ACF Technologies (UK) Limited

Appointment Booking_Local Government

ACF offer market-leading appointment booking solutions which combine the following components: Omni-channel booking via booking webpage, via phone, in-person, app etc. Automated notifications and reminders, internal easy-to-use web user interface, numerous check-in options, skills /needs matching, multi-language, pre-appointment online data / document collection, calendar synchronisation, room booking, surveying and more.


  • Self-serve interfaces (kiosks, tablets, roaming agent)
  • Virtual queuing and geo-location
  • Printed or digital tickets (SMS, Email)
  • Digital signage and CMS
  • Audio calling (multi-language)
  • Web user interface
  • Customer routing
  • Online forms and surveys
  • Digital signature
  • Reporting and Business Intelligence


  • Imrpove overall customer experience
  • Reduce wait times
  • Increase operational effeciencies
  • Connect customers and staff more intelligently
  • Channel shift customers towards optimal channels (e.g. phone)
  • Reduce abandonment rates due to unhappy experiences
  • Automate business processes and notifications to customers
  • Increase utilisation of resources (staff, rooms, equipment)
  • Forecast customer footfall & demand on staffing
  • Quantify and report on all your service statistics


£250 a user a year

  • Free trial available

Service documents


G-Cloud 12

Service ID

6 4 1 7 9 4 9 5 2 8 4 2 3 2 4


ACF Technologies (UK) Limited Sales
Telephone: 01276 538090

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
System requirements
  • Our software is a Microsoft .NET application
  • Web user interface compatible with all major browsers

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 hour, if not sooner. Naturally our response times will vary depending on the agreed SLAs, the business operational hours, severity level of ticket and other factors important to our customers.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
Level 1: This would need to be agreed with each organsation.
Levels 2 or 3: A set percentage of the software value, which is included in the SaaS pricing model.

Support team:
- Technical Support Team (Application & Cloud Support)
- Technical Account Manager
- Development Support (Application & Cloud Support)
- Technical Director Support (Application & Cloud Specialist)
Support available to third parties

Onboarding and offboarding

Getting started
Training services included:

- Personalised training plan
- Onsite training
- Online training (recorded)
- User manuals & documentation
- Online Knowledge Base portal for advanced users
- Train the trainer approach
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
Online articles via knowledge base
End-of-contract data extraction
We offer a full database back-up and extraction to ensure you retain full data integrity. We will also offer support to ensure a seamless transition to any future solution.
End-of-contract process
- Agreement that contract will not continue.
- Agree process for data extraction.
- Advice & support for transition agreed.
- Full data deletion process agreed with client.

Full details of this process are included within our Information Security Management System documentation.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Service interface
Description of service interface
API & webhooks.
Accessibility standards
WCAG 2.1 A
Accessibility testing
Q-Flow complies with both Section 508 standard 1194.22 for Web-Based Intranet and Internet Information and Applications, and WCAG 2.0. This ensures the Q-Flow system is accessible to people with disabilities who are using assistive technologies. The above was designed based off UI testing.
What users can and can't do using the API
The Q-Flow API provides developers with an extensive range of Web services for integration purposes. There are two separate API components:

- Q-Flow WCF API
- Q-Flow Embedded REST API

- This API is a standalone installation of WCF Web services. Both SOAP and REST can be used to access this API.

Embedded REST API:
- This API is a REST API embedded within the Q-Flow Web application. Q-Flow Embedded REST API provides an extensive subset of the functionality offered by Q-Flow; the available operations are documented within its integrated API help.

We naturally offer full training and advice services to ensure our clients get the most from this element of the solution.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
What can be customised:
- User interfaces - internal & external
- Application layer - behaviours & workflows
- Individual database level

How users can customise:
- All customisation is delivered by our controlled 'Q-App' methodology

Who can customise:
- Client organisation (controlled via Q-Apps)
- ACF Technologies

N.B: Core product code is not customisable by any clients


Independence of resources
Internal users (staff):
- Expected maximum user numbers are agreed at the start of the project
- User numbers are montitored regularly
- Infrastructure is designed with the maximum load in-mind
- Infrastructre is auto-scalable if required

External users (customers):
- Expected maximum demand is forecasted at the start of the project
- Demand on infrastructure is pro-actively monitored
- Infrastructure is designed with the maximum load in-mind
- Infrastructre is auto-scalable if required


Service usage metrics
Metrics types
- Users numbers are tracked and visible in real-time
- There is an in-application user log for tracking behaviours

- Our solution comes with a full reporting suite containing 80+ reports
- Our database can also be connected to BI reporting tools
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
- Database back-ups can be taken for the full database
- Users can also extract reports / data a several places within the application using industry standard download methods (excel, CSV, PDF etc.)
- Our database can also be connected to BI reporting tools
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF
  • Other flat file formats
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • PDF
  • Other flat file formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability

We have a service credit system in place in case SLAs are not met.

Full details of this are included within our Client Support Guide.
Approach to resilience
Please see here a link to more information from Microsoft Azure's security and resilliency:
Outage reporting
Immediate email alerts and system notifications.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
Access restrictions in management interfaces and support channels
Q-Flow protects customer and organisational information by controlling who may access each of the system modules and forms in order to view, edit, or delete data. Each user in the system belongs to a single group, which may be in one or many roles. This allows the system administrator to configure and control system behavior and access permissions in a simplified, centralised way.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Alcumus ISOQAR
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change management will follow the below steps:

- Request
- Plan
- Impact Assessment - security etc.
- Communicate
- Approve
- Implement
- Review
- Close
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The organisation’s IT infrastructure will be patched according to this policy to minimise vulnerabilities. The IT Department will maintain an up to date inventory of the components within the organisation’s IT infrastructure. The software and hardware identified will scanned for vulnerabilities and patched according to this policy. All of the hardware and software on the network will be scanned using a vulnerability scanner to identify weaknesses in the configuration of systems and to determine if any systems are missing important patches, or software such as anti-virus software. Full details of our vulnerability is provided within our full ISMS documentation.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Backup software will be configured to send daily alert of successful/unsuccessful email to the system admin team. The system admin ensures that all backups are completed successfully and reviews the backup process on all servers daily. Logs are maintained to verify the amount of data backed up and the unsuccessful backup occurrences. More details on this process are included within our full ISMS Documentation.
Incident management type
Supplier-defined controls
Incident management approach
ACF has a clearly defined Incident Management Process, all of which is fully documented within our ISMS Documentation.

All incidents are immediately communicated to the assigned people via the agreed channels.

A full incident report is provided post-incident via email / documentation.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)


£250 a user a year
Discount for educational organisations
Free trial available
Description of free trial
We offer a pilot where all software licenses, user licenses, hosting and support is covered by ACF. We may request some commercial coverage for some professional services, but this is evaulated on a case by case basis. We fully understand the importance of and support the pilot / trial model.

Service documents