Docuflow Ltd

Document Management, Content Management, Data Capture & Portals

infoRouter document and content management software is long established and is deployed globally with over 400,000 users it is easy to use with a collaborative document portal which connects information to individuals whether they work in words, pictures, audio, or video, infoRouter can manage any type of document or file.


  • Low Cost of Ownership
  • Web based remote access
  • Easy to Use and Maintain
  • Instant Deployment
  • Intranet Out-of-the-Box
  • Web services API - Open Architecture
  • Standards-based Technology
  • LDAP integration
  • Document Format independent
  • Meta Data Services


  • Notifications and Reporting
  • Version Control
  • Integrates with Microsoft Office
  • Works with documents, video, sound plus others
  • Link to 3rd party solutions
  • Look and user experience can easily changed
  • Publish folders to share content
  • Security and Access rights
  • Automate manual processes
  • Workflow and Approvals


£25.00 per licence per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

8 2 4 5 7 5 5 5 9 5 3 5 6 5 0


Docuflow Ltd

Chris Rowlands

0333 577 4900

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
InfoRouter will link to most 3rd party ERP , Finance Systems and applications a lot of organisations implement infoRouter to get further value from systems already in place.
Cloud deployment model
Public cloud
Service constraints
If there is planned maintenance you are informed we would discuss prior to going live any issues that highlighted but essentially infoRouter is an "out of the box" solution which as long as you go on-line you are able to access.
System requirements
  • Intel Xeon or better
  • 16 GB RAM (32 GB in high traffic environments)
  • 500 MB Application disk space
  • Virtual server environments are supported
  • SQL or Oracle Database
  • Physical or Virtual PC/Server
  • MS Web Server IIS7 or above

User support

Email or online ticketing support
Email or online ticketing
Support response times
Monday to Friday 9 - 5 normally within one hour
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
We tend to provide support via a product called team viewer if remote support is required, , this provide live chat, screen sharing, screen control as an option.
Web chat accessibility testing
We regularly use Teamviewer to support clients if problems can not be resolved on the phone.
Onsite support
Yes, at extra cost
Support levels
Telephone support is provided as part of the service, if application or development support is required this is charged at £125.00 ex vat per hour for an on-site technical engineer.
Support available to third parties

Onboarding and offboarding

Getting started
InfoRouter is a very intuitive product some customers just use the on-line training tools, there is a telephone help-desk and on-line training available via team viewer, we also provide chargeable training packs which are bespoke to the end user these can be a couple of hours or a couple of days depending on the requirement we would discuss at implementation the best option, essentially the training is bespoke and can be provided exactly to customer requirements
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
InfoRouter and InfoForms includes a data import /export module.
End-of-contract process
There are no costs at the end of the contract, unless you require us to do any exporting of data.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
All features are accessible we recommend a tablet sized screen.
Service interface
What users can and can't do using the API
Access to core infoRouter functionality pro-grammatically is provided via the included Web Services API. infoRouter exposes a series of Web Service Calls allowing a subset of functionality to be driven pro-grammatically from any language that can interface with a Microsoft .net Web service as exposed by infoRouter. The API is free to use and documented is available. In addition there is a simple MS visual studio project available to demonstrate a basic integration. Individual Service Calls information and a test facility are available directly from the infoRouter server.
Currently there are 185 Web Service calls available, and this number is growing steadily. They provide access to a number of core features and functions of infoRouter, such as metadata search, and result retrieval, document upload, and download (including multiple files as a zip), plus library, folder, and user creation.
API documentation
API documentation formats
  • HTML
  • PDF
  • Other
API sandbox or test environment
Customisation available
Description of customisation
Yes, buyers can customise the Service if they have the correct credentials/authorisation. The correct credentials/authorisation is given to the users by the designated Sysadmin User.

For instance the look and feel of the log on portal page can be changed, user views can be changed, types of documents to be viewed can be changed, workflows can be changed etc

With suitable access rights, users can customise the front end portal and their own folder structure, and also screen views can be customised. The authors can customise screens to customers’ requirements.


Independence of resources
If required you can have your instance of administrator license alternative if this not required we can manage on your behalf.


Service usage metrics
Metrics types
Audit trials are provided that provide various statistics such as user access to files, types of files accessed, etc
Reporting types
Reports on request


Supplier type
Reseller providing extra support
Organisation whose services are being resold
Extra Resources Ltd

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
Less than once a year
Penetration testing approach
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
InfoRouter includes a data import /export module.
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Secura’s hosted platform is Highly Available by design, they operate an N+N infrastructure so hardware is protected from outages by multiple power feeds and power supplies. They also own and manage a resilient dark-fibre ring network with dual vendor supply that spans our Data Centres. The platform is virtualised using VMware’s hypervisor technology and all VMs hosted on the platform are protected by VMware’s native High Availability which guarantees a maximum of 120s VM failover to a working host in the event of hardware failure. Along-side this Secura publish a Standard Availability VPC SLA of 99.99% per VM and customers are reimbursed (financially) in the event that services fall below this level.

For refunds the Service Credits accrued in any Month shall not in any event
exceed fifty per cent (50%) of the Total Monthly Service Charges
(“Service Credit Cap”). please see below link for a more detailed explanation of refunds and SLA's these are duplicated into our contracts.

SLA & Refunds

PDF Download -

Please see below document we use Secura as our cloud partner.

Approach to resilience
The site is situated away from the road in a secure location and environment, with no point of failure and fully accredited for security and against failure.

please see link more information can be provided or data centre visit can be arranged.

Outage reporting
Incidents including outages are communicated via this is updated. In the event of outages or network failure, along with the status page, emails are sent out via a Service Desk portal to all customers affected, explaining the issue and estimated resolution time – regular updates are sent out via the service desk to keep customers updated on progress.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Different users and groups have different levels of access and administration, which when they log in under their user name is automatically enforced.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Alcumus ISOQAR
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Processes not involved with hosting and manged services.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
Nettitude Ltd
PCI DSS accreditation date
What the PCI DSS doesn’t cover
Requirement 1 – Not Tested
Requirement 2 – Not Tested
Requirement 3 – Not Tested
Requirement 4 – Not Tested
Requirement 5 – Not Tested
Requirement 6 – Not Tested
Requirement 7 – Not Tested
Requirement 8 – Not Tested
Requirement 9 – Partial Tested. 9.5 and 9.9 Not Tested as ‘Entity provides physical environmental security’
Requirement 10 – Partial Tested. 10.1, 10.7 and 10.9 Not Tested as ‘Entity provides physical environmental security’
Requirement 11 – Not Tested
Requirement 12 – Partial Tested. 12.3 Not Tested as ‘Entity provides physical environmental security’. 12.11 Not Applicable as ‘Entity provides physical environmental security’
Appendix A1 – Not Applicable
Appendix A2 – Not Applicable
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
The objective of Information Security is to ensure business continuity and minimise business damage by preventing and minimising the impact of security incidents. In particular, information assets must be protected in order to ensure: 1. Confidentiality i.e. protection against unauthorised disclosure 2. Integrity i.e. protection against unauthorised or accidental modification 3. Availability as and when required in pursuance of the Organisation’s business objectives. To ensure that this objective is met the Organisation has implemented an Information Security Management System within which it has set a number of objectives which can be used to demonstrate Continual Improvement of this System.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Components consist of the Operating system, The Database and Web application.

Manual updates as and when required would be instigated.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Pen tests are run on a regular typically 4 times a year, and any threats that are detected are then dealt with immediately with the appropriate patch being released. An external consultancy is utilised for testing.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Once we are made aware of potential compromises, the authors of the software have procedures in place to facilitate the fixing of the issues.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are submitted to a central area where they are analysed and acted upon, all incidents are escalated as a process to the support and service so the most appropriate can be actioned.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£25.00 per licence per month
Discount for educational organisations
Free trial available
Description of free trial
We provide a full working trial licences with instruction of how to use
Development work is not including , normally it is for 14 days but can be extended.

Service documents

Return to top ↑