configuration of business logic.
  • Comprehensive form sections and dynamic questions.
  • Seeding of answers between forms, providing pre-population of data.
  • Management information, dashboards and reporting.
  • Single view contact management with an assisted digital function.
  • Integrated with the One Digital Portal solution.
  • Full integration to Capita’s One Digital Portal solution (sold separately).


  • Reduce operating cost; powerful automation and configuration of workflow processes.
  • Quick return on investment; rapid, simple form and process creation.
  • Highly secure; penetration tested and designed to secure data appropriately.
  • Quick deployment with predefined forms.
  • Deliver with agility; simply create, build and adjust forms/ workflow.
  • Reduced infrastructure costs; fully hosted solution, with upgrades and patching.
  • Improve customer experience; forms pre-populated; video and webchat capability.
  • Create single views of digital engagement with integrated contact management.
  • Increase take-up; workflow creates accounts in One Digital Portal.
  • Increase accessibility; mobile responsive and device agnostic; HTML5/ Bootstrap framework.


£3364 per unit per year

Service documents

G-Cloud 10


Capita Business Services Limited

Capita Business Services Ltd


Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to The One Digital Licensing Forms package operates with the One Digital Portal and One Forms and Contact Manager solutions also available via G-Cloud 10.
Cloud deployment model Private cloud
Service constraints One Digital Forms (public facing) shall provide at least 99.5% availability during scheduled operating hours, defined as 24 hours a day, 365 days a year, excluding scheduled downtime. One Digital Contact Manager (internal facing) shall provide at least 99.0% availability during office hours, defined as 08:00 – 18:00 Monday-Friday, excluding English public holidays and scheduled downtime.

Scheduled downtime covers tasks including, but not limited to, new releases (software upgrades) and server patching. In cases of unscheduled downtime for emergency changes, we will endeavour, but cannot guarantee, to complete work outside normal office hours (09:00 – 17:30 Monday to Friday).
System requirements Establishment of a VPN connection to the Capita SaaS platform

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times apply Monday to Friday, 08:00 – 18:00.
High Severity (must be logged by telephone): day-to-day work cannot be continued or assistance needed to meet business-critical deadlines. We aim to respond within 1 working hour and, whenever possible, provide a solution/ advise how quickly a solution will be available.
Medium Severity: day-to-day work can be continued, but there is still a requirement for a speedy resolution. We aim to respond within 4 working hours.
Low Severity: day-to-day work can be continued but the problem is minor. We aim to respond within 2 working days.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support desk requests are logged on a call tracking system and dealt with in priority and severity order. The support desk is operated Monday to Friday, 08:00 – 18:00. Requests are logged online, by email or by telephone.

High Severity: day-to-day work cannot be continued, or assistance needed to meet business-critical deadlines. We aim to respond within 1 working hour.
Resolution: continuous monitoring and customer updating until the fault is resolved, which we aim to be within 4 working hours.

Medium Severity: day-to-day work can be continued, but there is still a requirement for a speedy resolution. We aim to respond within 4 working hours.
Resolution: whenever possible, a solution will be given or we will advise how quickly a solution will be available, within 8 working hours.

Low Severity: day-to-day work can be continued and the problem is minor. We aim to respond within 2 working days.
Resolution: whenever possible, a solution will be given or we will advise how quickly a solution will be available, within 5 working days.

A Technical Account Manager is available under the standard escalation procedure within our Service Charter.

The cost of on-site support consultancy is detailed in the pricing document.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Onboarding to One Digital Licensing Forms and Contact Manager can be a very swift process and delivered within any reasonable timescale, varying accordingly to project dependencies and deliverables. Once requirements have been analysed and configuration of the required forms and workflow has been completed, on-site training will be delivered, supported by a comprehensive set of user documentation. This documentation is updated in line with each release of the software and is provided in PDF format. All user acceptance testing (UAT) will be carried out in the One Digital pre-production environment. Completing UAT will be undertaken by customer employees while feeding back any reported issues and having a regular dialogue with our teams to prioritise such issues and plan for resolutions. The UAT stage will include a nominated contact within Capita for reporting any such issues. Once the UAT stage has been completed within the pre-production environment and the solution has been signed off, deployment to the production environment will commence, along with Go Live activities.
To support the onboarding process, Capita can provide a range of services, including Project Management, Business Analysis, Technical Consultancy and Business/ Training Consultancy.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The data extraction format may be via standard methods, such as CSV, SQL database extract or XML. At the end of the Contract, Capita and the buyer will determine the most appropriate method of data extraction, depending upon the buyer’s specific requirements and availability.
End-of-contract process At the end of the Contract, Capita and the buyer will determine the most appropriate method of data extraction depending upon the buyer’s specific requirements and availability. This process will be fully scoped and project managed with Capita’s technical employees. Any cost associated with End of Contract activity will be provided as scoped.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service One Digital Licensing Forms provides a fully mobile-responsive user interface which renders appropriately to the screen size of the device being used. The solution can therefore be utilised on a mobile device just as it would on a desktop. We recognise that mobile browsing is now becoming the dominant method for accessing the web and our platform supports this fully. No special configuration or styling is required. HTML5 and the Bootstrap framework are utilised to enable this device-agnostic user interface.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Accessibility is considered at every stage of design and development of the One Digital platform. Our solution meets the current requirements of the WCAG 2.0 guidance to AA standard and we regularly test all the One Digital components to ensure this standard is maintained as new features are added to the solution. We believe our platform is accessible to those with differing needs and it supports assistive technologies, such as screen readers used by those with sight problems.

One Digital meets the requirements for compliance to the following standards:
- WCAG 2.0 guidance to AA standard
- British Standard 8878:2010 – Web Accessibility – Code of Practice
- ISO 9241 Ergonomics of Human-System Interaction.
What users can and can't do using the API Web services available as part of the One Digital platform are, where appropriate, embedded within One Digital Forms, utilising the powerful Workflow component. They are utilised to either retrieve information from back office One Digital systems, to assist the citizen in completing their application or to update the back office systems on successful submission of a form.

These web services can be provided in isolation and integrated with alternative, third party solutions.

Further information on the content of the API and how it is implemented is available on request.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Branding and styling the One Digital Licensing Forms does not require any development expertise. Form themes can be created and configured allowing customisation of the colour scheme (buttons, text colour, font size, etc) and logos.

Users with the appropriate permissions can create and then customise the forms to meet their local requirements. This includes adding or amending introductory text and form hints, updating existing questions, adding new questions and updating qualifying criteria. Where relevant, all such updates are made within the boundaries necessary for a successful submission and for back office integration.

All form customisation is undertaken within the username and password protected One Digital System Administration Module.


Independence of resources Within our hosted environment, we have deployed HA Proxy load balancers to provide horizontal scalability across our multi-tenanted services. This allows us to add capacity as new customers come onboard very easily. In addition, we have the option to allocate dedicated resources for individual implementations where necessary. Active monitoring of the servers/ services is also in place to alert us to any possible contention and modify the load balancing rules as necessary.


Service usage metrics Yes
Metrics types Analytics are provided in the form of a Reporting Module that is accessible to non-technical users. It provides reports which detail platform usage in terms of registered users and the services they are linked to or transactions that they have carried out. Reports on the successful completion rates of forms and those where users are tending to drop out of the process are also provided.
Third party software, such as Google Analytics and GovMetric, can also easily be incorporated into the solution to provide details on user interactions and where users of the digital channel are focusing their time.


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Within the System Administrator Module, extracts of data are available mainly in CSV or XML format. As part of the implementation for a customer, any data extract requirements are identified and the relevant routines developed. We also provide reporting using MS SSRS, both predefined reports and ad hoc reporting. This allows the export of data in CSV, XML, PDF, MS Word and MS Excel formats.

For data imports, data can be imported into the application database through the System Administration Module. Other methods of data import may be identified during implementation and the appropriate routines developed.
Data export formats Other
Other data export formats
  • XML
  • PDF
  • MS Word
  • MS Excel
Data import formats Other
Other data import formats MS Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability One Digital Forms, as a public-facing web application, shall provide at least 99.5% availability during scheduled operating hours, defined as 24 hours a day, 365 days a year, excluding scheduled downtime.

The One Digital Contact Manager internal-facing web application shall provide at least 99.0% availability during supported office hours, which is defined as 08:00 – 18:00 Monday to Friday, excluding English public holidays and scheduled downtime.

The scheduled downtime will cover tasks including, but not limited to, new releases (software upgrades) and server patching. In addition to the scheduled downtime there will be occasions where Capita is required to initiate unscheduled downtime for emergency changes. In exceptional cases when emergency changes are required, we will endeavour, but cannot guarantee, to complete this work outside of the core normal office hours (09:00 – 17:30 Monday to Friday).

Specific requirements, pertaining to refunds regarding Service Level Agreements, will need to be discussed with the individual buyer at the time of procurement.
Approach to resilience We protect the service with a geographically separated disaster recovery datacentre, which maintains a replication of both the solution and data, and which would be invoked in the case of a disaster.
Further detailed information on our resilience procedures and processes is available on request.
Outage reporting The solution is a SaaS based offering and as such the monitoring of system availability, resource utilisation, etc, are performed as part of the managed service by Capita. These real-time processes are not normally made available to the end user. All incident management type events and activities are recorded within our CRM and accessed via the Customer Portal.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication Access to the One Digital Contact Manager is by username and password.

Where One Digital Forms are accessed via users registered on the One Digital Portal, or authenticated against services available on the portal, access can be provided by two-factor authentication (portal), username and password (portal), online authorisation (authenticated services) or PIN (authenticated services). Please see our entry on G-Cloud for the One Digital Portal for further details.
Access restrictions in management interfaces and support channels Access to the Contact Manager and the System Administration Module (where administrative functions are managed, including form creation/ maintenance, user maintenance and system configuration) is controlled by username and password.

Access to the Capita Support Portal is controlled by username and password. New customers with responsibility for contacting the support desk are encouraged to register on the Support Portal. If customers contact us by telephone or email, their details are matched to an existing registration. If none exists, they are either asked to register or, if appropriate, the details of their call are linked to a colleague who is registered.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 15/12/2014
What the ISO/IEC 27001 doesn’t cover Our ISO 27001 Certification Scope only covers the hosted environment as offered on G-Cloud.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes As part of Capita Business Services, we work to policies and standards that are aligned with ISO 27001, these are agreed and signed off by the Group CEO and cascaded to the businesses via an internal intranet site and email communication. In addition, each year when employees complete their annual training they agree to comply with both Group and Business Unit Level policies.

Information Security employees as well as Capita Audit complete announced and unannounced checks to ensure that the polices and standards are being followed. Any non-conformities are reviewed and dealt with appropriately.

Information Security is dealt with at all levels of the business, including at the Business Unit, Divisional Unit and Capita Group.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach As part of the ISO 27001 Accredited ISMS, we have a defined and documented change control process. At the core of this change control process is an assessment on all areas of the system, including security. If the risk to security is deemed to be high, it is assessed by Information Security. All change requests are stored on a CRM system and as part of our 27001 audit schedule, are randomly checked to ensure accurate record keeping is maintained and the process followed.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We employ a market leading AVS tool that is scheduled to run regularly. These results are then fed into the ongoing threat assessment and management program. Patching is completed on a scheduled basis and any failures are identified by the AVS and raised. Out of cycle patches are risk assessed and scheduled, if required they could be in place within less than 24 hours. Capita subscribes to multiple information sources for threats, including CISP and ISF, in addition Information Security regularly review other public and private websites for threat information.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The platform uses a system that was designed to comply with GPG13. Events are categorised and events that have been flagged for review are reviewed daily. In addition, the information is stored with controlled access for investigations.
Incident management type Supplier-defined controls
Incident management approach We have a defined, approved and tested Incident Management process, it forms part of our ISO 27001 accredited ISMS. The process has a list of example incidents that are designed to cover a wide range of scenarios. All employees are made aware of the incident reporting process and randomly tested for effectiveness.
Incident reports will be passed to relevant customers if there has been an impact to their environment or data.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3364 per unit per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑