Equal Experts UK Limited

UX Forms

Equal Experts’ UX Forms is a customisable and programmable online web form builder that brings user research into the heart of building web forms. Real-time data helps identify forms, design patterns and questions that perform well, and not so well, so the effectiveness of form changes are measurable.

Features

  • Government Digital Service (GDS) design patterns built-in
  • Conditional and branching form logic
  • Real-time analytics, data and dashboards of online behaviour
  • Complex and programmable form and field validation
  • Extensible and customisable builder via code
  • Can be integrated with any web-facing system
  • Fully internationalised and multilingual; supports UTF-8 throughout
  • Fully testable form design under revision control
  • Create your own library of design, UI styles and patterns
  • Optimise the forms and go live on your own domain

Benefits

  • Publish online web forms quickly and easily
  • Fully conform to GDS’s design and style guide
  • Gather data on effectiveness of form questions
  • Learn which design patterns confuse your users
  • Learn which questions your users find difficult to answer
  • Quickly adapt your form online in response to empirical data
  • Prove complex form behaviour is correct via automated tests
  • Demonstrate a data-driven response to user needs
  • Multiple authors can work concurrently on the same on-line form
  • Rapidly recreate forms in multiple languages via intuitive builder

Pricing

£150 per licence per month

Service documents

G-Cloud 9

764380275604724

Equal Experts UK Limited

Louis Abel

+44 7968 157766

solutions@equalexperts.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements
  • Scala version 2.11 is required to compile form definitions
  • An internet connection is required to compile form definitions

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Official support hours are 9am to 5pm, Monday to Friday, within which we promise to respond to questions within 2 hours.
We, of course, aim to respond as quickly as possible even outside these official support times.
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels UX Forms' support is available independently on GCloud. It provides experienced consultants who can help with all aspects of delivering great forms with UX Forms, whether that's to build and test complex digital forms more quickly than ever before, build integrations between UX Forms and your existing services and APIs or even integrate UX Forms with your internal revision control and build pipelines.
Support costs from £1,000 per person per day, excluding VAT.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started User documentation is provided.
Additionally customers may take advantage of UX Forms' support services to help them become experts in using UX Forms, quickly and efficiently.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction The definition of each form is created by the customer, so does not require extraction.
End user's answers of completed forms are automatically deleted from UX Forms' platform once they are sent to the client's systems, so no extraction upon the end of the contract is required.
End user's answers of partially completed forms can be provided upon request.
End-of-contract process Access to UX Forms' services is terminated, and any forms and themes deployed by the customer are un-deployed and taken offline.

End users' answers to incomplete forms will be automatically deleted after the retention period configured by the customer.

There are no additional costs.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None. All features accessible via the desktop web interfaces are accessible via the mobile web interface.
Accessibility standards None or don’t know
Description of accessibility Although UX Forms' interface does not meet any formal standard, it has been written with accessibility in mind. It uses semantic html on all pages, as well as degrading gracefully without javascript. A large number of WCAG 2.0's requirements are fulfilled although we have not formally assessed whether we meet all its criteria.
Accessibility testing None.
API Yes
What users can and can't do using the API Every regular action that is possible through the web interface is possible via UX Forms' APIs. Forms can be uploaded and deleted, as can themes. Only user management is restricted for use only via the web interface.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Forms deployed to UX Forms can be customised in almost every conceivable way.
The entire html, css and javascript payload is fully customisable. GDS's GOV.UK elements are provided out of the box and these can be extended and customised to deliver any user interface required.
Validation can be fully customised and it can even integrate with bespoke external systems to verify the user's answers.
Integrations can be written to connect to external, bespoke, systems at multiple points during a form instance's lifecycle, including submitting the completed form's answers back to the customer's own systems.

Scaling

Scaling
Independence of resources By leveraging our cloud provider's infrastructure, along with selected open source technologies to keep forms separate from each other, even within the same organisation.

Analytics

Analytics
Service usage metrics Yes
Metrics types The UX Forms dashboard provides detailed data on every aspect of your forms. Track mean completion time, user errors and more to prioritise revisions and hone performance until every field is perfect.
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach UX Forms provides extensive customisation so end user's questions can be submitted to the customer's services as soon as they finish filling in a form. End user data is automatically deleted from UX Forms' service once it has been transmitted to the customer's systems.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • XML
  • JSON
  • A custom format unique to the customer
  • Any format that can be written by software
Data import formats Other
Other data import formats UX Forms does not currently support uploading form data

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks As UX Forms is fully customisable, even the way data is protected between the UX Forms' and the buyer's network is customisable. If required, specific connection mechanisms can be implemented with help from UX Forms.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Environments are segregated in to independent Virtual Public Clouds and, within each, services are deployed in to independent subnets.

Availability and resilience

Availability and resilience
Guaranteed availability UX Forms will guarantee at least 99.95% uptime during any month.
Approach to resilience This information is available upon request.
Outage reporting Via email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Only individual, named, users can perform management actions within UX Forms. Actions available to users are controlled via role-based access which, in turn, is managed through UX Forms' dashboard.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Standards Institute
ISO/IEC 27001 accreditation date May 8th 2017
What the ISO/IEC 27001 doesn’t cover Our Statement of Applicability is available upon request
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach UX Forms operates an Information Security Management System which complies with the requirements of ISO/IEC 27001:2013 for the provision of software solutions and related deliverables and services, as certified by the British Standards Institute.
Information security policies and processes The Managing Director is accountable for ensuring that appropriate security and compliance controls are identified, implemented and maintained. The Managing Director ensures that:
Risks are managed and reduced in an informed manner;
All applicable legal and regulatory requirements have been identified and that compliance is maintained;
Appropriate resources are provided to implement and maintain the information security management system (ISMS);
All staff sign the information security agreement prior to joining and receive awareness training of all policies during induction, including the consequences of non-compliance.

Our information security policy set is aligned to ISO27001:2013. The Information Security Policy is available upon request.

UX Forms will ensure that:
Information is protected against unauthorised access;
Confidentiality of information is assured;
Integrity of information is maintained;
Regulatory and legislative requirements are met;
Business continuity plans are produced, maintained and tested as appropriate;
Third parties engaged in the support of UX Forms are required to comply with this Policy to support both UX Forms and our clients’ requirements;
Information security requirements are aligned with organisational strategies and objectives in support of both UX Forms and our clients’ expectations;
Information security is managed and continuously improved through a defined ISMS;

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach UX Forms runs a fully documented change management process, certified against ISO/IEC 27001:2013, which is actively reviewed and managed.

All components, including their infrastructure, networking and configuration, are under revision control. They are built, tested and versioned before being deployed through a continuous integration build pipeline.

Every prospective change to every component is assessed by a technical lead, which includes its potential security impact. All components are regularly reviewed against OWASP's secure coding practices.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach UX Forms regularly checks all of its libraries and dependencies against NIST's National Vulnerability Database and uses an ISO27001:2013 risk-based methodology to assess all threats.

Patches and software updates are treated no differently than any other change to UX Forms' platform and can be deployed via its continuous integration pipeline in minutes.

Information regarding potential threats and security alerts come from a number of sources, including UX Forms' hosting provider and a range of technical news platforms.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach UX Forms has a defined information security incident policy.
Comprehensive logging of all components is gathered in real time and is analysed to identify potential compromises.
Once an incident has been raised, a thorough investigation is immediately begun to understand its scope and severity. If there is reason to suspect the incident affects Personally Identifiable Information, then UX Forms' Data Protection Officer is informed and appropriate steps taken.
A detailed post-incident review is performed after every incident and its findings analysed to improve UX Forms' processes and practices.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach UX Forms has a defined information security incident policy which sets out how incidents will be reported, managed, tracked and reviewed.

Incidents can be reported by anyone to support@uxforms.com.

UX Forms' incident response capability is not restricted to official support hours.

Full details of an incident affecting a customer will be shared confidentially with that customer.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £150 per licence per month
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑