Excelpoint Limited

Excelpoint

Excelpoint’s no-code Enterprise Application software configures scalable solutions which automate business processes, eliminating paper and spreadsheets, and integrating legacy systems. Access via web-browser on desktop, tablet, or smartphone, and through apps for iOS, Android and Windows Mobile. Automatically generate emails, texts, cross-database updates, output documents, and trigger digital business activities.

Features

• Flexible and scalable enterprise applications
• Access securely from desktop, laptop, tablet and mobile
• Digitalise processes end-to-end to deliver enhanced customer experience
• Easy integration with legacy systems exploiting existing investments
• Interconnect SMS, email, push, mapping, barcode, signature, photograph, visualisation, automatically
• Leverage preconfigured CRM, ERP, GRC and many other solutions
• Extensive logic driven user defined survey and analysis capabilities
• Configure and tailor business applications entirely in-house
• Comprehensive support for, business logic, application configuration, and operations
• Plug-in integration with platforms including: Companies House, Gazetteers, News Feeds

Benefits

• Move application development to business not technical specialists
• Increase agility of business to adapt to external pressures
• Significantly increasing the pace at which business applications evolve
• Future proof applications against emerging technology waves
• Reduce the cost of customisation, aligning application to business process
• Reduce the risk of functional and technical underdeliver
• Leverage legacy systems and information in integrated and automated processes
• Replace paper and spreadsheets with secure digital solutions
• Enable secure office, home and field-based working regardless of device
• Re-align, re-purpose and extend to deliver multi-purpose solutions

£450.00 to £1,666.67 a unit a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Parry.Jenkins@excelpoint.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

249153327787115

Contact

Parry Jenkins
+44 (0) 7973 426252
Parry.Jenkins@excelpoint.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Excelpoint is entirely browser based and works on all current browsers, and hence can be accessed via your existing infrastructure and network topography. It supports Windows, macOS and Linux Workstations but also iOS, Windows Mobile and Android Smartphones and tablets due to the cross-browser support and fully responsive design. ; ; The solution is available 24/7, except for agreed timeouts for planned maintenance. This can be scheduled out of normal office hours to suit you, unless in response to critical (or above) incidents, though again the remediation would be scheduled in agreement with you.
• System requirements:
  • Works with Windows, MacOS, Linux via browser
  • Works with Internet Explorer Microsoft Edge Firefox Chrome Safari Opera
  • Mobile access via iOS, Windows Mobile and Android Smartphones
  • Standalone App available for iOS, Windows Mobile and Android Smartphones

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to respond within one hour between the hours of 08:00 and 18:00 Monday to Friday. Outside standard hours we can work to contract and service level specific arrangements to suit the customer, on an on-call basis.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our standard service support SLA's are summarised below which are factored into our licence fee. ; ; We categorise 5 levels of incidents based upon severity of impact, and respond accordingly, all during normal business hours:; ; Showstopper: Acknowledge in 1 hour, workaround in 4 working hours, resolution in 20 working hours.; ; Critical: Acknowledge in 1 hour, workaround in 7 working hours, resolution in 33 working hours.; ; High: Acknowledge in 1 hour, workaround in 15 working hours, resolution in 41 working hours.; ; Medium: Acknowledge in 2 hour, workaround in 82 working hours, resolution in 148 working hours.; ; Low: Acknowledge in 3 hour, workaround in 115 working hours, resolution in 195 working hours.; ; We would provide a technical account manager available during normal business hours.; ; We would also be happy to discuss revised SLA's should the above not meet your requirements, and to provide quotes for bespoke terms.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To help with start up we offer two free days on site consulting support. This ensures you have access to all necessary documentation including our concise users guide, and comprehensive administrators manual, plus access to quick start application hubs and clear lines of communication to further support if needed. ; ; We can also help you plan your next steps, based upon the complexity and nature of what you wish automate withe Excelpoint.; ; You will need to decide do you wish to assemble and configure the solution in-house, or would you like some extra support from us.; ; If in-house then we have comprehensive training for those who will complete the work. ; ; If you wish us to complete the work then we can provide a clear estimate of the effort required, and what we would need from you. You will be surprised how quickly it can be done.; ; Finally, we can advise on data conversion, and how best to get your new solution fully up an running.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: Data extraction is very simple and very flexible. Our solution is driven entirely based on information type, and with just a few simple clicks each information type (or group of information types) can be extracted and loaded to any of the following - a text file, tab limited, Excel format, we can also support direct access SQL to any information type.; ; Typically, the most time consuming aspect of the data extract is likely to be discussing target formatting.
• End-of-contract process: We include two days free consulting support at the end of the contract to advise on the most efficient data extract processing. This allows you to complete a full data extract.; ; We also confirm and guarantee full erasure of data. ; ; This is achieved via processing within the MS Azure Cloud and completed my the MS Azure Team.; ; With Azure SQL Database, deleted data is marked for deletion. If an entire database is deleted, it is the equivalent of deleting the database’s entire contents. The SQL Database implementation is designed to ensure user data is never leaked by disallowing all access to the underlying storage except via the SQL Database API. That API allows users to read, write, and delete data, but does not have a way to express the reading of data that the user has not previously written.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Functionality is identical, and screen layout is fully responsive with the layout optimised automatically to suit each environment. There a 5 responsive screen sizes:; Smart Phone We Browser Layout; Tablet Portrait Layout; Tablet Landscape Layout; Medium Laptop Layout; Large Desk Top Layout.; ; Offline mobile access is also configurable via a standard mobile App downloaded and installed from the appropriate App Store for iOS, Android and Windows, and functionality can be optimised to work both in real time online, and in intermittently through the App.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service interface is accessed via web browser and user input can be configured using any combination of simple text boxes, date pickers, check boxes, radio buttons, selection from simple and searchable lists.; The page is accessible via screen reader and voice to text applications.; We can support screen description and data capture in a number of foreign languages storing both verbatim foreign response and Google translated data. Field tips are configurable to guide user input.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: A large public sector customer has assessed our system interface and based upon their report we implemented the necessary measures to achieve the WCAG 2.1 AA rating. They then repeated the tests and confirmed the changes had been implemented and the standard had been achieved.
• API: Yes
• What users can and can't do using the API: Via the Excelpoint REST API users can retrieve, add and update individual records, upload attachments to records, trigger workflows and processes, and perform searches to retrieve multiple records.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Excelpoint is “Information Driven” and the definition of an Information Type or “Template” drives all other functionality of the system without further intervention. As a direct result anything and everything can be customised - what information is captured, the layout of the data capture screens, the validation applied, the processing logic deployed, the format of any and all outputs. It is also possible to customise "field tips" which guide data entry. ; ; Customisation is achieved with no bespoke coding using the highly flexible, configurable, and easy to use no-code platform features. ; ; This can be done by anyone with suitable access and permissions, and a clear understanding of the business requirement, business process and the information that drives the business. No technical knowledge is required.; ; User definitions include Super User, Administrator, and Standard User, and for Standard Users the access permissions can be set to further limit the user capabilities. These access permissions include the Groups of information they have access to and whether they have Search, View, Edit, Add, Generate or Delete rights. ; ; In addition, we can provide both training to in-house administrators, and direct support to help expedite any customisation required.

Scaling

• Independence of resources: The MS Azure Cloud has capacity. ; ; We select the correct virtual machine capacity for each individual contract sized appropriately.; ; Unless otherwise agreed we select dedicated servers.; ; We can if requested look at shared server solutions - for non mission critical applications - which would drive down the hosting costs. In this instance the systems themselves would be securely siloed with zero overlap, but sharing server capacity

Analytics

• Service usage metrics: Yes
• Metrics types: Available to report on are:; Logon/Logoff events including date time and userid; Item counts per information type; Full audit trail of system events - data viewed, added, amended, deleted for any information type - this can be set at installation level and configured through a matrix of options; Also available are hours of usage - in total, per user, by role
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The system is high configurable and data can be exported in almost any format required.; ; Any information type (or groups thereof) can be output in any of the following formats: simple text file; highly complex excel files linked to external dashboards, charts and reports; mail merged to word documents;; outputs via interface to external reporting tools such as power BI; reminder emails or SMS from tabulated information.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Tab delimited ASCII data
  • Excel spreadsheet templates
  • Via SQL views of information types
  • Via direct production of external database table
  • Via our standard Excelpoint REST API
  • Direct to any information repository meeting open system connect
  • Via user defined word document template (mail merge)
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Direct from Excel Files
  • Tab delimited ASCII data
  • Direct from any information repository meeting open system connectivity standards
  • Direct from any SQL compliant database
  • Direct from any MSAccess database
  • From an external 3rd party API
  • From a JSON document

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our G-Cloud Solution is hosted in the MS Azure Cloud, which typically quotes uptime statistics for almost all aspects of the Azure eco-system at a guaranteed level of more than 99.9%.; ; Downtime is usually caused by the infrastructure rather than the application platform or specific applications delivered. In almost twenty years, we have not suffered any significant downtime caused by our platform or systems delivered within it. As with any development platform, it is, of course, possible to create a system that could cause significant server load and poor performance or crashes, but this is more an issue of testing, change management, and release strategy.; ; Backups are taken Daily. ; ; All backups, are stored within the server environment but not on the same server as the main system and are automatically removed according to the above timetable. Where appropriate, the Azure platform can be configured to automatically replicate one virtual server to another to provide an almost instantaneous failsafe in case of a complete system failure.; ; Service credits can be agreed on a per call off contract basis.
• Approach to resilience: Our selection of the Microsoft Azure platform for hosting means that physical data is stored in UK datacentres, and the failsafe failover server would be in another UK datacentre, both locations covered by all current Data Protection legislation including GDPR..; • There will no physical access to the Datacentre for both Excelpoint and DCC staff, however, Excelpoint can grant nominated DCC staff with server level access.; • All Microsoft Data Centre’s maintain state-of-the art physical security, including 24x7x365 surveillance, environmental protections and extensive secure access policies, not detailed here for security reasons.; • Excelpoint roles that will have technical access to DCC data will include:; o Systems Architects;; o Business Consultants;; o Support technicians;; although only Systems Architects will have server and database level access to the data; • Robust recruitment procedures and references assure Excelpoint of staff quality coupled with company policies and technology enablers ensuring access to systems can be granted and removed as needed and approved.; • Excelpoint use a Password Vault to allow only approved access to information or infrastructure for any member of our team in a controlled and monitored manner. This access can be removed effectively for people leaving or changing roles.
• Outage reporting: Excelpoint is hosted on the G Cloud Approved Microsoft Azure Cloud Platform and as such provides real-time outage reporting through the Azure Monitor service. All Virtual Machines are monitored for performance and uptime along with the Excelpoint applications running within. In the event that issues are detected email, SMS and voice alerts can be triggered to the Excelpoint support team who in turn pro-actively engage with customers on potential downtime.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access to any customer system details is role based and the details are stored within a centralised password vault. Only those requiring access are granted access. The vault that stores all customer credentials is only accessible by those with appropriate permissions. Remote server access is protected under firewall and only accessible from a specific IP address.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Centre for Assessment
• ISO/IEC 27001 accreditation date: Oct 2021
• What the ISO/IEC 27001 doesn’t cover: Under G-Cloud we are offering Software as a Service with our no-code platform – Excelpoint – hosted in the MS Azure Cloud. Our ISO27001 covers our elements of that service and Microsoft’s various accreditations cover their elements of the solution. ; ; Inside our ISO27001 – Is our development work, for both the Excelpoint platform itself, and the solutions we assemble, configure and support on it, as is our overall Governance Framework.; ; Outside our ISO27001 – are the physical components of the service – Server Hardware – as would be the disposal of said hardware post contract. ; ; Part in, part out - Configuration management of our solution would be covered, but elements of the overall service relating to server configuration would be outside scope. Vulnerability management and monitoring would be mainly Microsoft, though Excelpoint is penetration tested annually. Our Incident management processes are managed by us and hence inside ISO27001.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: IASME

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: In line with our ISO27001/ISO9001, Cyber Essentials and IASME accreditations we maintain comprehensive Information Security Policies and Processes, identified in our Company Handbook, sign-posted to new joiners during induction, backed by disciplinary processes and procedures, and monitored.; The policies cover:; Regulations for use of company facilities;; Bring Your Own Device;; Password rules and management;; Email, Internet and Social Media policy;; Monitoring.; ; The Company hold employees personally liable for loss or reputational damage resulting from breach of policy, and breach of policies may result in disciplinary action including dismissal for Gross Misconduct.; ; In addition we also have specific Data Protection Policies, which confirm adherence to six ‘Data Protection Principles’ ensuring data must:; be processed fairly, lawfully and transparently;; be collected and processed only for specified, explicit and legitimate purposes;; be adequate, relevant and limited to what is necessary for the purposes for which it is processed;; be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay;; not be kept for longer than is necessary for the purposes for which it is processed; and, be processed securely.; ; The Data Protection Policy also covers action in the event of a Data Breach, or Subject Access Request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Excelpoint is accredited with ISO 27001 and ISO 9001 and as such has management systems in place to direct the process by which configuration changes are planned, implemented, tested and rolled out.; ; Changes made to system configuration are tracked through Excelpoints internal change management system which, in conjunction with the internal support system provides a traceable record of changes requested, implemented, tested and rolled out.; ; Changes are always reviewed by a product specialist to ensure that the suggested change does not present security issues in the context of the customer's business requirement.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Changes made to the platform itself are tracked through code version control and tested with both automated testing and functional testing allowing for a review of potential security holes. The platform is vulnerability tested annually, or after any major work undertaken on security-critical areas of the product, and any highlighted vulnerabilities are triaged and addressed within defined timeframes where critical security flaws are addressed immediately and low risk changes are incorporated in the next software release cycle.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring is primarily done directly by Azure Monitor. It delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud environments. ; ; In addition this allows us to interactively analyze monitoring data and proactively respond to critical conditions identified in the data that it collects. This includes sending a text or mail to an administrator responsible for investigating an issue, or launch of an automated process that attempts to correct an error condition.; ; Speed of response aligns with our standard response SLA's for which the top speed is response within 1 hour, fix within 24.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are raised through either our manned telephone support line ( 09:00 – 17:30) or via email to our support desk. In either case, a Support ticket is raised, and a unique reference is assigned. The incident will be triaged appropriately and issued to a suitable member of the technical consultancy team. Progress and resolutions are then updated and tracked against the logged ticket in line with our SLA provided as a download on this portal. Customers are kept up to date with progress and resolutions until satisfied and then the incident is closed.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Excelpoint and many of our customers embrace our software to monitor, encourage and help reduce or minimise travel and paper consumption and to operate more efficiently. ; ; One of our customers Modeshift utilises our software to work towards securing increased levels of safe, active, and sustainable travel in business, education and community settings. ; ; Around 90% of our meetings utilise online meeting tools, and we adopt a hybrid working philosophy for employees who choose to work from home, further reducing fuel emissions and supporting a modern, work-life balance.; ; In 2020, we moved to a new office. A driver in the selection of the new building was that it was environmentally friendly. Our office building utilises solar PV panels and ground source heat pumps. It has low voltage sensor managed lighting, insulated panelling, harvested rainwater, and onsite facilities for meetings and events to help minimise travel. It also provides comfortable and relaxing breakout and social areas for our employees.; ; Our environmental strategy extends to our employees. We encourage them to dedicate one day a quarter of their working time to give back to our community. One example of this is members of staff participating in tree planting initiatives across the region.; ; Our no-code software in digitalising and replacing paper-based processes contributes toward creating a sustainable environment. Organisations can reduce their carbon footprint by irradicating outdated paper-based processes and opting for digital solutions. In doing so, they will reduce the demand for printers and photocopiers with associated print cartridges with single-use status and the later decommissioning of equipment. It will also reduce paper usage to help slow down deforestation, helping to reduce the impact on the habitation and endangered species. Buried paper will also decompose, giving off methane, a greenhouse gas.
• Covid-19 recovery:

  Covid-19 recovery

  Our existing hybrid working patterns served us well through the pandemic, with more home working, conference calls over MS Teams. ; ; We were able to fully observe all the isolation rules with very little impact on productivity, and continue to do so even though now - (May 2022) - the rules have relaxed.; ; Our business is not on the front line fighting the pandemic and we recognise that as such our contribution to Covid-19 recovery is limited.
• Tackling economic inequality:

  Tackling economic inequality

  We are an SME based in the North of England and as such we recognise our contribution to tackling economic inequality is limited in scale. That said, we are providing high tech jobs to the local community and offer apprenticeships to suitably qualified and ambitious you man and women.
• Equal opportunity:

  Equal opportunity

  We are an SME and as such our employee base is too small to fit to statistical norms. We are an equal opportunity employer, with men and women, young and old employed, from a variety of ethnic backgrounds employed in a variety of roles.
• Wellbeing:

  Wellbeing

  In our world, our people are the most important part of our business as they contribute to our success and the implementation of successful projects to enable customer experience excellence.; As a result we have created a workplace environment where all employees feel valued, supported, informed, and one where employee well-being is at the forefront of all that we do.; Our culture based on responsibility, personal growth, excellence, respect and well-being. We value and nurture the talent of our workforce.; ; Our well-being policy extends to the benefits package.; ; Along with the standard 28 days holiday, including bank holidays, we offer the Christmas break as on-call only to enable employees to relax and enjoy time away from work. We have the option to buy or sell back holidays when required. With the local community and wellbeing in mind, we encourage our employees to allocate one day a quarter of volunteering leave to help out a charitable cause.; ; We offer flexible working with the option of hybrid working. When in the office, our staff benefit from a modern office environment with the latest tech, designed with environmental concerns in mind and break out social spaces – all to aid staff well-being.; ; We offer promotion from within, providing career plans, opportunities, and training to enable employees to reach their potential. They also benefit from continual learning - we encourage and enable our employees to grow.; ; We support young apprentices, offering opportunities to train and enjoy a career within Excelpoint.; ; We have an excellent track record for all aspects of health and well-being, and we ensure our current and future workforce enjoys an environment of equality, diversity and inclusion. We actively encourage a healthy lifestyle and have incorporated Vitality Health into the business health scheme combining better health with health insurance.

Pricing

• Price: £450.00 to £1,666.67 a unit a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Parry.Jenkins@excelpoint.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.