Objective Corporation Limited

Objective ECM & EDRM as a Service including MS Office 365

Objective ECM and EDRM including integration to O365 Software as a Service makes it easy for agencies to manage their Enterprise Content including document and records management, collaboration and business process automation of digital and physical content. 30 Government business processes including FOI/SAR and Ministers Questions.


  • Enterprise Content Management & Information Governance
  • Document and Records Management
  • Business Process Automation, Workflow and Process Governance
  • Drawings Management, Document Imaging and Redaction
  • Case Management
  • Enterprise Search
  • Mobile and Offline Working
  • Integration with Email, Office and Line of Business Systems
  • Access via Mobile, Browser and Tablets
  • Sharepoint Integration and Governance


  • Manage Information Assets through their lifecycle at lower cost
  • Connects content to people and the people they work with
  • Delivers a simple, fast and personal experience that can scale
  • Manage all content; both electronic and physical
  • Accessible via Web, Mobile, Email, Sharepoint O365 and LoB Systems
  • Pre-configured file plans for SCARRS and LGCS
  • Zero based training web-based application
  • An accredited solution with data resident in the UK/Europe
  • Allows for Collaboration and Enterprise Search across all content
  • Automates core business processes across Organisations and External Stakeholders


£23 per user per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

7 5 1 5 6 3 7 9 0 2 6 7 5 6 8


Objective Corporation Limited

Mat Graves

+44 (0)118 2072300


Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Typically all maintenance schedules will be performed out of core office hours weekdays or over weekends.

The solution is based on the Microsoft Azure platform. Each system supports a minimum of 50 users. Each instance is dedicated to a single customer.

Customisation permitted: Whilst there are no limitations to customisation of the out of box functionality that Objective can support, all customisation must be scoped to understand the impact on security, service management and resource.

Customisation involving simple reconfiguration is supported, however
any design alteration or the addition of third party applications must be declared for impact assessment.
System requirements
  • Installed client for system configuration and administration
  • Optional client download for optimised browser experience
  • Connectivity from customer to Cloud tenancy
  • Integration with other customer systems may be beneficial e.g. Exchange

User support

Email or online ticketing support
Email or online ticketing
Support response times
Online ticketing Support 24/7
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Standard Support Hours are 09:00 to 17:00 Monday to Friday Excluding Public Holidays.

Enhanced support is available including 07:00-19:00 and 24/5.
Support available to third parties

Onboarding and offboarding

Getting started
The Objective ECM solution will be installed and configured by Objective Professional Services prior to delivery of the solution to the customer.

Data cleansing prior to data migration is available as a separate option, and if selected, this will form part of the on-boarding process.

A project plan will be agreed between the parties based on the requirements for the system, with an associated timeline. Regular reviews of both the project plan and demonstrations of the functionality will be included, as will a training plan that accommodates administrators, super users and end users.

Following a successful acceptance test by key users, the system will be handed over to the customer.

The Objective Consultants will be available for a period after the go-live, and will do a warm handover to the Technical Support and Account Management teams.
Service documentation
Documentation formats
End-of-contract data extraction
Objective will export content from the hosted environment as follows:
• In order to receive the information, the customer will be responsible for creating their own hosted environment account with sufficient capacity to hold the dataset and provide Objective access.
• Objective will place a copy an export of the database and Objective document store in this area and provide a notification for the customer that this task has been completed.
• Objective will maintain the original instance for a period of 30 days from export, upon which time it will be deleted.
• Once the data has been extracted, Objective will instruct the data centre to remove the Customers Objective instance. This will include removal of data volumes, snapshots and backups which will be permanently deleted from the hosted environment.
End-of-contract process
Should the customer elect to terminate the contract, then written notice must be given according to the terms of the contract. Objective will migrate out content. The Objective Account Manager will coordinate with Objective Professional Services to perform the Migration process at an additional cost. Should the customer elect to migrate from Hosted ECM to On-Premise ECM, the transfer of all configurations and data will be undertaken by Objective Professional Services prior to decommissioning the hosted environment.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Differences between the mobile and desktop service
Objective ECM supports a responsive user experience. The ECM browser will resize automatically based on the available screen space on the device.
Note the install is for a plug-in to enhance the user experience but is not a mandatory requirement. All users can access the service by a browser only.
Service interface
What users can and can't do using the API
How users setup the service: The service is setup on behalf of the customer.
How users can make changes through the API: The service offers various routes to facilitate either a deep two way data exchange or a reference based loose coupling of systems.
Objective’s web services API provides a full range of “SCRUD” (Search, Create, Read, Update and Delete) services for content creation and consumption as well as other services for workflow interaction and session and transaction management.
This operates securely via SSL over HTTPS on port 443. It is language agnostic. The fine granularity of the web services means that an integrating system has ultimate control over all aspects of the integration to achieve a defined business outcome. It requires the integrating system to have knowledge of the business rules (filing rules, metadata and object mappings, etc) configured within the Objective ECM.
Objective also offers a ‘wrapper’ for the Objective Web-talk interface called the Objective Applink. This is an agile and rapid development environment providing a configurable interface to allow API calls to be exposed for external consumption. This can provide a cost effective way to integrate standard data interchange between Objective and multiple systems.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
What can be configured and customised:
Many elements of the solution can be configured - this includes business specific elements such as the file plan, content types, business system preferences and business processes through Workflow.

Beyond configuration the solution can be customised for Integrations with 3rd party systems and for Integrations via Web Services and APIs and form UIs.

How users can customise?

Authorised users can configure the solution via the user interface or by using various utilities.

Technical users (or Objective technical consultants) can customise using the provided Web Services and APIs.

Who can customise?
Business specific elements can be configured by adminstrator users. Workflow can be configured by workflow administrator users.
Customisation involving simple reconfiguration is supported, however
any addition of third party applications must be declared for impact assessment. Technical users (or Objective technical consultants) can also customise using the provided Web Services and APIs.


Independence of resources
The solution is single tenant. Other users cannot impact the service.


Service usage metrics
Metrics types
Regular reports provided.
Dashboard updated on a daily basis.

Metrics include application usage analytics for example top user document creations etc.

Reports on Incident Service Level Targets and Availability Target Levels.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
Physical access controls from the Cloud platform.
ISO 27001 accredited procedures are in place to protect data at rest.
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be analysed at any time through reporting capabilities, and can be exported if so desired.
Data export formats
Other data export formats
  • XML
  • Native document format
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • Database Table
  • Native Document Format

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Isolated Security Zones within the network is an effective strategy for reducing many types of risk. Security zones that separate systems based on their communication and protection needs minimize security risks while allowing information flows to continue even in the face of failures and security incidents.
Virtual firewalls are between each network zone to secure and control traffic flow between subnets to provide segmentation.
Certificates are are used to secure communication between many internal components of the solution. Most are included and Trust stores are used to secure communications between external customer services where relevant.

Availability and resilience

Guaranteed availability
Objective ECM is a hosted application which is available to users on a 99.5% per month basis Service Availability Target as standard, based on Support Hours. Service Availability Target means the ability for Objective’s monitoring provider probe to return success (critical services are available), except during scheduled maintenance windows.
Objective reserves a right to conduct scheduled downtime to ensure the environment is stable and the application is operational and up-to-date. Scheduled downtime will, where practicable, be notified to users in advance and scheduled on a weekend or after normal working hours to minimise any inconvenience. Objective also reserves a right to conduct unscheduled downtime in an emergency to safeguard the application e.g. from the presence of a virus or other damaging code.
Approach to resilience
Physical Resilience is delivered by the Cloud provider to a world leading standard and backed by Service Level Agreements.
Objective designs the service on top of the Cloud infrastructure to meet the service levels required. These requirements may vary.
Backups allow for restore in a variety of situations including data loss, infrastructure loss or corruption.
Appropriate connectivity is achieved through joint workshops.
Outage reporting
Objective System Administrators receive Email and SMS alerts and have internal dashboards, and will raise an incident with the customer.

Identity and authentication

User authentication needed
User authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Service management via bastion hosts and use of a VPN
Access restriction testing frequency
Less than once a year
Management access authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ACS Registrars
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The scope of Objective's accreditation covers the following:

The protection of data for the provision of specialist information management software solutions and services around content collaboration and process management to the corporate and public sector. Assets protected include all organisation data client data required for the delivery of services and supporting physical and cloud based IT infrastructure. Assets protected are within the physical locations internal networks external connectivity and remotely managed services within the control of Objective Corporation UK Ltd. in Accordance with Statement of Applicability Ver 1.3
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • ISO27018
  • Cyber Security Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
CyberSecurity Essentials
Information security policies and processes
All Objective staff in the UK are responsible for conforming to the security manual in all their work. The procedures which make up the Information Security Management System (ISMS) define specific responsibilities.

The Objective UK Information Security Manager, who reports directly to the General Manager UK, is responsible for the ISMS design and development, liaison with external advice and guidance (e.g. interest groups, product user groups). He is responsible for:
• owning the ISMS and ensuring that it presents an integrated set of policies and controls which support Objective’s information security policy
• establishing information security objectives to support the policy, and controlling their achievement
• ensuring that any failures, events or improvement opportunities relating to information security are recorded and addressed as appropriate (including retention of records as required)
• maintaining the ISMS components in accordance with agreed improvements, and ensuring that they are implemented correctly
• ensuring that any resources required to support information security are identified and requested
• monitoring the system's effectiveness through audits and other measures
• ensuring compliance with the requirements of ISO 27001
• ensuring staff awareness of information security
• maintaining knowledge of information security good practice.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change and configuration management procedures are followed to track service components throughout their lifecycle to ensure the network remains operational and stable at all times.

No changes may be made to the IT infrastructure without the Systems Administrator’s approval.

The Systems Administrator reviews and risk assesses changes for potential security impact and mitigates and manages appropriately before deployment onto live system environments.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Incidents are raised in response to threat identification and managed on a risk impact assessed basis and prioritised for response.

Patches are deployed and managed in accordance with defined processes with emergency patch processes defined for dealing with high impact / high priority incidents.

Potential threats and threat actors are monitored and regularly reviewed as part of the regular review process.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
A multi-layered strategic approach exists to protect the data, network and laptop/desktops from Internet borne threats that uses:
• Anti-virus and malware scanner software on laptops/desktops and servers to protect against virus and malware infections
• Email filtering to prevent email based attacks delivered in the form of incoming spam mail.
• A firewall regulates inbound and outbound traffic to protect against potential threats.
• Operating systems software is updated to address known vulnerabilities.

Tickets are raised in response to an incident and prioritised for response based on risk assessment.
Incident management type
Supplier-defined controls
Incident management approach
Users report and raise incidents through the Support Portal and tickets are raised to progress incidents. Each ticket is reponded to with details of root cause of the incident together with incident resolution details identified.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
  • Public Services Network (PSN)
  • Scottish Wide Area Network (SWAN)


£23 per user per month
Discount for educational organisations
Free trial available

Service documents

Return to top ↑