zsahForms data collection and visualisation
ZsahForms is a dynamic configurable data capture and collection software tool that allows you to build workflows and global configurations, which can be used in a variety of situations to collect and visualise data
Features
- Completely customisable eform/data collection development and deployment to users
- Question logic (triggering, logic, calculated fields)
- Multiple workflow capability (multiple organisations/users) contributing to same collection
- Web services API (import/export and data upload facility (batch upload)
- Pre-designed bank of eforms/data collections (audit, case/incident management)
- Messaging facility built-in, and case sharing capability (different organisations)
- Built-in dashboards, reports and analytical tools (custom reports available separately)
- Clinical workflows, clinical research, clinical trial data collection, infections
- Rapid "build-test-deploy" modular electronic data collection design
- Web-based software (government cloud, commercial cloud (Azure, AWS), on premises)
Benefits
- Rapid data collection configuration and deployment across any topic/workflow
- Automated data dictionary creation during data collection configuration
- Intuitive system administration, role creation and user management functions
- Multi-format, coded data extracts mapped to security model (configurable)
- Case management (integrated metadata from different disciplines in one space)
- Accelerate digital transformation and speed up data collection methods
- Reduced administrative load on data analysis and reporting staff
- Produces cost savings for organisation (many data collections/single platform)
- Multiple uses (esurveys, questionnaires, feedback, training, case management, research)
- Messaging facility built-in, and case sharing capability (different organisations)
Pricing
£13,250 an instance
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at sales@zsah.net.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 11
Service ID
8 9 2 3 5 4 1 7 5 0 9 4 4 2 0
Contact
zsah Limited
David Kennedy
Telephone: 020 7060 6032
Email: sales@zsah.net
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Can be integrated with parent electronic patient record (EPR), case management system, clinical trial software, lab software
- Cloud deployment model
-
- Private cloud
- Hybrid cloud
- Service constraints
- There are no service constraints ; we will work with customers on all planned projects and specific configurations if required.
- System requirements
-
- ZsahForms requires internet access to receive installation and upgrades
- There are no licencing dependencies for the solution
- There are no specific operating system requirements
- Web browser for end-users
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- During normal hours of service, which are Monday to friday, 8am - 6pm, contacts are answered within 20 seconds, with initial response to issues within 15 minutes. Service levels can though be varied and agreed for individual contracts.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 A
- Web chat accessibility testing
- In progress
- Onsite support
- Yes, at extra cost
- Support levels
-
We provide three basic levels of support, as follows:
Bronze - email support
Silver - email + phone + webchat
Gold - email + phone + webchat
Each level can be modified to provide different levels of response times and hours of operation, from basic Monday to Friday, 9am to 5pm, up to full 24/7 support if required.
Each client will be assigned a technical account manager / service manager. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- When ZsahForms is deployed, the configuration of the platform is designed to be simple and intiutive (create ZsahForms, target to users and organisations, deploy, collect data and report). Onsite and remote training is available at an extra cost and there is a comprehensive knowledge base and FAQ section to help administrators and users.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- End-of-contract data extraction
-
Data is extractable from the front end and back end of the system, to the customer, and de-commissioning and offboarding processes will ensure final and complete data extraction is fully complete.
As an example zsahForms has been deployed for multiple clients in the medical field, where patient and clinical data confidentiality is critical. Data security and integrity is therefore at the core of ZsahForms services, including the ability to extract data at the end of a contract. - End-of-contract process
- The user is able to extract their own data at any point, so there is no requriement for any additional action at the end of the contract. If necessary we can assist with a data export and provide a file before removing access to the system.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The mobile service differs as follows: ZsahForms configuration is done on the desktop version, and mobile app version allows for data collection. A subset of reports is available on the mobile version (full reports and dashboards available on desktop version).
- Service interface
- No
- API
- Yes
- What users can and can't do using the API
-
All data (limited by customer and data collection) from ZsahForms are available via our API.
ZsahForms runs a RESTful API service which can respond with either JSON or XML content type, and configurations are automatically altered once ZsahForms changes are made at the data collection level. - API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- System administrators can manage user access to ensure only the right information is visible to the right people. Scopes allow restriction and control of features/data down to an individual user level.
Scaling
- Independence of resources
- ZsahForms was built with scale in mind, utilising the microservices architecture. Scalability within the banded subscription pricing models is easily achieved and can be extended by agreement if necessary.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
There are a wide variety of analytical data available on system usage and metrics, including:
- User level insert/update/delete/view audit trail
- System pinging, uptime
- Server usage statistics
- Node stats
- Service availability
- Cluster health
- Real-time notifications of downtime
- Application logging
- API audit log - Reporting types
-
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Users can export their data via multiple means on the system - through reports in multiple formats (PDF, Excel, text file) as well as a line list (pipe delimited) using the line list report, for all fields built into the data collection (limited by the security model).
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- Excel
- Text
- JSON
- XML
- HL7
- EDI
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- Text
- Excel
- JSON
- XML
- HL7
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Data protection within supplier network
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
The zsahForms service guarantees 99.9% availability.
In the event that ZsahForms does not meet availability levels, service credits are provided. - Approach to resilience
-
Through the use of multiple technology layers, including data centres separated by a minimum of 60 miles. Service is based on a redundant cluster configuration so is always on.
Our hosting services are delivered from highly resilient and secure UK Data Centre facilities located in London and Manchester. We own everything else outright from the racks to switches, servers and storage. Our "gridz" platform is an enterprise cloud platform that we can lift and put anywhere into any data centre environment.
Resilience all depends on the clients requirements. Generally, there is redundant hardware such as servers, switches, clustering for hardware servers, automatic failover for VM's, High Availability, vMotion. Further details available on request. - Outage reporting
- Outages are reported to customers via dashboard, email, phone and twitter.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
- Access restrictions in management interfaces and support channels
- Only authorised users can access management interfaces and support channels using strong passwords via SSL. Access details restricted and stored in an encrypted password application. Only authorised users have access to that application.
- Access restriction testing frequency
- At least once a year
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Exova BM Trada
- ISO/IEC 27001 accreditation date
- 31/07/2017
- What the ISO/IEC 27001 doesn’t cover
- All relevant aspects of the service are covered.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
- Cyber Essentials
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- Cyber Essentials
- Information security policies and processes
-
ZsahForms follows HMG requirements in having named appointees in the positions of Senior Information Risk Owner (SIRO), Departmental Security Officer (DSO) and Information Technology Security Officer (ITSO).
ZsahForms also requires that all customers have a named appointed Information Asset Owner (IAO) compliant with the UK government security policy framework. This person will be responsible for all data access requests prior to ZsahForms being contacted.
Nominated information risk assessment, management and other specialists may also be required dependant on the customer's deployment of our service although this is not normally required.
Zsah's security policies and processes are aligned with ISO/IEC 27001:2013 and zsah is also certified under the UK Government Cyber Essentials scheme.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All components are configured as per client's requirements and are monitored regularly. If changes are required, the client requests a change via a Change Request. Once reviewed and approved by Zsah change management, the changes are then implemented.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Vulnerability and Penetration testing:
Patches are deployed as soon as a threat is identified. zsah works closely with the major industry vendors and third party organisations who send out regular alerts. We also have a regular patching schedule every 2 months. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
We ensure that your business and daily operations run smoothly via support from our technical team. This means that we consistently monitor the network to ensure everything is running without any problems and should a problem arise then we can address it before users are affected.
Our monitoring is constant on a 24 hours, 7 days a week basis throughout the year. If issues arise the zsah support team are contactable at any time to resolve problems on the system. - Incident management type
- Supplier-defined controls
- Incident management approach
-
We have an incident management procedure which is aligned to ISO/IEC 27001: 2013. Pre-defined processes for common events depend on the type of incident, whether it is an incident or not. Events that are classified as incidents include malware infections, excessive spam, information system failures and denial of loss of service.
Users report to the Information Security Management representative and then an appropriate action is taken quickly after discussed with management.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £13,250 an instance
- Discount for educational organisations
- No
- Free trial available
- No
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at sales@zsah.net.
Tell them what format you need. It will help if you say what assistive technology you use.