Skip to main content

Help us improve the Digital Marketplace - send your feedback

Flowz Ltd

Work Flowz

No code automated work flow platform on which to create any business process or record keeping requirement. Designers determine granular access control such that steps in a process can be revealed as required in response to user activity or external input. SMS/Email/System messages are triggered as well as sub processes.

Features

  • Bespoke process design
  • Granular access controls
  • Tailored activity response
  • Subprocess triggers
  • Responsive to organisation change
  • Template marketplace
  • Internal and external messaging
  • Integrated governance controls
  • Detailed reporting
  • Single-sign on and or Active Directory integration

Benefits

  • Management oversight of business operations
  • Quality control of business processes
  • Removes management by email dependency
  • Exposes business systems to all necessary staff
  • Provides audit evidence of compliance with policy
  • Supports standards compliance
  • Reduces risk
  • Adjusts to business changes
  • Responds to staff turnover (sickness, promotion, absence)
  • Reduces organisational risk

Pricing

£1.00 a user a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david.stone@flowz.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

2 1 8 0 3 8 5 2 9 8 5 4 7 3 2

Contact

Flowz Ltd David Stone
Telephone: 07947052704
Email: david.stone@flowz.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
The platform can take inbound and send outbound structured messages to any software with open APIs.

Some software publishes these, from which we can create an adaptor, or we can work with Zapier.

We work with external software integration coders where required to ensure our responsiveness to changing business needs.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Although the system works on mobile devices perfectly well, users have a better experience on larger screens.
System requirements
  • Web browser
  • Device running web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Typically, less than 1 hour during normal UK working hours.

Depending on the question, we have video calls to demonstrate a function or view a system behaviour to better understand an issue.
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Any support requirement to understand how the platform works, or to understand why the user is experiencing a particular system behaviour, is included in the licence fee.

Support to design processes and responses in the system is charged extra.

Training, onsite or online, is charged extra.

Bespoke functionality requested will be treated on a case-by-case basis. We have our own development team and if we consider the new function to be of a general benefit, we either wouldn’t charge or would charge a small amount. If the requirement is truly unique and of no use to other clients, we would charge for our development time.

Depending on the size of the customer, we may appoint a dedicated account manager to ensure that customer achieves maximum benefit from the platform. This customer account manager would ensure that training and adoption is widespread in the customer organisation and support the customer to achieve the organisation change necessary to make this happen.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We can provide onsite and online training, standard or bespoke documentation.

In the early stages, we provide onsite or online workshops for organisation managers to understand what the platform can do to support business process automation, quality control and risk management. We record these sessions and provide them to the customer for future access.

We are developing a structured training system to accredit Designers, Administrators and Managers, which will include annual updates.

From 2025, we will reinstate at least annual face-to-face events, which we used to have pre-COVID, to engage customers and share best practice. These were very popular and we know customers have been requesting these.

We also have a fairly active online community, where new users can post questions and have responses from the wider user community. This would be subject to each customer’s policies as some processes and records would be confidential.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
We advise customers to extract whatever they want using the reporting tools on the platform.

Support is available if required.
End-of-contract process
At the contract termination date, we delete all of the customer’s data. There is no charge for this.

We take down their unique URL such that users can no longer login.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
The API is tailored to user requirements.

Work Flowz is a business process platform on which each customer designs their own processes.

We design the API to import/export depending on the design of that customer’s process. The structure and content of the API is created for each customer, not automatically by the platform.
API documentation
No
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Almost everything the user experiences is determined by the Designer of the process or record. What a user can see and do is all in the control of the Designer.

The menus, icons, menu order, ability to see content, write content, export content, etc., is all in the control of the Designer.

Transition between process steps, state changes of incidences of processes, changes to the design of processes, reporting screens, etc. are all in the control of the Administrator. The Administrator also determines membership of Teams, Sites, and Groups.

The Manager has both the Designer and Administrator roles, and is also the only Role that can allocate the Designer and Administrator Roles. There can be more than one Manager.

The Manager is the only Roel that can incur costs. This includes allocating Designer and Administrator Roles, subscribing to additional storage space, and buying Process and Record Templates from the Marketplace.

We have in the pipeline the ability to change languages.

Scaling

Independence of resources
Currently, we monitor this and receive reports from our host platform provider and scale up as required.

We are moving to elastic resourcing on AWS in 2025.

Analytics

Service usage metrics
Yes
Metrics types
Usage metrics depend on the chosen connection. Most customers use Single Sign On (SSO) via Active Directory (AD), from which they can produce their own usage metrics.

If our SSO module is used (Duende) we can generate the same usage metrics as can be obtained from AD.

Within a process or record instance, Filters and Views can be used to generate specific response times, user submissions, etc.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Each process and record instance has a dedicated menu page which includes customisation options of Views and Filters.

The table view generated can be exported using the MS-Excel button.

Custom Views and Filters can be saved for that user’s reuse. Custom Views and Filters can also be saved for all user use by Instance Administrators.
Data export formats
  • CSV
  • Other
Other data export formats
.xlsx
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We don’t have this at the moment but would be happy to consider if a customer requirement.
Approach to resilience
We use a specialist data centre in London with failover in Kent. We haven’t had any downtime for years.

We are moving to AWS in 2025.

We take backups daily, and will be increasing these to hourly in 2025, with a view to more frequent as usage grows.

If a customer has a particular requirement, we would be happy to address this.
Outage reporting
Email alerts - we haven’t had one for many years (at least 5 years)

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
In the software, security configuration controls are only accessibly to Managers.

In the company, there are only three people and we each have access to ensure resilience to appropriate tools.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
We are a three-person company. We commission Cyber Essentials Plus on the company and external CREST-certified testing annually.

Our product and company policies are updated and assessed annually as required by changes in our internal or external environments and or recommended by our security audits.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes are assessed and tested by the team in QA, and then released into UAT for customer testing before being published to Live.

Security is considered at every step and our security policy principles applied and checked.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We subscribe to services, including NCSC, that monitor the external environment for emerging threats and address these in the system design.

Where an identified threat could exploit a vulnerability, this becomes a priority above everything for our developers and a patch is developed, tested and deployed ahead of anything else.

Typically, depending on the severity, this can take from a few hours to a few days.

For example, in our 2023 security audit, the amber issues identified were corrected in two days.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Platform activity is monitored as a part of our service package from our host. Any unusual traffic is notified immediately. If at potentially damaging levels, the host will close external connections. Suspicious activity is notified and investigated immediately.

If a compromise is discovered it is assessed for severity and, in the most extreme event, the platform could be taken off line until fixed.

In such an event, patching the vulnerability would be a priority for all staff, and the focus of development until a patch is tested and deployed.
Incident management type
Supplier-defined controls
Incident management approach
All incidents are reported to the Managing Director, who determines response. In the unlikely event the Managing Director isn’t available, the Senior Development Engineer is authorised to act.

User reported incidents come to the helpdesk.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

Fighting climate change

Fighting climate change

Our product is designed to use the least possible processing power to reduce electricity consumption.

All of our staff work from home and communicate using online services (MS-Teams, WhatsApp) and only travel to meet face-to-face once a year.

We do not produce anything on paper and nothing is printed.

Redundant hardware is securely cleansed and sent to charities for reuse.

Pricing

Price
£1.00 a user a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
We set up a complete copy of the platform with sample processes and records. Everything is deleted at the end of the trial unless the customer wants to licence.

There is no limitation in the software.

Time is by negotiation - up to 12 months for a proof of concept

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david.stone@flowz.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.