Equal Experts UK Limited

UX Forms

UXForms is an enterprise-ready cloud platform for webform development that brings user research to the heart of building web-forms. Real-time data helps identify how well forms, design patterns and questions perform, so the effectiveness of changes are measurable. UXForms is perfect for rapid deployment of Coronavirus (COVID-19) pandemic solutions


  • Government Digital Service (GDS) design patterns built-in
  • Conditional and branching form logic
  • Real-time analytics, data and dashboards of online behaviour
  • Complex and programmable form and field validation
  • Extensible and customisable builder via code
  • Can be integrated with any web-facing system
  • Fully internationalised and multilingual; supports UTF-8 throughout
  • Fully testable form design under revision control
  • Proven rapid development of Coronavirus (Covid-19) web solutions
  • Optimise the forms and go live on your own domain


  • Publish online web forms quickly and easily
  • Fully conform to GDS’s design and style guide
  • Gather data on effectiveness of form questions
  • Learn which design patterns confuse your users
  • Learn which questions your users find difficult to answer
  • Quickly adapt your form online in response to empirical data
  • Prove complex form behaviour is correct via automated tests
  • Demonstrate a data-driven response to user needs
  • Multiple authors can work concurrently on the same on-line form
  • Rapidly recreate forms in multiple languages via intuitive builder


£3,000 a licence a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@equalexperts.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

8 8 9 3 6 7 6 4 9 5 5 6 0 6 9


Equal Experts UK Limited Louis Abel
Telephone: +44 7968 157766
Email: solutions@equalexperts.com

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Scala version 2.11 is required to compile form definitions
  • An internet connection is required to compile form definitions

User support

Email or online ticketing support
Email or online ticketing
Support response times
Official support hours are 9am to 5pm, Monday to Friday, within which we promise to respond to questions within 2 hours.
We, of course, aim to respond as quickly as possible even outside these official support times.
User can manage status and priority of support tickets
Phone support
Web chat support
Onsite support
Yes, at extra cost
Support levels
UX Forms' support is available independently on GCloud as UX Forms Consultancy. It provides experienced consultants who can help with all aspects of delivering great forms with UX Forms, whether that's to build and test complex digital forms more quickly than ever before, build integrations between UX Forms and your existing services and APIs or even integrate UX Forms with your internal revision control and build pipelines. Support is charged in accordance with our SFIA Rate Card.
Support available to third parties

Onboarding and offboarding

Getting started
User documentation is provided.
Additionally customers may take advantage of UX Forms' support services to help them become experts in using UX Forms, quickly and efficiently.
Service documentation
Documentation formats
End-of-contract data extraction
The definition of each form is created by the customer, so does not require extraction.
End user's answers of completed forms are automatically deleted from UX Forms' platform once they are sent to the client's systems, so no extraction upon the end of the contract is required.
End user's answers of partially completed forms can be provided upon request.
End-of-contract process
Access to UX Forms' services is terminated, and any forms and themes deployed by the customer are un-deployed and taken offline.

End users' answers to incomplete forms will be automatically deleted after the retention period configured by the customer.

There are no additional costs.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
None. All features accessible via the desktop web interfaces are accessible via the mobile web interface.
Service interface
Description of service interface
Forms can be deployed and un-deployed through the interface, form author accounts can be managed, and users can view the extensive dashboard statistics provided for each form.
Accessibility standards
None or don’t know
Description of accessibility
Although UX Forms' interface does not meet any formal standard, it has been written with accessibility in mind. It uses semantic html on all pages, as well as degrading gracefully without javascript. A large number of WCAG 2.0's requirements are fulfilled although we have not formally assessed whether we meet all its criteria.
Accessibility testing
No formal testing
What users can and can't do using the API
Every regular action that is possible through the web interface is possible via UX Forms' APIs. Forms can be uploaded and deleted, as can themes. Only user management is restricted for use only via the web interface.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Forms deployed to UX Forms can be customised in almost every conceivable way.
The entire html, css and javascript payload is fully customisable. GDS's GOV.UK elements are provided out of the box and these can be extended and customised to deliver any user interface required.
Validation can be fully customised and it can even integrate with bespoke external systems to verify the user's answers.
Integrations can be written to connect to external, bespoke, systems at multiple points during a form instance's lifecycle, including submitting the completed form's answers back to the customer's own systems.


Independence of resources
By leveraging our cloud provider's infrastructure, along with selected open source technologies to keep forms separate from each other, even within the same organisation.


Service usage metrics
Metrics types
The UX Forms dashboard provides detailed data on every aspect of your forms. Track mean completion time, user errors and more to prioritise revisions and hone performance until every field is perfect.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
UX Forms provides extensive customisation so end user's questions can be submitted to the customer's services as soon as they finish filling in a form. End user data is automatically deleted from UX Forms' service once it has been transmitted to the customer's systems.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • XML
  • JSON
  • A custom format unique to the customer
  • Any format that can be written by software
Data import formats
Other data import formats
UX Forms does not currently support uploading form data

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
As UX Forms is fully customisable, even the way data is protected between the UX Forms' and the buyer's network is customisable. If required, specific connection mechanisms can be implemented with help from UX Forms.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Environments are segregated in to independent Virtual Public Clouds and, within each, services are deployed in to independent subnets.

Availability and resilience

Guaranteed availability
UX Forms will guarantee at least 99.95% uptime during any month.
Approach to resilience
This information is available upon request.
Outage reporting
Via email alerts.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Only individual, named, users can perform management actions within UX Forms. Actions available to users are controlled via role-based access which, in turn, is managed through UX Forms' dashboard.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Username or password
  • Other
Description of management access authentication
Management can also be performed via APIs, which are authenticated via API keys.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Standards Institute
ISO/IEC 27001 accreditation date
May 8th 2017
What the ISO/IEC 27001 doesn’t cover
Our Statement of Applicability is available upon request
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
The Managing Director is accountable for ensuring that appropriate security and compliance controls are identified, implemented and maintained. The Managing Director ensures that:
Risks are managed and reduced in an informed manner;
All applicable legal and regulatory requirements have been identified and that compliance is maintained;
Appropriate resources are provided to implement and maintain the information security management system (ISMS);
All staff sign the information security agreement prior to joining and receive awareness training of all policies during induction, including the consequences of non-compliance.

Our information security policy set is aligned to ISO27001:2013. The Information Security Policy is available upon request.

UX Forms will ensure that:
Information is protected against unauthorised access;
Confidentiality of information is assured;
Integrity of information is maintained;
Regulatory and legislative requirements are met;
Business continuity plans are produced, maintained and tested as appropriate;
Third parties engaged in the support of UX Forms are required to comply with this Policy to support both UX Forms and our clients’ requirements;
Information security requirements are aligned with organisational strategies and objectives in support of both UX Forms and our clients’ expectations;
Information security is managed and continuously improved through a defined ISMS;

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
UX Forms runs a fully documented change management process, certified against ISO/IEC 27001:2013, which is actively reviewed and managed.

All components, including their infrastructure, networking and configuration, are under revision control. They are built, tested and versioned before being deployed through a continuous integration build pipeline.

Every prospective change to every component is assessed by a technical lead, which includes its potential security impact. All components are regularly reviewed against OWASP's secure coding practices.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
UX Forms regularly checks all of its libraries and dependencies against NIST's National Vulnerability Database and uses an ISO27001:2013 risk-based methodology to assess all threats.

Patches and software updates are treated no differently than any other change to UX Forms' platform and can be deployed via its continuous integration pipeline in minutes.

Information regarding potential threats and security alerts come from a number of sources, including UX Forms' hosting provider and a range of technical news platforms.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
UX Forms has a defined information security incident policy.
Comprehensive logging of all components is gathered in real time and is analysed to identify potential compromises.
Once an incident has been raised, a thorough investigation is immediately begun to understand its scope and severity. If there is reason to suspect the incident affects Personally Identifiable Information, then UX Forms' Data Protection Officer is informed and appropriate steps taken.
A detailed post-incident review is performed after every incident and its findings analysed to improve UX Forms' processes and practices.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
UX Forms has a defined information security incident policy which sets out how incidents will be reported, managed, tracked and reviewed.

Incidents can be reported by anyone to support@uxforms.com.

UX Forms' incident response capability is not restricted to official support hours.

Full details of an incident affecting a customer will be shared confidentially with that customer.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£3,000 a licence a month
Discount for educational organisations
Free trial available
Description of free trial
The free trial grants full access to a non-production instance of UX Forms for 30 days. Any number of form authors, forms and submissions can be deployed, with the sole proviso that they are not for production use.

This trial can be extended at UX Forms' discretion.
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@equalexperts.com. Tell them what format you need. It will help if you say what assistive technology you use.