Prime Document Ltd

Document composition, storage and delivery

Prime's service is able to receive data in any format, map this to a bespoke document template(s) and deliver it via multiple electronic or printed channels.


  • Multi-channel delivery
  • Remote access,including mobile devices
  • Complex document creation
  • Any data format accepted
  • Rules-based automated processing - highly configurable


  • Fast, efficient and automated document processing
  • Significant cost saving through digital delivery
  • Process governance and compliance
  • Brand management
  • Comprehensive reporting


£0.015 per unit

Service documents

G-Cloud 11


Prime Document Ltd

Martin Hurley


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints The service will be configured to an agreed statement of work between Prime and the buyer. It will be constrained to this agreement unless updated through a change control process.
System requirements
  • The buyers can access the system via a web browser
  • Data is typically transferred via SFTP

User support

User support
Email or online ticketing support Email or online ticketing
Support response times E mail Monday to Friday 9-5
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels First line support is provided by Prime's customer support staff and the in-house IT development team. They have knowledge of each customer's configuration and have access to resolve most issues promptly.
Second line support is provided by the infrastructure team looking after the data centres, servers and network.
Third line support is provided by the software application providers that Prime uses to deliver the customer services.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Prime develops a statement of work with each customer to define the system configuration that meets the customer's specific requirements. This will include appropriate training which can be onsite and/or documentation
Service documentation No
End-of-contract data extraction Prime will create an export file(s) containing the agreed data. This can be encrypted if required and is typically in csv or xml format.
End-of-contract process The price includes what has been documented in the statement of work. Prime will charge for any changes requested to the system and also for any end of contract data extraction

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Currently the service is the same on both mobile and desktop devices. A specific mobile interface maybe developed later.
What users can and can't do using the API API enables a specific group of IP addresses to access the ECCO system via a secure connection without the need for individual user log-ons. It can therefore appear as part of the customer's LAN. This, in turn, can enable closer integration with the customer's own systems using web services.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The core application behind the service is a workflow engine which manages automated rules-based processes. Prime will configure the workflow against the agreed requirement and this can include customer selectable options.


Independence of resources The system design includes multiple, load balanced web and application servers. The load on these servers is continuously monitored and reported. Prime will instigate the spinning up of additional servers to meet demand as and when required.


Service usage metrics Yes
Metrics types Prime can create reports for multiple service metrics including SLAs, quantitative metrics, throughput metrics, delivery metrics and many more.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach If the user wishes to export their data from the ECCO system, we will provide a "button" to do this in the agreed format(s).
If the user wishes to export data to import into ECCO, then the preferred route is via SFTP.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats XML
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats XML, TXT, XLS, DOCX and any other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks Data is typically transferred to and from our system using secure FTP or AS2. The web portal is secured using SSL (128 bit). We are also able to support IPSec VPN and other secure transfer protocols if required.
Data protection within supplier network Other
Other protection within supplier network Prime's internal network is physically separate from the ECCO system. Customer data on this LAN is not accessible from the Internet

Availability and resilience

Availability and resilience
Guaranteed availability The availability of our system is 99.95% and includes a full DR capability. Based on this, we agree individual SLAs and service credits with each customer.
Approach to resilience The ECCO system resides in two geographically separate data centres, one providing DR. All data is copied to the DR site before processing and the two systems are synchronised multiple times each day.
Outage reporting We will notify users of planned outages via the web portal and email, together with the reason and impact. Unplanned outages will be notified via email with details of the failure, corrective action and impact.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Each user, or group or users, has a comprehensive set of access controls which limits what can be viewed down to individual documents, and what functions are made available. For example, if a user does not have authority to email a document, then this function is completely missing from his/her portal screen.
Access restriction testing frequency Never
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS
ISO/IEC 27001 accreditation date September 2016
What the ISO/IEC 27001 doesn’t cover ISO 27001 covers all of Prime's activities.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Prime Document is accredited to ISO 27001 and has instigated policies and procedures to comply with this standard. Regular audits and non-conformance reviews are carried out and reported to the Managing Director.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes are documented and signed off by all stake holders prior to any work being started. The change is then developed in Prime's separate development/test environment and subject to UAT before being submitted to the change board for approval to promote to production. Version control is applied to the production environment with all changes logged and records kept.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Prime will embody patches via the change control process promptly. The IT Manager is responsible for the patch process and monitoring potential threats. He achieves the latter in conjunction with the data centre hosting providers who manage IG Soc and N3 secure services
Protective monitoring type Supplier-defined controls
Protective monitoring approach Prime uses Intercity Technology to provided the hosted data centres and this service includes continuous monitoring of threats and attempted firewall breaches. Where appropriate, they will instigate a change request to mitigate the risk to the system
Incident management type Supplier-defined controls
Incident management approach The system is managed in accordance with ITIL V3, including the incident management process. Quarterly reviews between Prime and the data centre hosting services provider review the incident log and verify corrective action

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.015 per unit
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑