GoReport is a cloud-based, electronic data capture and reporting software application used by surveyors, property investors, owners, operators and consultants in public and private sectors.
GoReport comprises of two main components: Mobile data collection and a web-based portal with real-time desk top publishing and reporting engine.


  • SmartReports Library of survey templates
  • Electronic data capture (paperless system)
  • Streamlined reports
  • Consolidated exports
  • Custom template creation
  • Condition Reports, PPM, Schedule of Condition, Snagging,
  • Dictation - Built in voice to text transcription
  • Easily Edit, annotate and organise photos
  • Diverse survey ranges for Housing, Project Management, Fire Safety
  • Education, Government, Historic Buildings, Health & Safety, Compliance


  • Unlimited report generation, anytime, anywhere
  • Designed and updated by industry experts
  • SmartPins -link information specific locations on images & plans
  • Integrates to Microsoft Word and Excel
  • Professional Services team
  • Customised phrases, text and handwriting recognition for rapid data entry
  • Pre-load standard response, eliminating error in reports
  • Cyber Essentials Certified, committed to guarding customers against cyber-attacks


£1495 per licence per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11



Marian Connolly



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No constraints
System requirements IOS device for application download

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 24 hour response, weekends 72 hrs.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Urgent calls:
Application issue affecting all users:
- Escalation: Immediately to engineers, Notification issued to management immediately and the CSC informed. Customer contacted within 4-24hrs
-No additional Cost

High calls:
Bugs and Glitches
- Response within 8hrs
- Escalation: Ticket raised and the CSM is notified. This ticket is placed as high priority with Technical Support Engineers and aimed to be resolved within 24hrs.
-No additional Cost

Normal calls:
A section of the template is not working correctly:
-Ticket raised to Technical Support Engineers, it will be added to workload and targeted for completion within 48hrs.
-No additional Cost

Low calls:
Support using the application or password resets etc:
- Response immediately via phone, within 24 hours via email.
- Escalation: If the customer has not had a response within the 24 hour period.
-No additional Cost

Request for Change:
Request for a change to the template:
-Acknowledged within 24hrs, complete within 7 days, dependent on priority. Cost is determined based on the change in scope and time to complete. The customer is advised of costs in advance and signs off on them.

Each customer will be assigned a CSC Customer Success Consultant, who will be dedicated to their support.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Webinar training, onsite training and recorded training material are available to customers.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users are always advised to keep copies of the reports and to back them up before cancelling as these will then be archived afterwards. A customer who has cancelled can request a document which was uploaded by them to the web portal however there may be a fee for this.
End-of-contract process Customers are a non-auto renewal contract. Coming up to the end of their contract their sales consultant will reach out to discuss renewal and services available.

If the customer chooses not to renew a new contract will be issued.

If they choose not to renew and to cancel, the sales consultant will notify the finance team and the support team who will contact to finalize any outstanding balances and deactivate the account on the final day of the contract.

We do not charge a cancellation fee.

Using the service

Using the service
Web browser interface Yes
Supported browsers Chrome
Application to install Yes
Compatible operating systems IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service On-site data capture is performed by our iOS application. Our web portal which is used for data review and publishing is designed to work equally well on mobile and desktop devices.
Service interface No
Customisation available Yes
Description of customisation Branding

Customised reports are written from the ground-up


Independence of resources All our web based services are hosted within a load balanced environment. As more users access the system additional servers are automatically started as required.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach User can publish completed reports using PDF. They can export their data as JPG, WAV, MP3, XLXS, CSV.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The availability percentage of the Hosted Service other than for Planned Downtime, Unplanned Downtime outside of our control, and Planned Maintenance, shall be 99% availability during Peak Time; and 95% availability for all other periods.

We may use up to five (5) hours in any week, outside of Peak Times, for Planned Maintenance.
Approach to resilience Our cloud based solution is built to constantly monitor our server based resources for their health status. If a server is considered unhealthy is it removed for the available pool and automatically replaced with a new healthy server.

Additional information is available on request.
Outage reporting Our staff are altered to any issues our outages within our systems. When an assessment of the severity and likely downtime has been established customers will be informed via email alert.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels All management and backend services are completely restricted allowing access only VPN or approved IP Address.
Access restriction testing frequency Never
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Cyber Essentials
Information security policies and processes Compliance to the following Security Policies is enforced through internal process improvement processes and by external certification audits:
ISP 02 Risk Management and Assessment
ISP 03 Access Control and Account Management
ISP 04 Security Incident Management
ISP 05 Asset Management and Information Classification
ISP 06 Acceptable Use
ISP 07 System Security and Network Access
ISP 08 Business Continuity Plan
ISP 10 Security Patching
ISP 11 Information Media Mobility, Storage and Disposal
ISP 12 Physical Security and Access
ISP 13 Systems Usage Logging and Audit
ISP14 Staff recruitment, changes and leaving

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach GoReport follow a defined change management approach which allows easy management and visibility of all changes throughout the lifecycle of the software. Mature and defined processes are compiled as part of an integrated management system for assessment and certification to
ISO9001:2015 and ISO27001:2013 during 2019. Change is defined as part of process A.12 (Operations Management).
Vulnerability management type Supplier-defined controls
Vulnerability management approach GoReport operates a comprehensive vulnerability management approach to ensure effective, secure and stable operation. Patching is a key area of this lifecycle and is managed through the process and technical measures. Patching within server environments takes place automatically with all patches run through non-production before deployment.

GoReport updates libraries during builds and also undertake independent security and penetration testing.

Vulnerability management is dealt with in a number of different processes including A.12 (Operations Management) and within the organisation's comprehensive risk management processes.
Protective monitoring type Supplier-defined controls
Protective monitoring approach GoReport uses a number of different systems for monitoring applications and systems. As a user of AWS, many of these features are easily integrated and permit strong, secure and stable measures to be implemented simply. These measures include monitoring of applications and systems with:

* CloudWatch
* GuardDuty
* AWS Config

These measures are defined as part of ISP9 - Monitoring and evaluation.
Incident management type Supplier-defined controls
Incident management approach In order to manage incidents effectively, a defined process has been introduced which has been compiled as part of an integrated management system for assessment and certification to ISO9001:2015 and ISO27001:2013 during 2019.

All incidents are logged within a ticket management system to provide clarity about resolution times, especially where SLA is concerned. All incidents logged feature a clear process for assessment of root cause, impact(especially on CIA factors) and learnings to prevent the incident from recurring. This is managed as part of process A.16 - incident management.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1495 per licence per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial We offer a two week trial period. All trials must be approved by GoReport.

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑