Ancoris Limited

Ancoris Signatures

Ancoris Signatures provides centralised signatures management for Gmail, part of G Suite. Ancoris Signatures gives you the ability to stay in control of your domain wide email signatures and ensure all your employees adhere to company policy and reflect your brand correctly.


  • Pre-Made Templates
  • Create personalised templates
  • WYSIWYG or HTML editor
  • Preview template design and how it will look for users
  • Optionally allow users to modify their profile data
  • Quickly review incomplete profiles and templates in use
  • Sync signatures daily, weekly or ad-hoc


  • Strengthen corporate branding with centralised signature management
  • New employees can be automatically assigned a signature
  • Generate new business by including promotional messages
  • Easily set up Signatures per department (OU) or user
  • Audit highlights users who change their Gmail signature


£3 per user per year

Service documents


G-Cloud 11

Service ID

6 6 3 0 2 7 7 5 0 3 4 5 0 8 7


Ancoris Limited

David McLeman|Phil Jordan|Trevor Cook

+44 (0) 8452626745

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to G Suite
Cloud deployment model Public cloud
Service constraints Only updates the G Suite web (desktop) signature. Will not update mobile or desktop clients.
System requirements G Suite

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times P1: 30 mins, P2: 1 hour, P3-P4 tickets: 4 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide public searchable help articles, and an area to suggest new features within our our helpdesk for administrators of Ancoris Signatures. Ancoris Signature administrators are also able to raise support tickets with us if they are unable to find the answer they are looking for within our help articles.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Start-up wizard and documentation, email support
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Customers can copy the email signature template HTML prior to the service expiring
End-of-contract process Email signatures stop syncing. Data is deleted 60 days after service end.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Service interface No
Customisation available Yes
Description of customisation Design their own email signature templates


Independence of resources Developed on highly scalable PAAS. Already supporting 100s of customers


Service usage metrics Yes
Metrics types % signatures managed, # profiles incomplete, # email templates, signature update history, # profiles changed, #templates changed, # signatures updated in Gmail.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach UI provides the ability to copy the email signature template HTML
Data export formats Other
Other data export formats HTML
Data import formats Other
Other data import formats HTML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99%
Approach to resilience Our delivery platform auto scales up to handle peak workloads. Data Centre provider can automatically fail over service to alternate data centres seamlessly to clients. Daily backups are taken to support emergency restoration in the unlikely event of some catastrophe.
Outage reporting Data centre outages are reported on a publicly accessible portal. Service disruption notifications which are planned are notified by email in advance. Unplanned service outages are notified publicly via our Twitter account.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels Client's choice of Google or Microsoft Single Sign On via OAuth or via Username/Password
Access restriction testing frequency At least every 6 months
Management access authentication Identity federation with existing provider (for example Google Apps)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 EY CertifyPoint
ISO/IEC 27001 accreditation date 11/5/2012
What the ISO/IEC 27001 doesn’t cover Only those elements which are covered by Appogee HR's Cyber Essentials Plus accreditation
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Worldpay
PCI DSS accreditation date 9/11/2016
What the PCI DSS doesn’t cover N/a
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials plus and our Data Center Hosting and Platform provider is certified to ISO 27001, SSAE16 / ISAE 3402 Type II: SOC 3, ISO 27017 Cloud Security, ISO 27018 Cloud Privacy
Information security policies and processes We follow Cyber Essentials Plus principles, backed up by security training and a code of conduct for all employees, approved company policies with regular reviews by the company Operations Team. Our Data Centre provider has an end to end approach to security governance and delivers us a technology platform that is conceived, designed and built to operate securely.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes documented in code repository. Auto-published for automated unit and system tests. Supplemented by ad-hoc testing. Sign off for production system which can run multiple concurrent versions. When new version validated it is pushed to all clients. Emergency fixes override this on management authority, post reviewed by Operations Team.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Our data centre provider has large Information Security Team including experts in information, application, and network security. They are maintain defense systems, security review processes, build infrastructure and implement policies. We also run independent vulnerability scans on a monthly basis which delivers an actionable report where it has findings.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach This involves our data centre provider tightly controlling the size and make-up of their attack surface through preventative measures, employing intelligent detection controls at data entry points, and employing technologies that automatically remedy certain dangerous situations.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our Data Centre's program is structured around the NIST guidance on handling incidents (NIST SP 800–61). Key staff are trained in forensics and handling evidence in preparation for an event, including the use of third-party and proprietary tools. Testing of incident response plans is performed for key areas. These tests take into consideration a variety of scenarios, including insider threats and software vulnerabilities.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3 per user per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial 14 day free trial
Link to free trial

Service documents

Return to top ↑