Built Intelligence Ltd

FastDraft Contract and Project Management System

FastDraft is our easy to use Construction Contract management platform (NEC3, NEC4, JCT, FIDIC), enabling project teams to consistently draft and manage contract notices, monitor project performance and outcomes; increasing your teams productivity and compliance.


  • Simple, intuitive, out the box web based contract management tool
  • Covering change control, payments, defects, certificates, notices and general communications
  • Single communal platform for contract administration and project reporting
  • An audit trail for all contract communications
  • Consolidated contract management reporting which can be produced on demand
  • Integrated system containing your workflow, guidance, reporting and contract forms
  • Automated benchmarking of your performance against external KPIs
  • Support NEC3, NEC4, JCT, FIDIC contracts and bespoke forms/notices
  • Extensive library of documents, developed by industry practitioners
  • Roles and responsibilities controls to allow whole team to contribute


  • Efficienct semi-automated system, reporting and completing contract management forms
  • Reinforce better practice, includes strict timetables and processes from NEC/JCT/FIDIC
  • Increased transparency as the project team quickly flag issues earlier
  • Improved management Information, consistent claims reporting, across your project portfolio
  • Provides single enterprise approach reducing the burden your project teams
  • Captures causes of claims and allows performance across the system
  • Reduced administration and reporting time and costs
  • Automatically flag tasks and warnings in line with appropriate timetables
  • Tailored solutions, with corporate logos, colour schemes and custom rules
  • 100% managed service, updates, backup and monitoring


£5 to £45 per user per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

7 6 3 9 0 1 0 6 5 7 1 9 7 3 8


Built Intelligence Ltd

Chris Corr

0117 214 0890


Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Hybrid cloud
Service constraints
All non-critical software updates occur outside normal office hours, usually between 9pm and 12am, all users will be warned on login about any impending updates. Critical maintenance may happen during office hours but this will happen if there is a functional issue with the system to all users.
Online support is available via help pages, FAQ sections and training information.
System requirements
  • Internet Access (minimum 128kbps)
  • Internet Browser (Latest version Internet Explorer/Edge, Firefox, Safari, Chrome etc)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support is email based and within UK office hours 8:30am to 5:30pm.

We aim to respond within 1 working hour.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We have not currently carried out any testing of assistive technology solutions with our web chat system but are waiting for confirmation from our supplier that this has been carried out.
Onsite support
Yes, at extra cost
Support levels
We provide telephone and email support free of charge to all our customers, on-site support requirements are negotiated on a per customer basis and charged at our standard day rate.
Support available to third parties

Onboarding and offboarding

Getting started
We provide onsite training to key users and because of the intuitive nature of the software with regards the contract, its simple to pick up by anyone with even a beginners knowledge of NEC3 or contract management.
An ever growing FAQ section and online training portal, allows users to quickly answer any basic questions, more complicated ones can be submitted to the dedicated support team, whether that be software related or contract governance related.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All individual reports and registers can be downloaded by users in Excel, CSV and PDF format at any point.

Upon request a full download of all communications can be sent to any superuser within 2 working days. A feature to do this by any superuser is currently under development.
End-of-contract process
A full download of the contract communications, all registers and all reports can be provided within 2 working days upon request at no additional charge.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The system is responsive so all items are available on mobile and tablets, but for optimal user experience, its recommended to use on a desktop.
Service interface
Description of service interface
We provide WEBAPI 2.0 RESTful web services authenticated using OWIN Auth 2.0 authentication via secure HTTPS protocols hosted on the Microsoft Azure global cloud infrastructure. The API services allow any authenticated device (mobile, web, desktop etc.) to securely connect to the platform and interact with the platforms feature sets. The platform provides responses through JSON text ensuring minimal bandwidth usage, clear readability of the data transferred and greater support for connecting clients.
Accessibility standards
None or don’t know
Description of accessibility
Our development team are currently working on a WCAG 2.0 A compliant version to help make the software as accessible to as many users as possible.
Accessibility testing
We have currently not done any interface testing with users of assistive technology.
What users can and can't do using the API
We provide WEBAPI 2.0 RESTful web services authenticated using OWIN Auth 2.0 authentication via secure HTTPS protocols hosted on the Microsoft Azure global cloud infrastructure. The API services allow any authenticated device (mobile, web, desktop etc.) to securely connect to the platform and interact with the platforms feature sets. The platform provides responses through JSON text ensuring minimal bandwidth usage, clear readability of the data transferred and greater support for connecting clients.
The platform utilizes the Microsoft Azure infrastructure to ensure security of the platform along with load balancing, autoscaling, backups, disaster recovery and automated management to provide a reliable, stable and high performing application.
By utilizing the rich feature sets of the cloud infrastructure we are able to gain detailed insight into the performance of the platform and ensure access to the application and its services continue uninterrupted.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
For all clients, bespoke customisation and development is available to allow the system to specifically work in the way that they require. We can advise from an expertise point of view about whether any changes are in breach of the contract guidelines.
Superuser management is currently under development to allow users to manage their users and contract status, however all these items can currently be amended/rectified through our support system.


Independence of resources
Using a hybrid cloud platform like Microsoft Azure, we're able to give individual contract environments their own processing power which are seemlessly increased to the requirements needed by their users.


Service usage metrics
Metrics types
There is a realtime dashboard of all the key usage metrics that can be tailored to the user level and requirements.

All registers can be downloaded in order for users to create their own reports.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All reports, registers and communications can be downloaded from the software at any point.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • XLSX
  • PDF
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We contractually guarantee 99.5% availability apart from for scheduled maintenance downtime which are carried out outside normal working hours.

Any failures to meet this level of availability will result in service credits awarded to to the customer.
Approach to resilience
Microsoft's Azure datacentres availability was engineered to meet the highest common denominator – mission critical support for intranet, extranet, and online services. Typical of the state of- the-art facility designs at the time, these facilities were fault tolerant, concurrently maintainable and populated with scale-up servers housing redundant power supplies and myriad hot-swappable components.
All data is colocated across centres throughout EEA.
Outage reporting
We have a 3rd party monitoring service in place on top of the standard monitoring offered by our cloud hosting supplier. It provides a dashboard, API and alerts via SMS and email.

Clients will be made aware of any unplanned outages via email alerts, within one working hour (Mon-Fri, 9am to 5pm). Any planned maintenance will be alerted to users via their dashboard no later than 24 hours before the scheduled start.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Access to management interfaces and support channels is made available to authorised internal personnel, authorised hosting provider support teams and authorised database administrators have access to any data.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
We take information security very seriously and understand how important it is to our clients. Our choice of infrastructure and software tools reflect this. We are accredited under the Cyber Essentials Scheme (http://www.cyberessentials.org).
Information security policies and processes
We are implementing GDPR best practice and training staff to ensure compliance.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
As we seek ISO9001 Quality Management System Certification, all of our code and development is managed using a version control repository hosting service and changes are tracked via a ticketing system where we prioritise and manage tickets.

Any updates to the production environment are tested prior to deployment to live using a dedicated test environment.

All hosting environments include incremental backups which supports both short term and long term roll back of the code and database. Along with Microsoft Azure, we manage all infrastructure and Azure automatically deploy software updates and security patches in accordance with our defined release schedule.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our penetration testing partner is CIS SecureSuite approved and provide services specialising in offering the strongest endpoint protection platform against hacking and industrial espionage.

We monitor all 3rd party vendors of each of the system components for the latest software updates and security patches.

Our cloud hosting provider Microsoft Azure, offers security monitoring of infrastructure and application behaviour as standard. All account credentials are managed via an encrypted system access to which is limited to the appropriate staff.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
On top of the standard monitoring services offered buy our cloud hosting provider we also include a 3rd party monitoring service which reports on system level issues and events.

We also employ a distributed network availability monitoring tool which providers alerts on the availability of the various services from multiple locations across the internet.
Incident management type
Supplier-defined controls
Incident management approach
Our procedures for Incident Management are aimed to be in line with QMS ISO 9001 as we seek certification.

Any incidents are first tracked by our ticketing system and then if required, escalated to our technical team. All progress and feedback is managed through our ticket system and followed up until the issue is confirmed resolved by the client.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£5 to £45 per user per month
Discount for educational organisations
Free trial available
Description of free trial
We can offer a 'sandbox' version of the service containing dummy data should this be required for evaluation purposes. It will contain a single working instance of the system but won't include any customer data or bespoke functionality.

Service documents

Return to top ↑