INPUTE TECHNOLOGIES LIMITED

M-Files

M-Files is a platform for knowledge work automation. Knowledge workers can find information faster, work smarter, and achieve more. It features an innovative metadata-driven architecture, embedded workflow engine, and advanced AI. This enables customers to eliminate information chaos, improve process efficiency, and automate security and compliance. Full details https://m-files.my.site.com/s/article/mfiles-ka-434740.

Features

• Knowledge work automation & document management platform
• Metadata-driven architecture, version control
• Document automation & automated workflows
• External collaboration portal
• Integration with external systems such as CRM & ERP systems
• Mobile access
• Automated compliance & security functionality
• Comprehensive Search functionality

Benefits

• Increased efficiency through automation of knowledge work
• Enhanced document management capabilities
• Improved version control for documents
• Streamlined workflows through automation
• Facilitated external collaboration
• Seamless integration with CRM and ERP systems
• Accessible via mobile devices for flexibility
• Enhanced search capabilities for information retrieval
• Automated compliance and security measures for data protection

£25 to £44 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at c.howard@inpute.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

359363076431999

Contact

Chris Howard
+44 203 026 7521
c.howard@inpute.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: None
• System requirements:
  • Windows 10/11 and .NET Framework 4.7.2 or later
  • M-Files is a native application for iOS and Android.
  • https://userguide.m-files.com/user-guide/latest/eng/operating_system_requirements.html

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Inpute provide a range of response times depending on clients needs. 1hr, 4hr and 8hr agreements are available Monday to Friday, 0830 to 1730. For 24/7 customers, the SLA is as follows, unless otherwise negotiated with the customer:; Priority Level and Initial response Fix or workaround; 1 - Within 4 Hours Within 16 Hours; 2 - Within 8 Hours Within 2 Business Days; 3 - Within 1 Business Day Within 3 Business Days; 4 - Within 2 Business Days Within 5 Business Days, unless otherwise indicated in response
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Inpute provide a range of response times depending on clients needs. 1hr, 4hr and 8hr SLA agreements are available during normal office houses Monday to Friday, 0830 to 1730. Weekend cover and 24/7 support is available and responses times are subject to client requirements.; ; Inpute provided a flexible support model which meets the clients specific needs. Prices for support is based on scale of the solution (typically number of users), complexity, type of support needed and SLA required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Multiple training options including a self service online academy, classroom training (remote and on-site) or train the trainer based training. Online help center with full documentation (https://help.m-files.com/) and training videos are also available. A dedicated Customer Success department is on hand to ensure successful adoption.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: There are several options:; • Small volumes of data can be exported by end users from M-Files Desktop client; • Larger data exports can be done for instance via the API; • Export can be purchased as professional services work from M-Files
• End-of-contract process: An M-Files Cloud subscription will automatically renew for successive renewal subscription periods unless customer terminates the agreement with a written notice to M-Files at least forty-five (45) days prior to the end of then current subscription period.; ; During the subscription period and for thirty (30) days thereafter, the customer may request a backup copy of their hosted data, which M-Files will make available for customer within thirty (30) days from customer's written request on a medium or system to be determined by M-Files. Any services required to provide such backup to customer will be provided as implementation services invoiced on time and material basis and invoiced, if not otherwise agreed, in accordance with M-Files' applicable price list. The customer may also export their data from M-Files Cloud themselves (see previous answer).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: M-Files Mobile enables users to quickly and securely create and manage documents and other objects while on the go. It includes the most common features for daily use, whereas M-Files Desktop is the full-featured client which supports also advanced use cases. For a feature comparison, refer to https://m-files.my.site.com/s/article/mfiles-ka-370658
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: M-Files is based on a client-server architecture. Clients are available for Windows (thick client), web (modern browser-based application) and mobile (iOS and Android). Different combinations of clients can be used within organization simultaneously.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: M-Files test strategy is aligned with our Agile software development methodologies. Testing is carried out as three main activities:; 1) Testing during software development; 2) Testing of M-Files releases; 3) Extensive test automation.; Security testing is executed for M-Files monthly releases with security testing tools, e.g.:; - web vulnerability scanners; - PCI Compliance Scanner; • static code analysis; Security frameworks and guidelines, such as OWASP TOP-10, OWASP ASVS and OWASP SAMM are used.
• API: Yes
• What users can and can't do using the API: The API is immediately available and ready to use in the M-Files Cloud. ; There are many existing interfaces that are connected via the M-Files API. This means that changes to content can also be made by third-party systems. The M-Files API offers almost all relevant functions that are available in M-Files. A comprehensive interface description is available to customers. https://developer.m-files.com/APIs/REST-API/. In addition to the REST API, there is also the COM API available. https://developer.m-files.com/APIs/COM-API/
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: M-Files is a platform that can be configured to meet customer requirements. The platform offers flexible configuration and customisation options, including but not limited to:; • Metadata structure (record types, value lists etc.); • Workflows; • Service behavior; • Client behavior; • Theming; Most of these configurations can be done by customer administrators. Some specific options may only be changed by M-Files Cloud Operations.; ; The M-Files UI Ext Framework allows customising of certain UI elements programmatically: https://developer.m-files.com/Frameworks/User-Interface-Extensibility-Framework/. Backend features, like automatic calculation or object creation can be customized programmatically with the M-Files Vault Application Framework: https://developer.m-files.com/Frameworks/Vault-Application-Framework.

Scaling

• Independence of resources: M-Files Cloud Ops monitors resource use and can scale up resources when needed. Customers who want a dedicated environment can choose an isolated service in which case the cloud instance is reserved for them only.

Analytics

• Service usage metrics: Yes
• Metrics types: M-Files Manage portal provides subscription insights such as database and file data size, object and object version count and user license utilization.; Customers can export repository data to an external reporting database for analysis with any third-party reporting tool. This could answer questions related to workflow efficiency, for instance.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Hyland, M-Files, OpenText, Abbyy software and associated services

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: All customer data is encrypted at rest. Files are encrypted using the AES-256 algorithm and M-Files Server generates the encryption key and stores it in encrypted format in the database which is encrypted with TDE (Microsoft SQL Server feature). Customers can optionally use Azure Key Vault to manage the file encryption keys themselves.; ; Microsoft handles Azure data center physical security and access control.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: M-Files offers two methods of exporting content. First, users can export view results and associated metadata by a simple right-click menu option from the Desktop client. Associated metadata is exported into a CSV file format along with the file content. Second, the archive and content replication feature of the M-Files Admin allows for the export of content and metadata in large quantities. This content is prepped to be imported into another M-Files vault (repository).
• Data export formats: CSV
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • XML
  • XLSX

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: You can find a detailed description here: ; https://www.m-files.com/editions/m-files-cloud/; https://m-files.my.site.com/s/article/mfiles-ka-434740s
• Approach to resilience: M-Files Cloud is hosted in Microsoft Azure. The Azure data centers are highly secured and designed to automatically survive hardware and infrastructure failures. The redundant infrastructure offers, for example, emergency power support, fire detection and suppression systems, video surveillance, dual internet service providers, and much more.; ; M-Files Cloud uses Microsoft Azure SQL Database to store the object metadata and other important customer content including vault metadata structures. Microsoft Azure SQL Database stores all the permanent data to redundant storage to mitigate outages that failures of server components can cause. Additionally, database backups and transaction logs are stored in geo-redundant storage to enable recovery to another data center in case of a major disaster.; ; Data is automatically geo-replicated, and six copies of your data are always maintained. Your data is replicated three times within the primary region and three times within a secondary region hundreds of miles away from the primary region.; ; In the M-Files Cloud infrastructure, each high-availability cluster has at least two M-Files application instances that are both attached to the vault database and file storage at the same time. Azure Load Balancer routes traffic to either one of the application server instances
• Outage reporting: If there is a service outage that cannot be resolved in 30 minutes, M-Files sends an email to the impacted customers. M-Files also sends additional progress updates on an hourly basis.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: M-Files offers a comprehensive management environment for the installation (M-Files Manage). Here, trusted administrators can manage their own environment and grant or revoke new users and authorisations.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: KPMG IT Certification Ltd. (Finland)
• ISO/IEC 27001 accreditation date: March 15th, 2022.
• What the ISO/IEC 27001 doesn’t cover: The hosting of the service in Azure is covered separately by Microsoft's own ISO27001 certification. M-Files Ment and related operations.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001:2015 certification
  • SOC2 attestation report.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: M-Files designs its processes and procedures related to provided Services to meet its objectives. Those objectives are based on the service commitments that M-Files makes to user entities, the laws and regulations that govern the provision of Services, and the financial, operational, and compliance requirements that M-Files has established for the services. Security commitments to user entities are documented and communicated in Service Level Agreements (SLAs) and other customer agreements, as well as in the description of the service offering. M-Files has established operational requirements that support the achievement of security commitments, relevant laws and regulations, and other system requirements. Such requirements are communicated in M-Files’ internal policies and Standard Operating Procedures, system design documentation, and contracts with customers. M-Files requires employees to read and confirm the reading of relevant internal policies and Standard Operating Procedures with signatures. The M-Files organizational structure is designed to enable effective reporting from the individual level up to the management team level of the organization.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: M-Files applies an agile Secure Development Lifecycle SDL based process in product development. Concept and design phases define what is done and why it is done, together with architecture modeling and security impact analysis. After testing, a Feature Readiness Gate approval is applied, including Product Management sign-off, Architectural sign-off, Security sign-off and Verification sign-off. SDL is applied throughout the development process to protect against security threats. Manual and automated third-party component checks are done for each release to protect against vulnerabilities in third-party software. Release acceptance testing includes non-functional testing as well, like performance and security testing.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Security testing is executed for M-Files monthly releases with security testing tools, e.g.:; - web vulnerability scanners; - PCI Compliance Scanner; - static code analysis; Security test results are stored.; ; Security frameworks and guidelines, such as OWASP TOP-10, OWASP ASVS and OWASP SAMM, are used.; ; Periodical penetration tests are carried out throughout the year by internal team and external parties for selected components according to a penetration test plan
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Windows Servers hosting the service log failed login attempts, and a consolidated notification message is sent to the Cloud Operations team if there are over 30 failed login attempts. The message also contains descriptions of the login attempts. The Cloud Operations team reviews the report and evaluates the security risk. The source IP can be blocked to prevent a malicious attacker from attempting logins. The customer can enforce lock-out policies for logins after a separately agreed number of unsuccessful logins when using Windows credentials. The Operations team runs regular network security scans for the Azure Cloud Service in production use.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Security incident management is management of possible breaches, disruptions, failures, or misuse of information processing functions . M-Files incident management is operated in a distributed model in which several teams handle logical or physical segment of the infrastructure. Therefore, security incidents may be identified and fully managed in designated function specific processes. If required, the incident can be escalated as described in this Security Incident process description. The incident management policy covers procedures related to security incident detection and reporting, security incident notification and communication, and root cause analyses and lessons learned.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Inpute recognises sustainability and humanity’s response to climate change as one of the greatest challenges of our lifetime. That’s why we’ve committed to put sustainable technologies at the heart of our innovation—to make sure we are adapting and growing along with the planet with the lowest environmental impact. We continue our work on reducing our emissions on many levels (offices heating & energy, product lifecycle, travels).

  Covid-19 recovery

  In response to the challenges posed by the COVID-19 pandemic, our policy aims to catalyst economic recovery by fostering the creation of new opportunities and skills for people. We recognise the need for innovative solutions to address shifting market demands and embrace the opportunity to empower individuals and communities.; Our policy outlines several key strategies including:; Entrepreneurial Support: We provide comprehensive support our people, including access to mentorship, and supporting new opportunities, and incubation programs. ; Skills Development Programs: Recognising the importance of upskilling and reskilling in a rapidly evolving economy, we invest in training programs to equip our people with the skills needed for emerging markets and opportunities. By fostering a culture of lifelong learning, we empower individuals to adapt and thrive in a post-COVID world.

  Equal opportunity

  At Inpute, we empower our people with support, benefits, and resources. That means putting our company culture first with communities that get people connected, while celebrating unique backgrounds and experiences. No matter the office location or team, we focus on promoting Diversity, Equality and Inclusion through numerous. ; ; Inpute works diligently to promote trust and transparency in everything we do. Among our core values, we strive to “Acting with Integrity”—we act with integrity, make ethical decisions, and use good judgment. In that spirit, Inpute is committed to the highest standards of corporate governance, compliance, and ethics.

  Wellbeing

  Inpute is dedicated to fostering holistic wellbeing among our people. We prioritise mental, physical, and emotional health through comprehensive initiatives. Our wellness program includes flexible work arrangements and access to mental health resources, ; At Inpute, we believe in work-life balance, we promote a supportive and inclusive culture where employees feel valued and respected. Our Employee Assistance Program offers confidential counselling services, ensuring that all team members have access to the support they need.; ; Additionally, through continuous feedback mechanisms, we ensure that our wellbeing initiatives remain relevant and effective. At Inpute, we recognise that our people are our most valuable asset, and their wellbeing is paramount to our success.

Pricing

• Price: £25 to £44 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A Free M-Files Trial License is available and can be downloaded via the M-Files Web Site - www.M-Files.com
• Link to free trial: https://www.m-files.com/try-m-files/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at c.howard@inpute.com. Tell them what format you need. It will help if you say what assistive technology you use.