mWorkerCIS - Digital Forms for Councils

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: As a field-based reporting solution mWorkerCIS was designed to integrate with common ERP, CRM, Housing Management and file storage solutions. Our APIs enable any integration.

mWorkerCIS can receive a feed of jobs/task data from other systems allowing information to be automatically sent from files or internal systems to the field.
Cloud deployment model: Public cloud

Private cloud

Hybrid cloud
Service constraints: There are no major limitations or constraints that the buyer should know about. mWorkerCIS will work with all modern iOS and Android smartphones and tablets.

Tested Android version: 10+
- Device requirements:
- CPU 1 x 1.2 GHz +
- RAM 1 GB +
- Storage 2GB+

Tested iOS version: 10+
Tested devices:
- iPad 2+
- iPhone 8+

Other devices/versions can be used but they are not actively tested currently. If an additional device/version/browser combination is required, please let us know and we can carry out an investigation as to whether the system will execute flawlessly on it.
System requirements: Tested Android version: 10+. This is reviewed regularly.

Tested iOS version: 10+. This is reviewed regularly.

Modern browser for our admin web application

User support

Email or online ticketing support: Email or online ticketing
Support response times: Phone and email support operates at Mon-Fri, 9:-00-17:00. The system is automatically monitored on the weekend with alters sent to support if a problem occurs.

A user can log a support request at any time day or night (24/7) using email, phone or the client portal. When a support ticket is logged outside of regular availability hours, it will be picked up and acted on by the support team as soon as the service desk resumes.

Depending on severity ranked Level 1-4 the client should expect an initial response within 1-4 hours.

Alternative support hours can be catered for.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Yes, at an extra cost
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
Web chat accessibility testing: Testing has been carried out by our ticketing system partners - Zendesk. See https://www.zendesk.com/company/policies-procedures/accessibility/.
Onsite support: Yes, at extra cost
Support levels: Ultan Technologies provides System Admin, level 1, level 2 and level 3 support. Annual subscription pricing includes hosting, system upgrades, phone and email support as well as constant improvements and configuration support. Telephone and email support are available to all system users. Ultan Tech provides all clients with Technical, Engineering and Sales Account Managers.

Included under training - end user training, trainer-the-trainer and system support personnel and provision of relevant documentation, e.g. user manuals, system admin guides, troubleshooting guides, training presentations, etc.

Support requirements are tailored to the clients' project needs. Day rates:

Training & Implementation - £300-£800 per day.
Design & Configuration - £300-£800 per day.

See pricing document for full details of pricing.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: In-person training is essential to getting users started with mWorkerCIS. Sessions are delivered using a range of multimedia, PowerPoint and live demonstration of a mWorkerCIS environment that will be created to illustrate how to navigate through the system and enter data.

A train-the-trainer approach is our preference when getting a client up and running, this training has been designed to work with clients staff who may wish to go on and train new users post-implementation. The purpose of this is to help potential trainers to develop an understanding of the methodologies and processes available to approach mWorkerCIS training delivery and evaluation.

Our expert trainers also avail of online training systems as needed. Ultan Technologies trainers use the screen-sharing solution Zoom.us.

If needed, high-quality screencast demo videos are recorded and shared. Videos are used to walk users through the various elements of the software keeping users up to date and trained in the product. Videos are also a useful resource as a quick reference for users with issues.

Ultan Technologies also prepare custom support documentation that includes system admin manuals, user guides, cheat sheets, training presentations, support knowledge base, demo recordings, etc. produced for the clients use case.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: At any point, all data is exportable in various formats.

Data can be extracted from mWorkerCIS in a number of ways, including:
● Printing reports
● Pulling/pushing data through an API
● Pushing data through automatic reports (email for example)
● Exporting forms to PDF, Excel, CSV and more
● Exporting dashboard data to PDF, Excel, CSV and more

At end of contract we can provide customers with a full database extract of their data.
End-of-contract process: During the contract, all data is the property of the client and can be downloaded by the client at any point. At the end of the contract, all data will be subject to an agreed retention policy.

Evidence of the data having been deleted can be provided if required.

There is no additional cost for contract end services.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome
Application to install: Yes
Compatible operating systems: Android

IOS
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: MWorkerCIS has been designed as a mobile-first solution, meaning the solution architecture was initially built to work mainly with mobile devices. Usually (but not limited to), customers will use the mobile based solution to capture form-based information while in the field and away from their desk; as this allows for offline functionality.

The web portal can be used for form filling via a desktop computer or laptop, as well as admin duties, reporting and analysis.
Service interface: Yes
User support accessibility: WCAG 2.1 AA or EN 301 549
Description of service interface: There are a number of service interfaces:
1) Web App - a web app that allows users with appropriate permissions to
a) customise form type, workflows, dashboards and reports
b) review all data that has been submitted
c) complete form instances
d) manage users
e) assign tasks

2) Mobile app - an app on android and iOS devices that users with appropriate permissions use to review the tasks assigned to them, get directions to them, complete forms and more.
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: None yet.
API: Yes
What users can and can't do using the API: From its infancy mWorkerCIS was designed with integration in mind, a large proportion of our customer base successfully use our APIs to push/pull information to and from CRMs (e.g. Dynamics CRM, SalesForce, SugarCRM, ZohoCRM), databases, ERP tools, Housing Management systems (e.g Northgate Housing Software), SharePoint storage or bespoke software systems.

mWorkerCIS has an established API for integration with other systems. Examples of the APIs include

Login:
/Home/APILogin

Create a job:
- /api/Job/CreateJob

Create multiple jobs:
- Get a template file: /api/job/Get
- ImportTemplate: Use Excel file to create jobs /api/Job/ImportJobs

Get a list of jobs:
- Without submitted data: /api/Job/GetDisplayJobs

With submitted data:
- /api/Job/GetActualJobsWithData

Get a job:
- Without submitted data: /api/Job/GetJob/{jobId}
- With submitted data: /api/JobForm/GetJobData/{jobId}

Get a file attached to a job:
- /api/Content/GetJobFile

We have several case studies where companies are not using our admin portal for anything - all jobs are pulled from other systems using our APIs and completed forms are pushed in the same way.
API documentation: Yes
API documentation formats: PDF
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Admin users can create, delete, change and enhance their account's forms, dashboards, reports and workflows. Once an existing element is edited and published, operational users will see the new or edited version immediately.

With our drag-and-drop tools, users can easily add/remove/edit the fields on an existing form template or create a new one from scratch. Such templates can then have a workflow built around them. Our form building tool eliminates the need for expensive and time-consuming development.

The reports and dashboards can also be custom created by the clients' admin users. Displays such as charts (bar, pie, treemaps, sparklines, doughnut, etc.), gauges, pivot tables, maps and more to allow users to configure reporting, showing the statistics they desire engagingly.

mWorkerCIS allows for custom user types to be configured depending on the clients' preferences. Allowing access to be limited to exactly what the roles needs.

Integration through APIs also allows for extensive customisation.

Scaling

Independence of resources: 1) We can provide private cloud hosting
2) We have the ability to automatically increase the power, memory and number of servers available to deal with unusual loads

Analytics

Service usage metrics: Yes
Metrics types: MWorkerCIS provides a variety of usage metrics, simple usage metrics include user login volumes. mWorkerCIS can also outline any edits made to system data.

Audit Trail Reports
The clients' administrators can view reports highlighting what changes were made and by whom. mWorkerCIS allows users with the appropriate access levels to view and report on what information was downloaded, added, changed or edited, and who has submitted an e-form.

mWorkerCIS is also capable of providing reports on the data items that have been updated from an API integration, including but not limited to date and time stamps.
Reporting types: API access

Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least every 6 months
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Physical access control, complying with SSAE-16 / ISAE 3402

Physical access control, complying with another standard

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Any data from the system or specific forms, reports and dashboards can be configured to be exported in both tabular and graphical format. Data can also be downloaded and printed by the user in various methods and formats (Excel, PDF, Word, CSV, etc.).

Forms can even be sent via a set of predefined automated triggers or downloaded and sent to the required persons.

APIs can be used to extract data in other formats.
Data export formats: CSV

ODF

Other
Other data export formats: PDF

XLS

XLSX

RTF

DOCX

MHT

HTML

Text

Image
Data import formats: CSV

ODF

Other
Other data import formats: Excel

Via an API integration

Any document can be attached to forms

CSV

Converters can be easily configured for most formats

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: 99% up-time guaranteed outside of maintenance windows.

Users are refunded for any time that the system is not available. This has not happened to date.
Approach to resilience: This is available on request. Our main data centre is Amazon's AWS.
Outage reporting: There are email alerts.

Identity and authentication

User authentication needed: Yes
User authentication: Identity federation with existing provider (for example Google Apps)

Limited access network (for example PSN)

Dedicated link (for example VPN)

Username or password
Access restrictions in management interfaces and support channels: Access to the management interface is restricted through authentication in the first place and then through roles. Multiple roles can be defined and each role can have different sets of functionality assigned.

Access to the support channels is restricted through authentication.
Access restriction testing frequency: At least every 6 months
Management access authentication: Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Limited access network (for example PSN)

Dedicated link (for example VPN)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: CDL
ISO/IEC 27001 accreditation date: 2020
What the ISO/IEC 27001 doesn’t cover: We are fully certified
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: Yes
Who accredited the PCI DSS certification: Commodo
PCI DSS accreditation date: 2018
What the PCI DSS doesn’t cover: Storing card details.
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: No
Security governance approach: We are currently certifying to ISO 27001. We expect to have that in place shortly.
Information security policies and processes: The Board of Directors (“the Board”) is ultimately accountable for corporate governance as a whole. The management and control of information security risks is an integral part of corporate governance. In practice, however, the Board explicitly delegates executive responsibilities for most governance matters to the Executive Directors, led by the Chief Executive Officer (CEO).

The Executive Directors give overall strategic direction by approving and mandating the information security principles and axioms but delegate operational responsibilities for physical and information security to the Security Committee (SC) chaired by the Information Security Manager (ISM).

We have a set of security policies that are available on request. These are being certified as part of our ISO27001 certification process.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Our change management processes gather product change requests from clients, from internal stakeholders and from the results of various security checks that are carried out regularly.

Each quarter, these change requests are prioritised and gathered into releasable packages. Any change that can impact security is escalated to the Security Committee who agree appropriate tests.

Development is carried out to implement the changes.

All development is subject to manual and automated tests, some of which include testing for security vulnerabilities.

Emergency change requests are treated in the same way.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Various internal and external regular security checks are carried out on a defined schedule.
Each threat identified is highlighted to the Security Committee which decides on when a patch is required - we can deploy them extremely quickly if necessary.
Information on potential threads is obtained from third party providers and from our own security experts.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Potential compromises are identified through automated analysis of our systems - activities, log files, memory usage, cpu usage, etc.

Potential compromises are addressed immediately with our Security Committee as described in earlier responses.

We respond immediately on the day of the incident.
Incident management type: Supplier-defined controls
Incident management approach: We have run-books that cater for any common events - they are processes detailing how to deal with each of them.

Users report incidents through our standard ticketing systems - through email, telephone or through the client portal.

Incident reports are provided through emails and our client portal.

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: No

Fighting climate change: Fighting climate change

We have an energy management service that is being used by 4,000 orgainsations to manage the energy being used by 85,000 buildings. Our software has ensured that the public sector in Ireland achieved its targets of 30% efficiency by 2020. We have been chosen as the software supplier to manage the Irish Public Sector's carbon targets of 51% reduction by 2030.
Covid-19 recovery: Covid-19 recovery

We are providing all our employees with a choice as to whether to work from home or in the office most days of the week.
Tackling economic inequality: Tackling economic inequality

We work with programmes that actively seek to generate opportunities for women returning to work and 25% of our employees have come to us through these programmes. Our organisation is unusual for a Software Company in that we have more than 50% female employees.
Equal opportunity: Equal opportunity

50% of our employees are female. 50% are immigrants.
Wellbeing: Wellbeing

We are providing all our employees with a choice as to whether to work from home or in the office most days of the week.

Pricing

Price: £2 to £30 a user a month
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: On occasion, Ultan Technologies will work with prospective clients to make a free trial available.

The free trial includes all features, functions, support, maintenance and hoasting that an existing paying customer would experience.

Free trails are limited to an agreed amount of time, e.g. two months.
Link to free trial: http://ultantechnologies.com/book-a-demo/

mWorkerCIS - Digital Forms for Councils

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

mWorkerCIS - Digital Forms for Councils

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents