Equal Experts UK Limited

UX Forms

UXForms is an enterprise-ready cloud platform for webform development that brings user research to the heart of building web-forms. Real-time data helps identify how well forms, design patterns and questions perform, so the effectiveness of changes are measurable. UXForms is perfect for rapid deployment of Coronavirus (COVID-19) pandemic solutions

Features

• Government Digital Service (GDS) design patterns built-in
• Conditional and branching form logic
• Real-time analytics, data and dashboards of online behaviour
• Complex and programmable form and field validation
• Extensible and customisable builder via code
• Can be integrated with any web-facing system
• Fully internationalised and multilingual; supports UTF-8 throughout
• Fully testable form design under revision control
• Proven rapid development of Coronavirus (Covid-19) web solutions
• Optimise the forms and go live on your own domain

Benefits

• Publish online web forms quickly and easily
• Fully conform to GDS’s design and style guide
• Gather data on effectiveness of form questions
• Learn which design patterns confuse your users
• Learn which questions your users find difficult to answer
• Quickly adapt your form online in response to empirical data
• Prove complex form behaviour is correct via automated tests
• Demonstrate a data-driven response to user needs
• Multiple authors can work concurrently on the same on-line form
• Rapidly recreate forms in multiple languages via intuitive builder

£3,000 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document (pdf)
• Skills Framework for the Information Age rate card (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)
• Modern Slavery statement (pdf)

Framework

G-Cloud 12

Service ID

889367649556069

Contact

Equal Experts UK Limited

Louis Abel

+44 7968 157766

solutions@equalexperts.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Scala version 2.11 is required to compile form definitions
  • An internet connection is required to compile form definitions

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Official support hours are 9am to 5pm, Monday to Friday, within which we promise to respond to questions within 2 hours. ; We, of course, aim to respond as quickly as possible even outside these official support times.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: UX Forms' support is available independently on GCloud as UX Forms Consultancy. It provides experienced consultants who can help with all aspects of delivering great forms with UX Forms, whether that's to build and test complex digital forms more quickly than ever before, build integrations between UX Forms and your existing services and APIs or even integrate UX Forms with your internal revision control and build pipelines. Support is charged in accordance with our SFIA Rate Card.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: User documentation is provided.; Additionally customers may take advantage of UX Forms' support services to help them become experts in using UX Forms, quickly and efficiently.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The definition of each form is created by the customer, so does not require extraction.; End user's answers of completed forms are automatically deleted from UX Forms' platform once they are sent to the client's systems, so no extraction upon the end of the contract is required.; End user's answers of partially completed forms can be provided upon request.
• End-of-contract process: Access to UX Forms' services is terminated, and any forms and themes deployed by the customer are un-deployed and taken offline.; ; End users' answers to incomplete forms will be automatically deleted after the retention period configured by the customer.; ; There are no additional costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None. All features accessible via the desktop web interfaces are accessible via the mobile web interface.
• Service interface: Yes
• Description of service interface: Forms can be deployed and un-deployed through the interface, form author accounts can be managed, and users can view the extensive dashboard statistics provided for each form.
• Accessibility standards: None or don’t know
• Description of accessibility: Although UX Forms' interface does not meet any formal standard, it has been written with accessibility in mind. It uses semantic html on all pages, as well as degrading gracefully without javascript. A large number of WCAG 2.0's requirements are fulfilled although we have not formally assessed whether we meet all its criteria.
• Accessibility testing: No formal testing
• API: Yes
• What users can and can't do using the API: Every regular action that is possible through the web interface is possible via UX Forms' APIs. Forms can be uploaded and deleted, as can themes. Only user management is restricted for use only via the web interface.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Forms deployed to UX Forms can be customised in almost every conceivable way. ; The entire html, css and javascript payload is fully customisable. GDS's GOV.UK elements are provided out of the box and these can be extended and customised to deliver any user interface required.; Validation can be fully customised and it can even integrate with bespoke external systems to verify the user's answers.; Integrations can be written to connect to external, bespoke, systems at multiple points during a form instance's lifecycle, including submitting the completed form's answers back to the customer's own systems.

Scaling

• Independence of resources: By leveraging our cloud provider's infrastructure, along with selected open source technologies to keep forms separate from each other, even within the same organisation.

Analytics

• Service usage metrics: Yes
• Metrics types: The UX Forms dashboard provides detailed data on every aspect of your forms. Track mean completion time, user errors and more to prioritise revisions and hone performance until every field is perfect.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: UX Forms provides extensive customisation so end user's questions can be submitted to the customer's services as soon as they finish filling in a form. End user data is automatically deleted from UX Forms' service once it has been transmitted to the customer's systems.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • XML
  • JSON
  • A custom format unique to the customer
  • Any format that can be written by software
• Data import formats: Other
• Other data import formats: UX Forms does not currently support uploading form data

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: As UX Forms is fully customisable, even the way data is protected between the UX Forms' and the buyer's network is customisable. If required, specific connection mechanisms can be implemented with help from UX Forms.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Environments are segregated in to independent Virtual Public Clouds and, within each, services are deployed in to independent subnets.

Availability and resilience

• Guaranteed availability: UX Forms will guarantee at least 99.95% uptime during any month.
• Approach to resilience: This information is available upon request.
• Outage reporting: Via email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Only individual, named, users can perform management actions within UX Forms. Actions available to users are controlled via role-based access which, in turn, is managed through UX Forms' dashboard.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: Management can also be performed via APIs, which are authenticated via API keys.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institute
• ISO/IEC 27001 accreditation date: May 8th 2017
• What the ISO/IEC 27001 doesn’t cover: Our Statement of Applicability is available upon request
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The Managing Director is accountable for ensuring that appropriate security and compliance controls are identified, implemented and maintained. The Managing Director ensures that: ; Risks are managed and reduced in an informed manner;; All applicable legal and regulatory requirements have been identified and that compliance is maintained;; Appropriate resources are provided to implement and maintain the information security management system (ISMS);; All staff sign the information security agreement prior to joining and receive awareness training of all policies during induction, including the consequences of non-compliance.; ; Our information security policy set is aligned to ISO27001:2013. The Information Security Policy is available upon request.; ; UX Forms will ensure that:; Information is protected against unauthorised access;; Confidentiality of information is assured;; Integrity of information is maintained;; Regulatory and legislative requirements are met;; Business continuity plans are produced, maintained and tested as appropriate;; Third parties engaged in the support of UX Forms are required to comply with this Policy to support both UX Forms and our clients’ requirements;; Information security requirements are aligned with organisational strategies and objectives in support of both UX Forms and our clients’ expectations;; Information security is managed and continuously improved through a defined ISMS

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: UX Forms runs a fully documented change management process, certified against ISO/IEC 27001:2013, which is actively reviewed and managed.; ; All components, including their infrastructure, networking and configuration, are under revision control. They are built, tested and versioned before being deployed through a continuous integration build pipeline.; ; Every prospective change to every component is assessed by a technical lead, which includes its potential security impact. All components are regularly reviewed against OWASP's secure coding practices.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: UX Forms regularly checks all of its libraries and dependencies against NIST's National Vulnerability Database and uses an ISO27001:2013 risk-based methodology to assess all threats.; ; Patches and software updates are treated no differently than any other change to UX Forms' platform and can be deployed via its continuous integration pipeline in minutes.; ; Information regarding potential threats and security alerts come from a number of sources, including UX Forms' hosting provider and a range of technical news platforms.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: UX Forms has a defined information security incident policy.; Comprehensive logging of all components is gathered in real time and is analysed to identify potential compromises.; Once an incident has been raised, a thorough investigation is immediately begun to understand its scope and severity. If there is reason to suspect the incident affects Personally Identifiable Information, then UX Forms' Data Protection Officer is informed and appropriate steps taken.; A detailed post-incident review is performed after every incident and its findings analysed to improve UX Forms' processes and practices.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: UX Forms has a defined information security incident policy which sets out how incidents will be reported, managed, tracked and reviewed.; ; Incidents can be reported by anyone to support@uxforms.com.; ; UX Forms' incident response capability is not restricted to official support hours.; ; Full details of an incident affecting a customer will be shared confidentially with that customer.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £3,000 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The free trial grants full access to a non-production instance of UX Forms for 30 days. Any number of form authors, forms and submissions can be deployed, with the sole proviso that they are not for production use.; ; This trial can be extended at UX Forms' discretion.
• Link to free trial: https://forms.aiken.uxforms.com/signup

Service documents

• Pricing document (pdf)
• Skills Framework for the Information Age rate card (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)
• Modern Slavery statement (pdf)