Prime Document Ltd


Ecco provides a platform for the processing, composition, multi-channel delivery of transactional documents via hosted portals, Email (with attachments/Links), EDI, Mobile, Print and Mail.
Able to receive data in any format and deliver output to meet client specific requirements.
In house development team with ISO27001 accreditation


  • Secure UK based hosted portals
  • Scale-able compute platform
  • 24/7 accessability
  • Resilience across 2 separate regional data centres
  • Remote access
  • Multiple index search function
  • Client portal branding
  • Encryption
  • Bespoke MI reporting
  • UK Help Desk support


  • End to End managed service from data receipt to delivery
  • Document audit trail availabilty
  • Speedier settlement of payments
  • Faster dispute resolution
  • Speed of access to data/documents
  • Accessible from any web enabled device
  • Copy documents instantly availabe
  • No client data preprocessing requirement.


£0.015 per unit

Service documents

G-Cloud 9


Prime Document Ltd

Martin Hurley


Service scope

Service scope
Service constraints No
System requirements
  • Buyers have unique and discrete access via a web browser
  • Users have individual or group preferences for access and function
  • Individual branding and identity for each buyer

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard first line support is provided during normal working hours which can be extended if required to meet customer requirements.
The infrastructure is monitored 24x7 with an avaialbility of 99.95%, RTO of 4 hours, RPO of <24 hours.
Response times are: Priority 1 - 1 hour, priority 2 - 2 hours, priority 3 - 8 hours.
No weekend cover as a standard.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels First line support is provided by Prime's customer support staff and the in-house IT development team. They have knowledge of each customer's configuration and have access to resolve most issues promptly.
Second line support is provided by the infrastructure team looking after the data centres, servers and network.
Third line support is provided by the software application providers that Prime uses to deliver the customer services.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Prime develops a statement of work with each customer to define the system configuration that meets the customer's specific requirements. This will include appropriate training which can be onsite and/or documentation.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Prime will create an export file(s) containing the agreed data. This can be encrypted if required and is typically in csv or xml format.
End-of-contract process The price includes what has been documented in the statement of work. Charges will apply for any change requests to the system and for any end of contract data extraction.

Using the service

Using the service
Web browser interface Yes
Using the web interface Prime's ECCO system is configured individually for each customer.
This includes access to documents, document types, reports and system functions.
Each user, or group of users, can be given full or limited access to these as required.
All configuration and management tasks are carried out by Prime Document on a request basis
Web interface accessibility standard None or don’t know
How the web interface is accessible The ECCO portal is capable of storing and retrieving against pre-agreed search criteria any digital file type for display in a browser. It is HTML 5 compliant so will resize to suit mobile and other display types.
Function buttons can be added that give the user access to pre-agreed processes, for example email, password change or other workflow enabled activities.
Web interface accessibility testing Currently Prime has not implemented or tested assistive technology
What users can and can't do using the API API enables a specific group of IP addresses to access the ECCO system via a secure connection without the need for individual user log-ons. It can therefore appear as part of the customer's LAN. This, in turn, can enable closer integration with the customer's own systems using web services.
API automation tools Other
Other API automation tools REST web services
API documentation Yes
API documentation formats PDF
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources The system design includes multiple, load balanced web and application servers. The load on these servers is continuously monitored and reported. Prime will instigate the spinning up of additional servers to meet demand.
Usage notifications Yes
Usage reporting
  • Email
  • Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • All files and data
  • All VM snapshots
  • All databases
Backup controls The ECCO back up process is standard and pre-set to meet the RTO and RPO requirements. However, the nature of the system will enable different back up schedules and content to be created for a customer's specific requirements.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks Data is typically transferred to and form our system using secure FTP or AS2. The web portal is secured using SSL (128 bit). We are also able to support IPSec VPN and other secure transfer protocols if required.
Data protection within supplier network Other
Other protection within supplier network Prime's internal network is physically separate from the ECCO system. Customer data on this LAN is not accessible from the Internet.

Availability and resilience

Availability and resilience
Guaranteed availability The availability of our system is 99.95% and includes a full DR capability. Based on this, we agree individual SLAs and service credits with each customer.
Approach to resilience The ECCO system resides in two geographically separate data centres, one providing DR. All data is copied to the DR site before processing and the two systems are synchronised multiple times each day.
Outage reporting We will notify users of planned outages via the web portal and email, together with the reason and impact. Unplanned outages will be notified via email with details of the failure, corrective action and impact.

Identity and authentication

Identity and authentication
User authentication Username or password
Access restrictions in management interfaces and support channels Each user, or group or users, has a comprehensive set of access controls which limits what can be viewed down to individual documents, and what functions are made available. For example, if a user does not have authority to email a document, then this function is completely missing from his/her portal screen.
Access restriction testing frequency Never
Management access authentication Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS
ISO/IEC 27001 accreditation date September 2016
What the ISO/IEC 27001 doesn’t cover ISO 27001 covers all of Prime's activities.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Prime Document is accredited to ISO 27001 and has instigated policies and procedures to comply with this standard. Regular audits and non-conformance reviews are carried out and reported to the Managing Director.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes are documented and signed off by all stake holders prior to any work being started. The change is then developed in Prime's separate development/test environment and subject to UAT before being submitted to the change board for approval to promote to production. Version control is applied to the production environment with all changes logged and records kept.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Prime will embody patches via the change control process promptly. The IT Manager is responsible for the patch process and monitoring potential threats. He achieves the latter in conjunction with the data centre hosting providers who manage IG Soc and N3 secure services.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Prime uses Intercity Technology to provided the hosted data centres and this service includes continuous monitoring of threats and attempted firewall breaches. Where appropriate, they will instigate a change request to mitigate the risk to the system.
Incident management type Supplier-defined controls
Incident management approach The system is managed in accordance with ITIL V3, including the incident management process. Quarterly reviews between Prime and the data centre hosting services provider review the incident log and verify corrective action.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres No


Price £0.015 per unit
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑