Millersoft Ltd


Sheetloom seamlessly integrates Excel with underlying source data via almost any connection method. It is now possible to populate pivot tables and spreadsheet cells directly from source without any copy/paste or open database connections. Sheetloom runs on AWS and supports 1000s of users at a fraction of PowerBI´s cost.


  • Automatically extract, copy/paste data into spreadsheet from any source
  • Capture and analyse historic positons
  • Real time automated updates into spreadsheet cells or pivot tables/charts.
  • Secure, audited access to consistent spreadsheets
  • User access is decoupled from access to the underlying database
  • Affordable scaling ensures single source of truth across the organisation
  • Connect to any data source using SQL, Groovy or Screenscrping
  • Dynamic and rich results by blending data from multiple sources
  • Remote access on any device
  • Output to any spreadsheet: Excel, Google Sheets, Numbers, Open Document


  • Consistent and error free spreadsheets across the organisation or agency
  • Time saving from reduced manual creation and maintenance of spreadsheets
  • Minimal set up- design a spreadsheet and link to Sheetloom
  • Enhanced security: no user connections to data sources are required
  • Metered, or low licence fee options make scaling cost effective
  • Easily keep spreadsheet models and reports current with one click
  • Firstclass AWS citizen
  • Capture historic positions without the cost of a data warehouse


£5 to £5 a licence a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

4 3 8 5 9 2 9 8 4 5 9 1 1 8 6


Millersoft Ltd Gerry Conaghan
Telephone: 0131 376 7114

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard support normally within 4 business hours.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Support levels
L1: Tier/Level 1(T1/L1)
Initial support level responsible for basic customer issues. Gathering information to
determine the issue by analysing the symptoms and figuring out the underlying problem.
L2: Tier/Level 2(T2/L2)
This is a more in-depth technical support level than Tier I containing experienced and more
knowledgeable personnel on a particular product or service.
L3 Tier/Level 3(T3/L3)
Individuals are experts in their fields and are responsible for not only assisting both Tier I and
Tier II personnel, but with the research and development of solutions to new or unknown
Severity Definitions
1- Critical: Proven Error of the Product in a production environment. The Product Software
is unusable, resulting in a critical impact on the operation. No workaround is available.
2- Serious: The Product will operate but due to an Error, its operation is severely restricted.
No workaround is available.
3- Moderate: The Product will operate with limitations due to an Error that is not critical to
the overall operation. For example, a workaround forces a user and/or a systems
operator to use a time consuming procedure to operate the system; or removes a nonessential
4- Due to an Error, the Product can be used with only slight inconvenience.
Support available to third parties

Onboarding and offboarding

Getting started
User documentation
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Both generated spreadsheets and generated history are accessible from AWS S3.
End-of-contract process
No termination charge, pay per use model.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Service interface
User support accessibility
WCAG 2.1 A
Description of service interface
User intersects through graphical menus, and input panels using mouse and keyboard. No option to use microphone or camera.
Accessibility standards
WCAG 2.1 A
Accessibility testing
None, planned.
Customisation available
Description of customisation
An AWS Cloud Formation version which users can adapt to their own needs, install on their own AWS environment, and integrate more fully with other operational systems.


Independence of resources
System scales horizontally via AWS Lambda


Service usage metrics
Metrics types
User activity and access reports.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All data is accessible in Excel
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
Other data import formats
  • All SQL databases
  • Screenscrape

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Will vary according to customer configuration.

Can also be encrypted prior to transfer
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99%. If 99% not met, we would negotiate a refund separately.
Approach to resilience
We are utilising AWS best practice in relation to resilience. AWS S3 is used as the backing store for all vulnerable data. S3 is designed for 11 9´s durability.
Outage reporting
AWS Cloudwatch alerts can be created

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
IP address is whitelisted.
2FA is an option if customer requires.
Access restrictions in management interfaces and support channels
Access to management interfaces and support channels is restricted through a combination of username and passwords, multifactor authentication, firewalling, IP restrictions, the use of bastion hosts as appropriate.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
IP Address whitelisting

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Cyber Essentials Certification
Information security policies and processes
Sheetloom follows AWS best practice on security
We have a range of technical and organisational measures to ensure data security and protection. These cover Access, Roles and Responsibilities, Resource/asset management, Access Control & Authentication, Workstation & Device Security, Network/Communications Security, Back-up, mobile/portable device security, and physical security of our premises. Staff training and awareness is ongoing, staff / contractors must sign confidentiality and privacy statements and read and sign company security policy. Sanctions are applicable for non-compliance. Our reporting structure if a security breach happens or is suspected: staff are trained to and required to immediately flag to DPO and CEO and lock down or isolate the breach where feasible; DPO/CEO will take immediate action including isolation or lock down of affected systems, notification to affected parties, implementation of business continuity and disaster recovery. Risk impact reviews are conducted when a new data category is processed, or system implemented, and security measures adapted as necessary. Category logs, training logs, access logs, and breach logs are maintained, reviewed and signed off periodically by the assigned DPO and CEO.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All code is under version control using git.
Jenkins is used to build releases. An automated test framework is used for integration testing. Changes are tracked via JIRA. Cloudformation is used to deploy via AWS Marketplace
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Solution may be deployed into customer's AWS VPC via AWS Cloudformation or they may subscribe to Millersoft version;
External access is configured via customer and GUI is locked down via AWS security groups/firewalls.
SSH access is also locked down via security group and PEM file.
The access is as secure as the customer´s network.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Regular penetration testing
Awareness towards open source software defects (eg Python vulnerabilities)
All logs go to AWS Cloudwatch for auditing, monitoring and alerting.
Incident management type
Supplier-defined controls
Incident management approach
When a breach or suspected breach occurs staff our process requires staff to immediately report this to the DPO/CEO, raising a breach incident form and taking what actions are available to them to isolate or lock the system according to the severity of the breach. The DPO/CEO will assess the breach and implement appropriate measures to contain, and resolve and notify affected parties to the extent required. The nature of the breach, cause, impacts, actions to remedy it and timescale, outcome and further recommendations are recorded in breach incident log which is monitored by CEO and DPO.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Connected networks
Other public sector networks
Potentially all public sector networks based on client connectivity needs

Social Value

Tackling economic inequality

Tackling economic inequality

In respect of MAC2(2.2 & 2.3), Millersoft will commit and can demonstrate existing comittment to providing employment and training opportunities to young people, sourced, whenever possible, from the deprived local area.

Our recruitment efforts focus on providing local technology students studying in the nearby universities of Edinburgh, Heriot Watt, and Napier with internships that provide work experience, mentoring and training in bleeding edge IT. The ultimate goal of this effort is to provide the internee with full-time employment on completion of their studies.

We have contacts in the local universities and liaise over upcoming opportunities. We match these against student skills and goals to identify suitable candidates whom we shortlist for interview. Successful applicants are onboarded, allocated to client projects, given objectives, and a training & development plan that includes skills acquisition related to the project(s) to be worked on, and timescales for the delivery of training and goal attainment. The plan is regularly reviewed and updated by the director or the mentor assigned to the internee.

Examples include AWS Practitioner & Technician Certifications, Data Vault Engineer, Apache Druid. Iternees have worked a range of projects including, recently, build of a sales/ ticketing system for a lottery operator in South America, a solution to automate the build of data lakes on AWS, streaming services using Apache Spark and Druid at a card payments processor to process fraud data.

As part of any contract tender we will include these initiatives and the methods and processes described to attract, train and retain young employees from our local area. As part skills assessment and subject to specific project needs we can assign internees directly onto projects where they will be mentored by experienced professionals, or if the project requires more experienced staff, bring in internees to provide supervised cover on existing projects.


£5 to £5 a licence a month
Discount for educational organisations
Free trial available
Description of free trial
Full access for 30 days

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.