electronic Form Generation System - eFGS
eFGS allows Customers to easily integrate e-forms to their web resources supporting field validation, business rules, etc. It includes secure storage, back-office form design environment, and front-office server that is readily usable by the end users. Customers may optionally order add-on services including the design and implementation of online forms.
Features
- Role-based access control
- Life-event driven workflow
- GDPR compliant
- Audit records for user activity
- Highly customisable
- Supports standard workflows
- Application of business rules
- Sophisticated field validation
Benefits
- Modular, standards-based design
- Integration options with standards-based external systems
- Competitive pricing
- Support for externalised authentication etc. services
- Various web integration options
Pricing
£1,250 an instance a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 2 8 0 9 8 4 5 0 9 4 6 9 4 4
Contact
EUROPEAN DYNAMICS UK LTD
Panagiotis Rentzepopoulos
Telephone: 020 34118309
Email: ibd-uk@eurodyn.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- None
- System requirements
-
- Internet connection
- Reasonably recent version of web browser
- JavaScript enabled
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
User support operates on working hours during workdays. The response to questions depends on their criticality and varies between 2 hours for major incidents to 2 working days for cosmetics. Different service metrics are possible based on specific SLAs.
Response times are the same at weekends is the SLA requires so. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Different options are available. Complete information can be found in the pricing document.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- The service setup includes the provision of standard electronic support material in the form of online documentation. Additional training may also be ordered.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- At the end of the contract, all Service data can be extracted in the form of a database dump that can be readily transferred in a variety of secure transfer methods. Special attention is paid regarding the protection of personal information. In case sensitive information needs to be transferred, the recommended option is to transfer all data using an offline storage device to ensure a clean chain of custody and compliance with applicable data protection requirements.
- End-of-contract process
-
The “off boarding” phase follows an established procedure that provides assurance to both the Customer and the Service Provider that all service aspects will be addressed. Such aspects may include (depending on the Customer’s service set up):
• Access rights: ensure that all access rights are revoked or restored to the state before the service commenced.
• Customer-supplied data: ensure that all information uploaded or stored with the system is handled in line with the Customer requirements (deleted or returned to the Customer).
• Third party-uploaded information: ensure that all information entrusted with the system by any third parties is managed in line with the contractual and legal requirements in effect.
• System-generated data: ensure that all information related to the Customer will be made available for retrieval. Such information may include audit trails, event characteristics, etc.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The service uses responsive design as much as possible, which ensures an easy to use interface dynamically matching the display of the user's device.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- No
- Customisation available
- Yes
- Description of customisation
- During the Service setup phase, buyers are able to select customisation options that will be implemented by the service provider. Additional information exists in the pricing document.
Scaling
- Independence of resources
- The infrastructure of EUROPEAN DYNAMICS warrants that service performance will be unhindered by matters of capacity, load, and network traffic thanks to its design that exploits the benefits of a scalable and robust architecture based on virtualisation.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Service usage, helpdesk report, storage consumption, KPI values
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Other
- Other data at rest protection approach
- The Service may encrypt sensitive data at rest
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- The data export process depends on the access rights of the user. Public users may be authorised to access and export their personal data through the system user interface. Privileged users of the Customer are able to export data retrieved through e-forms using standards-complying methods and technologies (such as web services, RESTful APIs, XML, JSON, etc.) All data export activities are logged to ensure that they are performed in compliance with applicable regulations.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- XML
- Excel
- Original format (ZIP archive)
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- XML
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection between networks
- All communication of sensitive data is via HTTPS over the public internet - The Service also encrypts sensitive information in order to provide additional protection.
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
- Firewalls + Intrusion Prevention systems protect the perimeter of the service platform - The Service also encrypts sensitive information in order to provide additional protection additional access control/protection.
Availability and resilience
- Guaranteed availability
- 99.9% ("three nines") availability is offered as standard
- Approach to resilience
-
All key EDHS infrastructure components are fully redundant ensuring an HA data centre architecture ideal for mission critical hosting services:
• Redundant Server Design: all servers are fitted with redundant disks, power and cooling;
• Redundant Storage: fault tolerant enterprise grade Storage Area Network solution;
• Redundant Power: Power outages are handled by a UPS backed up by a diesel generator;
• Redundant Internet feeds: The primary data centre connects via two fibre carriers to two different ISPs. - Outage reporting
- Service availability is part of the service report. Outages are part of the service availability information reported.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Username or password
- Other
- Other user authentication
- Users must enter their username and password in order to access the service. In case of first-time login, they also need to enter a one-time transaction code that is sent to their registered email address.
- Access restrictions in management interfaces and support channels
- Access to management interfaces is restricted through user authentication. Access to support channels is unrestricted. Non-public network channels are used for maintenance operations.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- TÜV HELLAS (TÜV NORD) S.A.
- ISO/IEC 27001 accreditation date
- 15/07/2022
- What the ISO/IEC 27001 doesn’t cover
- The certificate is specific to the hosting service platform and its administration. An ISO9001:2015 certificate covers the quality management of the company's business processes.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- ISO 22301:2019 (Business Continuity Management)
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- The service security governance is operated in compliance with UK GDPR and the national data protection laws that apply in the UK and any other involved country (if any). We have a Cyber Essentials, ISO 22301:2019 (Business Continuity Management) and ISO/IEC 20000-1:2018 (Information Technology Service Management) certification.
- Information security policies and processes
- A comprehensive set of Information Policies & Procedures are implement as part of the ISO27001 ISMS under which the service is operated.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Services are operated according to Change management Policy & Procedures which includes configuration changes . Changes must receive formal approval from an internal Change Advisory Board (CAB) .
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- The Service Provider has defined a Patch Management Policy implementing a proactive patch management strategy; this involves recording and maintaining the patch level for all information systems involved within the hosting services environment. Furthermore, the strategy involves identification and application of patches that are considered essential in maintaining the security and correct operation of the service.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- A comprehensive monitoring and alerting system is implemented for data centre services which is implemented as a separate LAN in order to monitor and maintain security. An HP ArcSight SIEM is used to analyze and correlate security events across the IT infrastructure.
- Incident management type
- Supplier-defined controls
- Incident management approach
- The Service Provider maintains an incident management policy and associated incident response procedures as part of its hosting solution. The incident response procedures contain a detailed categorisation of incidents together with triggers and the associated actions that the tenderer takes in order to inform the customer and to protect and defend the customer’s hosted information resources.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Equal opportunity
- Wellbeing
Fighting climate change
EUROPEAN DYNAMICS (ED) is a group of companies operating primarily from Luxembourg, Belgium, and Greece. We have a branch in London collocated at the premises of our accountant, with no employees.
We maintain a net-zero footprint in the UK since 2022 when we started keeping records. We issue annual Carbon Reduction Plans that document our contribution in fighting climate change. We advocate environmental protection in our interactions with our employees, contractors, and partners.
For the UK company, our Carbon Reduction Plan is already at zero as it does not have any operations in the UK: all activities are outsourced to other companies of the ED group and the contractual/financial management activities are also carried out abroad. We do not have any transportation activity in the UK. We do not produce any waste and we have no employees.
For other companies in the ED group offering services in the UK, the services are provided remotely (in Software as a Service mode) in all but one contract. With respect to all these contracts, our carbon footprint is zero, as far as the UK is concerned. We have one contract for IT services, which are offered through a UK data centre who is reporting its emissions.
Based on the above, there are no emission reduction targets as we are already at Net Zero.Covid-19 recovery
To address the negative effects of the COVID-19 pandemic we take the following measures:
• Most of our consultants work remotely. We provide pre-configured laptops enabling secure access through VPN to our resources. This has also a positive impact to the environment, since transport to company premises is no more necessary.
• Bottles containing antiseptic liquid are available on all the floors.
• Posters remind our personnel about standard measures preventing spread of the virus, such as covering the nose and mouth when sneezing, frequent hand wash with soap, etc.
• Scholastic cleaning of WCs and surfaces on which the virus can survive.
• Frequent ventilation of all the rooms by regularly opening windows.Equal opportunity
EUROPEAN DYNAMICS is an equal opportunity employer and applies an Equal Opportunities Policy (EOP) for this purpose. This policy covers all aspects of employment, from advertising of vacancies, selection, recruitment and training to working conditions and reasons for termination of employment.
We take measures to increase the representation of disabled people in our workforce. We support disabled people in developing new skills relevant to our activities, including through training schemes that result in recognised qualifications.
We regularly monitor the working environment and take appropriate action if necessary to ensure that our EOP operates effectively. Our actions eliminate immediately unlawful direct and indirect discrimination and promote equality of opportunity.
We influence staff, suppliers, customers, and communities to support disabled people. We also take measures to identify and tackle inequality in employment, skills and pay in our workforce. We support career development to help people, including those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to our activities.
Our long-term aim is to proportionally represent all socially disadvantaged groups in the composition of our workforce. We set targets with a fixed timetable for hiring people belonging to groups that are underrepresented in the workforce. Where necessary, specific steps in conformance with relevant legislation are taken to help disadvantaged and/or underrepresented groups to compete for jobs on a genuine equal opportunity basis. Our EOP and the measures for its implementation are based on advice from relevant bodies and in consultation with representatives of our employees.Wellbeing
We promote a healthy work-life balance to prevent our staff burnout and improve retention. We use actions to promote the well-being of our people, such as subscription in team sports academies and training and education by professional fitness trainers.
We also promote collaboration with the community and participate in, sponsor or organise events that support the health and wellbeing in our workforce and the community at large.
We also have an annual program of bonding events aiming to enhance bonding among teams across the company. Events include evening gatherings, parties, and excursions to promote the spirit of corporate affinity.
Pricing
- Price
- £1,250 an instance a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- EUROPEAN DYNAMICS offers a test instance of the service free of charge to Customers wishing to familiarise themselves with the system, gain access to its documentation and go through online walkthroughs of most common tasks
- Link to free trial
- N/A