Objective Corporation Limited

Objective ECM & EDRM as a Service including MS Office 365

Objective ECM and EDRM including integration to O365 Software as a Service makes it easy for agencies to manage their Enterprise Content including document and records management, collaboration and business process automation of digital and physical content. 30 Government business processes including FOI/SAR and Ministers Questions.


  • Enterprise Content Management & Information Governance
  • Document and Records Management
  • Business Process Automation, Workflow and Process Governance
  • Drawings Management, Document Imaging and Redaction
  • Case Management
  • Enterprise Search
  • Mobile and Offline Working
  • Integration with Email, Office and Line of Business Systems
  • Access via Mobile, Browser and Tablets
  • Sharepoint Integration and Governance


  • Manage Information Assets through their lifecycle at lower cost
  • Connects content to people and the people they work with
  • Delivers a simple, fast and personal experience that can scale
  • Manage all content; both electronic and physical
  • Accessible via Web, Mobile, Email, Sharepoint O365 and LoB Systems
  • Pre-configured file plans for SCARRS and LGCS
  • Zero based training web-based application
  • An accredited solution with data resident in the UK/Europe
  • Allows for Collaboration and Enterprise Search across all content
  • Automates core business processes across Organisations and External Stakeholders


£23 per user per month

  • Education pricing available

Service documents

G-Cloud 11


Objective Corporation Limited

Mat Graves

+44 (0)118 2072300


Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints Typically all maintenance schedules will be performed out of core office hours weekdays or over weekends.

The solution is based on the Microsoft Azure platform. Each system supports a minimum of 50 users. Each instance is dedicated to a single customer.

Customisation permitted: Whilst there are no limitations to customisation of the out of box functionality that Objective can support, all customisation must be scoped to understand the impact on security, service management and resource.

Customisation involving simple reconfiguration is supported, however
any design alteration or the addition of third party applications must be declared for impact assessment.
System requirements
  • Installed client for system configuration and administration
  • Optional client download for optimised browser experience
  • Connectivity from customer to Cloud tenancy
  • Integration with other customer systems may be beneficial e.g. Exchange

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Online ticketing Support 24/7
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard Support Hours are 09:00 to 17:00 Monday to Friday Excluding Public Holidays.

Enhanced support is available including 07:00-19:00 and 24/5.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The Objective ECM solution will be installed and configured by Objective Professional Services prior to delivery of the solution to the customer.

Data cleansing prior to data migration is available as a separate option, and if selected, this will form part of the on-boarding process.

A project plan will be agreed between the parties based on the requirements for the system, with an associated timeline. Regular reviews of both the project plan and demonstrations of the functionality will be included, as will a training plan that accommodates administrators, super users and end users.

Following a successful acceptance test by key users, the system will be handed over to the customer.

The Objective Consultants will be available for a period after the go-live, and will do a warm handover to the Technical Support and Account Management teams.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Objective will export content from the hosted environment as follows:
• In order to receive the information, the customer will be responsible for creating their own hosted environment account with sufficient capacity to hold the dataset and provide Objective access.
• Objective will place a copy an export of the database and Objective document store in this area and provide a notification for the customer that this task has been completed.
• Objective will maintain the original instance for a period of 30 days from export, upon which time it will be deleted.
• Once the data has been extracted, Objective will instruct the data centre to remove the Customers Objective instance. This will include removal of data volumes, snapshots and backups which will be permanently deleted from the hosted environment.
End-of-contract process Should the customer elect to terminate the contract, then written notice must be given according to the terms of the contract. Objective will migrate out content. The Objective Account Manager will coordinate with Objective Professional Services to perform the Migration process at an additional cost. Should the customer elect to migrate from Hosted ECM to On-Premise ECM, the transfer of all configurations and data will be undertaken by Objective Professional Services prior to decommissioning the hosted environment.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Objective ECM supports a responsive user experience. The ECM browser will resize automatically based on the available screen space on the device.
Note the install is for a plug-in to enhance the user experience but is not a mandatory requirement. All users can access the service by a browser only.
Service interface No
What users can and can't do using the API How users setup the service: The service is setup on behalf of the customer.
How users can make changes through the API: The service offers various routes to facilitate either a deep two way data exchange or a reference based loose coupling of systems.
Objective’s web services API provides a full range of “SCRUD” (Search, Create, Read, Update and Delete) services for content creation and consumption as well as other services for workflow interaction and session and transaction management.
This operates securely via SSL over HTTPS on port 443. It is language agnostic. The fine granularity of the web services means that an integrating system has ultimate control over all aspects of the integration to achieve a defined business outcome. It requires the integrating system to have knowledge of the business rules (filing rules, metadata and object mappings, etc) configured within the Objective ECM.
Objective also offers a ‘wrapper’ for the Objective Web-talk interface called the Objective Applink. This is an agile and rapid development environment providing a configurable interface to allow API calls to be exposed for external consumption. This can provide a cost effective way to integrate standard data interchange between Objective and multiple systems.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation What can be configured and customised:
Many elements of the solution can be configured - this includes business specific elements such as the file plan, content types, business system preferences and business processes through Workflow.

Beyond configuration the solution can be customised for Integrations with 3rd party systems and for Integrations via Web Services and APIs and form UIs.

How users can customise?

Authorised users can configure the solution via the user interface or by using various utilities.

Technical users (or Objective technical consultants) can customise using the provided Web Services and APIs.

Who can customise?
Business specific elements can be configured by adminstrator users. Workflow can be configured by workflow administrator users.
Customisation involving simple reconfiguration is supported, however
any addition of third party applications must be declared for impact assessment. Technical users (or Objective technical consultants) can also customise using the provided Web Services and APIs.


Independence of resources The solution is single tenant. Other users cannot impact the service.


Service usage metrics Yes
Metrics types Regular reports provided.
Dashboard updated on a daily basis.

Metrics include application usage analytics for example top user document creations etc.

Reports on Incident Service Level Targets and Availability Target Levels.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Physical access controls from the Cloud platform.
ISO 27001 accredited procedures are in place to protect data at rest.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be analysed at any time through reporting capabilities, and can be exported if so desired.
Data export formats Other
Other data export formats
  • XML
  • Native document format
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • Database Table
  • Native Document Format

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Isolated Security Zones within the network is an effective strategy for reducing many types of risk. Security zones that separate systems based on their communication and protection needs minimize security risks while allowing information flows to continue even in the face of failures and security incidents.
Virtual firewalls are between each network zone to secure and control traffic flow between subnets to provide segmentation.
Certificates are are used to secure communication between many internal components of the solution. Most are included and Trust stores are used to secure communications between external customer services where relevant.

Availability and resilience

Availability and resilience
Guaranteed availability Objective ECM is a hosted application which is available to users on a 99.5% per month basis Service Availability Target as standard, based on Support Hours. Service Availability Target means the ability for Objective’s monitoring provider probe to return success (critical services are available), except during scheduled maintenance windows.
Objective reserves a right to conduct scheduled downtime to ensure the environment is stable and the application is operational and up-to-date. Scheduled downtime will, where practicable, be notified to users in advance and scheduled on a weekend or after normal working hours to minimise any inconvenience. Objective also reserves a right to conduct unscheduled downtime in an emergency to safeguard the application e.g. from the presence of a virus or other damaging code.
Approach to resilience Physical Resilience is delivered by the Cloud provider to a world leading standard and backed by Service Level Agreements.
Objective designs the service on top of the Cloud infrastructure to meet the service levels required. These requirements may vary.
Backups allow for restore in a variety of situations including data loss, infrastructure loss or corruption.
Appropriate connectivity is achieved through joint workshops.
Outage reporting Objective System Administrators receive Email and SMS alerts and have internal dashboards, and will raise an incident with the customer.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Service management via bastion hosts and use of a VPN
Access restriction testing frequency Less than once a year
Management access authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ACS Registrars
ISO/IEC 27001 accreditation date 15/07/2015
What the ISO/IEC 27001 doesn’t cover The scope of Objective's accreditation covers the following:

The protection of data for the provision of specialist information management software solutions and services around content collaboration and process management to the corporate and public sector. Assets protected include all organisation data client data required for the delivery of services and supporting physical and cloud based IT infrastructure. Assets protected are within the physical locations internal networks external connectivity and remotely managed services within the control of Objective Corporation UK Ltd. in Accordance with Statement of Applicability Ver 1.3
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • ISO27018
  • Cyber Security Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards CyberSecurity Essentials
Information security policies and processes All Objective staff in the UK are responsible for conforming to the security manual in all their work. The procedures which make up the Information Security Management System (ISMS) define specific responsibilities.

The Objective UK Information Security Manager, who reports directly to the General Manager UK, is responsible for the ISMS design and development, liaison with external advice and guidance (e.g. interest groups, product user groups). He is responsible for:
• owning the ISMS and ensuring that it presents an integrated set of policies and controls which support Objective’s information security policy
• establishing information security objectives to support the policy, and controlling their achievement
• ensuring that any failures, events or improvement opportunities relating to information security are recorded and addressed as appropriate (including retention of records as required)
• maintaining the ISMS components in accordance with agreed improvements, and ensuring that they are implemented correctly
• ensuring that any resources required to support information security are identified and requested
• monitoring the system's effectiveness through audits and other measures
• ensuring compliance with the requirements of ISO 27001
• ensuring staff awareness of information security
• maintaining knowledge of information security good practice.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change and configuration management procedures are followed to track service components throughout their lifecycle to ensure the network remains operational and stable at all times.

No changes may be made to the IT infrastructure without the Systems Administrator’s approval.

The Systems Administrator reviews and risk assesses changes for potential security impact and mitigates and manages appropriately before deployment onto live system environments.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Incidents are raised in response to threat identification and managed on a risk impact assessed basis and prioritised for response.

Patches are deployed and managed in accordance with defined processes with emergency patch processes defined for dealing with high impact / high priority incidents.

Potential threats and threat actors are monitored and regularly reviewed as part of the regular review process.
Protective monitoring type Supplier-defined controls
Protective monitoring approach A multi-layered strategic approach exists to protect the data, network and laptop/desktops from Internet borne threats that uses:
• Anti-virus and malware scanner software on laptops/desktops and servers to protect against virus and malware infections
• Email filtering to prevent email based attacks delivered in the form of incoming spam mail.
• A firewall regulates inbound and outbound traffic to protect against potential threats.
• Operating systems software is updated to address known vulnerabilities.

Tickets are raised in response to an incident and prioritised for response based on risk assessment.
Incident management type Supplier-defined controls
Incident management approach Users report and raise incidents through the Support Portal and tickets are raised to progress incidents. Each ticket is reponded to with details of root cause of the incident together with incident resolution details identified.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Scottish Wide Area Network (SWAN)


Price £23 per user per month
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑