FastDraft Contract and Project Management System
FastDraft is our easy to use Construction Contract management platform (NEC3, NEC4, JCT, FIDIC), enabling project teams to consistently draft and manage contract notices, monitor project performance and outcomes; increasing your teams productivity and compliance.
- Simple, intuitive, out the box web based contract management tool
- Covering change control, payments, defects, certificates, notices and general communications
- Single communal platform for contract administration and project reporting
- An audit trail for all contract communications
- Consolidated contract management reporting which can be produced on demand
- Integrated system containing your workflow, guidance, reporting and contract forms
- Automated benchmarking of your performance against external KPIs
- Support NEC3, NEC4, JCT, FIDIC contracts and bespoke forms/notices
- Extensive library of documents, developed by industry practitioners
- Roles and responsibilities controls to allow whole team to contribute
- Efficienct semi-automated system, reporting and completing contract management forms
- Reinforce better practice, includes strict timetables and processes from NEC/JCT/FIDIC
- Increased transparency as the project team quickly flag issues earlier
- Improved management Information, consistent claims reporting, across your project portfolio
- Provides single enterprise approach reducing the burden your project teams
- Captures causes of claims and allows performance across the system
- Reduced administration and reporting time and costs
- Automatically flag tasks and warnings in line with appropriate timetables
- Tailored solutions, with corporate logos, colour schemes and custom rules
- 100% managed service, updates, backup and monitoring
£5 to £45 per user per month
- Education pricing available
- Free trial available
7 6 3 9 0 1 0 6 5 7 1 9 7 3 8
Built Intelligence Ltd
0117 214 0890
|Software add-on or extension||No|
|Cloud deployment model||
All non-critical software updates occur outside normal office hours, usually between 9pm and 12am, all users will be warned on login about any impending updates. Critical maintenance may happen during office hours but this will happen if there is a functional issue with the system to all users.
Online support is available via help pages, FAQ sections and training information.
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Support is email based and within UK office hours 8:30am to 5:30pm.
We aim to respond within 1 working hour.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Yes, at an extra cost|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||WCAG 2.1 AA or EN 301 549|
|Web chat accessibility testing||We have not currently carried out any testing of assistive technology solutions with our web chat system but are waiting for confirmation from our supplier that this has been carried out.|
|Onsite support||Yes, at extra cost|
|Support levels||We provide telephone and email support free of charge to all our customers, on-site support requirements are negotiated on a per customer basis and charged at our standard day rate.|
|Support available to third parties||Yes|
Onboarding and offboarding
We provide onsite training to key users and because of the intuitive nature of the software with regards the contract, its simple to pick up by anyone with even a beginners knowledge of NEC3 or contract management.
An ever growing FAQ section and online training portal, allows users to quickly answer any basic questions, more complicated ones can be submitted to the dedicated support team, whether that be software related or contract governance related.
|End-of-contract data extraction||
All individual reports and registers can be downloaded by users in Excel, CSV and PDF format at any point.
Upon request a full download of all communications can be sent to any superuser within 2 working days. A feature to do this by any superuser is currently under development.
|End-of-contract process||A full download of the contract communications, all registers and all reports can be provided within 2 working days upon request at no additional charge.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The system is responsive so all items are available on mobile and tablets, but for optimal user experience, its recommended to use on a desktop.|
|Description of service interface||We provide WEBAPI 2.0 RESTful web services authenticated using OWIN Auth 2.0 authentication via secure HTTPS protocols hosted on the Microsoft Azure global cloud infrastructure. The API services allow any authenticated device (mobile, web, desktop etc.) to securely connect to the platform and interact with the platforms feature sets. The platform provides responses through JSON text ensuring minimal bandwidth usage, clear readability of the data transferred and greater support for connecting clients.|
|Accessibility standards||None or don’t know|
|Description of accessibility||Our development team are currently working on a WCAG 2.0 A compliant version to help make the software as accessible to as many users as possible.|
|Accessibility testing||We have currently not done any interface testing with users of assistive technology.|
|What users can and can't do using the API||
We provide WEBAPI 2.0 RESTful web services authenticated using OWIN Auth 2.0 authentication via secure HTTPS protocols hosted on the Microsoft Azure global cloud infrastructure. The API services allow any authenticated device (mobile, web, desktop etc.) to securely connect to the platform and interact with the platforms feature sets. The platform provides responses through JSON text ensuring minimal bandwidth usage, clear readability of the data transferred and greater support for connecting clients.
The platform utilizes the Microsoft Azure infrastructure to ensure security of the platform along with load balancing, autoscaling, backups, disaster recovery and automated management to provide a reliable, stable and high performing application.
By utilizing the rich feature sets of the cloud infrastructure we are able to gain detailed insight into the performance of the platform and ensure access to the application and its services continue uninterrupted.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
For all clients, bespoke customisation and development is available to allow the system to specifically work in the way that they require. We can advise from an expertise point of view about whether any changes are in breach of the contract guidelines.
Superuser management is currently under development to allow users to manage their users and contract status, however all these items can currently be amended/rectified through our support system.
|Independence of resources||Using a hybrid cloud platform like Microsoft Azure, we're able to give individual contract environments their own processing power which are seemlessly increased to the requirements needed by their users.|
|Service usage metrics||Yes|
There is a realtime dashboard of all the key usage metrics that can be tailored to the user level and requirements.
All registers can be downloaded in order for users to create their own reports.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with SSAE-16 / ISAE 3402|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||All reports, registers and communications can be downloaded from the software at any point.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||XLS|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
We contractually guarantee 99.5% availability apart from for scheduled maintenance downtime which are carried out outside normal working hours.
Any failures to meet this level of availability will result in service credits awarded to to the customer.
|Approach to resilience||
Microsoft's Azure datacentres availability was engineered to meet the highest common denominator – mission critical support for intranet, extranet, and online services. Typical of the state of- the-art facility designs at the time, these facilities were fault tolerant, concurrently maintainable and populated with scale-up servers housing redundant power supplies and myriad hot-swappable components.
All data is colocated across centres throughout EEA.
We have a 3rd party monitoring service in place on top of the standard monitoring offered by our cloud hosting supplier. It provides a dashboard, API and alerts via SMS and email.
Clients will be made aware of any unplanned outages via email alerts, within one working hour (Mon-Fri, 9am to 5pm). Any planned maintenance will be alerted to users via their dashboard no later than 24 hours before the scheduled start.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Access to management interfaces and support channels is made available to authorised internal personnel, authorised hosting provider support teams and authorised database administrators have access to any data.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||We take information security very seriously and understand how important it is to our clients. Our choice of infrastructure and software tools reflect this. We are accredited under the Cyber Essentials Scheme (http://www.cyberessentials.org).|
|Information security policies and processes||We are implementing GDPR best practice and training staff to ensure compliance.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
As we seek ISO9001 Quality Management System Certification, all of our code and development is managed using a version control repository hosting service and changes are tracked via a ticketing system where we prioritise and manage tickets.
Any updates to the production environment are tested prior to deployment to live using a dedicated test environment.
All hosting environments include incremental backups which supports both short term and long term roll back of the code and database. Along with Microsoft Azure, we manage all infrastructure and Azure automatically deploy software updates and security patches in accordance with our defined release schedule.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Our penetration testing partner is CIS SecureSuite approved and provide services specialising in offering the strongest endpoint protection platform against hacking and industrial espionage.
We monitor all 3rd party vendors of each of the system components for the latest software updates and security patches.
Our cloud hosting provider Microsoft Azure, offers security monitoring of infrastructure and application behaviour as standard. All account credentials are managed via an encrypted system access to which is limited to the appropriate staff.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
On top of the standard monitoring services offered buy our cloud hosting provider we also include a 3rd party monitoring service which reports on system level issues and events.
We also employ a distributed network availability monitoring tool which providers alerts on the availability of the various services from multiple locations across the internet.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Our procedures for Incident Management are aimed to be in line with QMS ISO 9001 as we seek certification.
Any incidents are first tracked by our ticketing system and then if required, escalated to our technical team. All progress and feedback is managed through our ticket system and followed up until the issue is confirmed resolved by the client.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£5 to £45 per user per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||We can offer a 'sandbox' version of the service containing dummy data should this be required for evaluation purposes. It will contain a single working instance of the system but won't include any customer data or bespoke functionality.|