FR Forms lets you create your own forms (in a drag and drop editor) and deliver to one or more tablet or smartphone. Then capture the data back to our secure server for onward merge to you CRM or project database. Service starts as a free account (restricted functionality). https://www.frforms.com
- Admin site simple and logically laid out, all self service
- Drag and drop form builder - no coding
- Matching free iOS and Android mobile Applications
- Use anywhere and sync when on a trusted network connection
- App Data is encrypted in for each Organisation and User
- Data is encrypted in transit and secure on site
- Extensive form elements including image, audio, video and signature
- No coding skills required
- Website and App kept simple and focussed on gathering data
- Four simple packages with clear dimensions or limits.
- Optional “Plus Packs” for larger organisations
- Can be provided as private, standalone system
- Fits tablet and smartphone screens. iOS and Android to start.
£0 to £1000 per unit per year
Free Rein Limited
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||M-F 9-5:30 - within 4 hours|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||Support is available generally Mon-Fri 9-5:30 to solve any user issue or technical problem to registered users. If we get repeated questions we would rather solve the cause than the symptom.|
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||All online in application with supporting bite-sized videos|
|End-of-contract data extraction||
All data, templates and user accounts are self-managed and removed
Complete, final closure is simple request to Free Rein and removed within 2 hours during M-F 9-5:30
Account closure is final and cannot be recovered.
Anything client has deleted is final on contract closure.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Length of scroll to view whole page contents on Admin site. Perfect for mobile App.|
|Accessibility standards||WCAG 2.0 AA or EN 301 549|
|Accessibility testing||Full breadth of Government requirement standards in 2015 for Serco/Dept BIS project.|
|What users can and can't do using the API||Added as requested to match client individual requirements. No standard configuration yet.|
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||Client may have dedicated white label version to allow self-branding or higher security control and top level administration.|
|Independence of resources||Managed cluster loading of virtual servers – most automated except under DDOS conditions where manual intervention often required.|
|Service usage metrics||Yes|
|Metrics types||All event data is reported on dashboard and in personal reports.|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||Less than once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Option in Admin site at all levels.
Mobile App does not store data once sent, only keeps form templates as long as Admin allows.
|Data export formats||
|Other data export formats||
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
100% availability excluding planned maintenance
Refunds automatic as double proportion of the monthly or annual contract, no claim required.
|Approach to resilience||All data centre elements are redundant with automatic fail-over. Further detail available on request.|
|Outage reporting||Email alerts available on a request for subscription basis|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
Organisations are created by the client first registering and then self managed for admin and user roles.
Systems are created with a core group of users from the client organisation who act as administrators and manage all other users in compliance with their own internal policies.
User capabilities are determined by the roles they have been assigned and the privileges granted to each role.
Support channels are limited to authorised admin individuals. No external management is available on support channels.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||Cyber Essentials accredited moving up to Plus en route for IASME|
|Information security policies and processes||
The ISMS contains policies and processes that are critical to provide assurance that data is handled consistently and securely. These cover all aspects including asset management, application usage, accounts, emails, storage devices, access controls, and the handling of data.
Procedures exist to ensure actions comply with the defined policies and what to do in the event of non-compliance.
In the event of a suspected incident, the IT manager (or nominee) is responsible for authorising access to equipment, services and data to allow investigations to proceed.
Wherever possible, policies are enforced by automation but in many cases manual intervention is necessary. In these situations procedures define the process required to ensure each policy is being followed and the frequency the process is to be executed.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
On receipt of a documented change request, a risk assessment is performed to determine the potential effect the change will have on system components, security and running costs.
Changes will then be implemented in a controlled test environment, where testing and reviews can performed. All changes are be retained within source control.
Once approved, changes will be announced and documented as required before release.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
OS and application patches are constantly monitored and when available they will be assessed and implemented. For critical patches an emergency process is in place to action quickly.
Announcements of potential threats and exploits are received through numerous notification services including CVE databases and OS maintainers.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Networks and systems are monitored for abnormal performance and resource usage which may indicate a potential attack or system malfunction. Automated alerts are sent when defined thresholds have been reached.
Activity logs are retained to allow for forensic analysis of actions if an issue arrises.
AntiVirus software is used to scan incoming files and emails to the environment with regular full system scans as an extra measure.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Incidents can be raised by users through the support channels or from the automated monitoring systems, all of which have a process to be followed.
Many incidents can be handled either automatically or manually by help desk staff but for complex or time critical incidents, specialist technical support staff will be assigned to ensure a timely resolution.
Incident reports will be made available upon request.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£0 to £1000 per unit per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
The free version is available for life - there is no trial period restriction.
Full FR Forms services with limitations of data and form elements to:
Text line, Text area, Check boxes, List Box, Content area, Email, Date. https://www.frforms.com for options
|Link to free trial||https://app.frforms.com/account/register|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|