Skip to main content

Help us improve the Digital Marketplace - send your feedback

Doc-works Ltd

Scribe Digital Form Building Solution

Scribe Forms is a flexible, fully featured form building platform to replace all your inflexible stand-alone forms with a dynamic digital solution. The fully auditable solution can help you to identify key business areas which would benefit from customised form-based workflows that integrate seamlessly with existing systems.

Features

  • Real-time data entry via PC Web browser or app.
  • Software configured for multiple tablet sizes.
  • Real-time head-office viewing of captured data.
  • Configurable lookups e.g.Postcodes, DrugBags, Machines, Buildings, etc.
  • Intuitive user interface keeps training costs low.
  • Migrate paper forms and spreadsheets into an integrated reporting environment.
  • Create automated action plans and integrate with BI reporting packages.
  • Precisely replicate, dynamically adapt and link multiple forms together.
  • Cost-efficient data acquisition, storage and retention.
  • Integrated compliance tracking and reporting guides end-users auditing needs.

Benefits

  • Ideal for quantitative and qualitative audits.
  • Helps to deliver compliance by detailing things that require audit.
  • Easier to fill in than a paper form.
  • Legible records saving on paper and time, increased data accuracy.
  • Reduce time and carbon footprint spent processing paper forms.
  • Information from multiple forms can be integrated into business processes.
  • Ideal for businesses that require compliance.
  • Easy to identify audit data that needs to be captured.

Pricing

£3,000.00 to £240,000.00 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ceri.jones@doc-works.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

4 3 6 7 0 7 8 1 0 8 9 2 2 5 2

Contact

Doc-works Ltd Ceri Jones
Telephone: 01296 668210
Email: ceri.jones@doc-works.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
None.
System requirements
  • Android tablets, iOS iPad and iPhone.
  • Thin-client for Portal web-browser access.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Service Level Agreements are agreed per type of instance. Emergency
response is within 2 hours for NHS customers during normal working hours.

Usual response time for non urgent cases is 4-8 hours.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
All Accounts benefit from a dedicated Account Manager, named front-line Support Desk technicians, as well as a Project Lead and a System Architect.

Required support for each customer is defined early on in the scoping exercise depending upon skill levels, amount of internal resource etc of each customer.

Doc-works provide all upfront hand-holding to enable X product goes live within the customers' own network, or hosted within Doc-works' own secure Cloud environment.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
A train-the-trainer approach is usually adopted with an agreed number of hours/days included free of charge, depending upon the geographic spread of the customer's staff. Additional days are charged according to distance travelled and time spent. Online training is provided for minor upgrade releases, refresher / new trainers starting. User documentation is provided tailored to each customer / level of user.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Word
End-of-contract data extraction
Doc-works would provide all data free of charge at the end of a contract in previously agreed, standard formats.
End-of-contract process
Doc-works would be available for paid-for assistance migrating data to a new supplier, should this be required.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Recording of incidents is performed on Android and iOS devices.

Access to the Portal is via browser on Mac/PC
desktop.
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
No
Customisation available
Yes
Description of customisation
Forms can be customised by Doc-works for localised user requirements. Reporting can be specific to each user, as defined in the scoping exercise.

Scaling

Independence of resources
Server performance will be monitored and hardware
upgraded as required. Servers will be specified to meet and exceed all expected initial requirements, and agreed periodic account reviews will include server performance results.

Analytics

Service usage metrics
Yes
Metrics types
As per user requirements.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
All data stored by Doc-works is encrypted at-rest using Bitlocker full disk encryption. SQL Databases are encrypted using AES 256
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Authorised Users have full access to the database. There is no no need to export.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • JSON
  • TXT
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
Service is designed to transmit data over HTTPS using TLS version 1.2 or above with a SHA256 2048-bit RSA Certificate.

Data transfer can also be made available through SFTP with SHA-256 minumum encryption algorithmn. SFTP authentication is via public/private key pair.

Where possible portal and SFTP access will be restricted to allow connectivity from customer specified IP addresses only.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The supplier's required availability for all services is 99.5% uptime, not counting planned maintenance times. The 99.5% availability metric will be measured by a rolling six month period during the
Term of the Agreement. The Services Target is not to break more than three times per twelve months' during the Term of the Agreement. A break is defined as the loss of access to a vital business function. The expectation is for the services not to break at all during the Term of the Agreement, however there will periodically need to be scheduled maintenance times that will be
restricted to out of hours. For the avoidance of doubt, all scheduled maintenance times must be agreed in advance with the customer.
Approach to resilience
Available upon request.
Outage reporting
Email alerts.
Incident Management Process

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
User access is defined at setup. Hierarchical access is granted depending upon user rights etc.
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Audited by British Assessment Bureau who are UKAS certfied.
ISO/IEC 27001 accreditation date
22/05/2023
What the ISO/IEC 27001 doesn’t cover
All aspects of the product delivery are covered.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
GDPR
CE+
Information security policies and processes
Doc-works’ approach to governance is the set of
responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.

Periodic reviews are undertaken in line with existing and future customer demand. Training of all staff in the implementation and protection of information assets is reviewed and undertaken annually.

Benefits of information security governance to Doc-works and as advisors in turn to its customers is continually under review, with particular
attention paid to GDPR.

Doc-works Information Security policy is driven from the top-down, with communication documented in the defining of roles, responsibilities, authority and accountability.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes must follow Doc-works change management policy, designed and based on the ITIL framework and recording in our Change Management Log. CAB meetings are held weekly to review requested changes. Application changes must go through UAT and are assessed for security impact prior to deployment to live.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All doc-works servers and workstations are continually assessed for vulnerabilities using Micosoft Defender in line with out Vulnerability management process. Vulnerabilities are assessed against CVSSv3 and any vulnerabilites greater than 7 must be patched within 14 days, in line with Cyber Essentials Plus accreditation.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Logs are ingested into SIEM tool, a combination of alerts and proactive checks are utilised to identify suspicious activity. IP addresses flagged by our firewall IPS are investigated and will be blocked + reported for abuse where applicable. If compromise is suspected, systems are isolated from the network whilst investigations take place
Incident management type
Supplier-defined controls
Incident management approach
"Incidents are recorded in our IT Service Management software.
A seniour support engineer categorises the incident, if this has not automatically been met by rules.
The incident is assigned to a member of the support team.
The incident is diagnosed, which could result in escalation.
The ticket is resolved, with communication being sent to the affected users.
The incident is closed.
Analysis is made and reported. Close-out actions are undertaken, if required."

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Doc-works products and solutions enable our customers to work towards a paperless environment which helps to reduce CO2 (carbon dioxide) emissions, reduce their impact on forests, decrease the amount of landfill waste, cut energy use and help lessen the impact of climate change.

Doc-works also recognises and supports the policies, strategies and objectives for effective environmental management which are applicable to the operation of Doc-work’s staff, buildings, equipment and activities.

Our objective is to minimise the impact of our activities on the environment through:

• Continuously improving our environmental performance and integrating recognised environmental management best practice into our business.

• Measuring and taking action to reduce the carbon footprint of our business activities by working towards our Carbon Neutral Certification.

• Working towards the ISO 14001 Certification by improving our environmental performance through more efficient use of resources and reduction of waste.

Covid-19 recovery

Throughout the pandemic and beyond Doc-work’s focus is on supporting our customers, partners, and employees. Our priorities are the welfare of our customers and our staff whilst we continue to deliver a high-quality service for our customers and reduce the potential spread of the virus throughout the business, enabling us to maintain our high service levels to support our NHS Trust, public and private sector customers.

Tackling economic inequality

Our aim is to increase supply chain resilience and capacity and create new jobs and skills. This includes creating a diverse supply chain and including new businesses and entrepreneurs, supporting innovation, modernising delivery, and increasing productivity.

Equal opportunity

Our employment policies for recruitment, selection, training, development, and promotion are designed to ensure that no job applicant or employee receives less favourable treatment on the grounds of race, colour, nationality, ethnic or national origin, religion or belief, sex, sexual orientation, marital status, disability or part-time or fixed term status.

Wellbeing

Doc-works is committed to creating a harmonious working environment, which is free from harassment and bullying and in which every employee is treated with respect and dignity.

It is committed to ensuring that individuals do not feel apprehensive because of their religious belief, political opinion, gender, marital status, sexual orientation, race, age, disability or any inappropriate behaviour.

The Company is committed to supporting its employees, including; training and development programs, wellbeing-based employee benefits and regular employee events.

Pricing

Price
£3,000.00 to £240,000.00 a licence a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
A proof-of-concept free trial is often provided for large users, sometimes across multiple departments for 2-4 weeks, with
clearly defined success criteria agreed up front. Once the success criteria is confirmed, immediate roll-out proceeds according to the original proposal.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ceri.jones@doc-works.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.