Workpro Requests - FOI, EIR and SAR case management system

Workpro Requests case management system supports information requests tracking and reporting, including FOI (Freedom of Information), EIR (Environmental Information Regulations) and GDPR SARs (Subject Access Requests). Allocate tasks, create consistent correspondence and store case documentation within one secure system. Reminders and alerts ensure deadlines are met and correct procedure followed.


  • FOI, EIR, GDPR SARs case types included 'out-of-the-box'. Configurable features.
  • Protect sensitive cases with user permissions. Allocate cases and tasks.
  • Highly visible alerts ensure key dates and actions aren’t missed.
  • All documentation stored and created within case record. Microsoft integration.
  • Email and letter templates auto-populated with case data save time.
  • Quick and advanced search to access relevant cases and documents.
  • Comprehensive dashboards, case and task views to track casework.
  • Built-in standard reports library and flexible report creation tools.
  • Key system elements and permissions maintainable by authorised administrators.
  • File management and GDPR compliance tools support data protection policies.


  • Manage all information requests from one secure online system
  • Ensure consistency in request management and responses
  • Improve correspondence and log all case documentation
  • Track case activity with clear visibility of next steps
  • Improve productivity, reducing time taken on cases
  • Ensure request handling complies with legislation and policies
  • A chronological audit trail guarantees full accountability and transparency.
  • Monitor case status and team performance in real-time
  • Produce management reports easily from the built-in standard reports library.
  • Identify common request themes for FAQ publication and improvement initiatives.


£120 to £475 a user a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

4 5 1 3 2 9 7 3 7 6 6 3 9 4 1


Workpro Ken Naismith
Telephone: 0131 449 7071

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Much of Workpro’s functionality is accessed from a web browser. Workpro supports the following: Microsoft Edge; Google Chrome. Workpro also supports the creation of Microsoft Word documents, which can be edited and saved directly back into Workpro using the following: Microsoft Office 2010 (32-bit version) or newer. You may also require a PDF viewer tool. Any application capable of reading PDF documents can be supported (Adobe Acrobat / Microsoft Edge / Google Chrome). We offer an optional Workpro PDF editor module which allows you to save changes to PDF documents directly back to Workpro.
System requirements
  • Microsoft Edge; Google Chrome
  • Microsoft Office 2010 (32-bit version) or newer
  • PDF tool such as Adobe Acrobat
  • PDF tool such as Microsoft Edge
  • PDF tool such as Google Chrome
  • Optional Workpro PDF Editor available as module

User support

Email or online ticketing support
Email or online ticketing
Support response times
We aim to respond as soon as possible, with standard response commitments as follows: Priority 1 within 1 hour (system non-operational and affects more than 50% users). Priority 2 within 4 hours (system non-operational and affects minority of users). Priority 3 within 4 hours (identifiable fault but system still operational, minor faults and advice). Priority 4 within 8 hours (cosmetic issues which do not affect the operation of the system). Priority 5 within 5 working days (system enhancements, new and additional features). Standard working hours are Mon-Fri 9am-5pm GMT but out of hours support is available.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
CAS operates an ITIL compliant support operation including manned help desk with backup technical resource as required.
• 24/7/365 online support portal, for logging/monitoring issues, requests and billing
Support is available by email/telephone through our helpdesk
• Remote support can be carried out via dedicated link.
• Workpro is an evolving product with one annual system upgrade
• Standard Workpro application support hours are Mon-Fri 9-5, excluding Christmas and New Year.
Our response times are based on 5 priorities:
Priority 1 system non-operational and affects majority of (>50%) users with a target of respond <1hr and resolve < 4 hours Mon-Fri.
Priority 2 system non-operational and only affects minority (<50%) of users with a target of respond in <4 hours and resolve in < 8 hours.
Priority 3 identifiable fault but system still operational , minor faults and advice with a target of respond < 4 hours and resolve in the next planned release.
Priority 4 cosmetic issues which don't affect the operation of the system with a target to respond in <8 hours and resolve in the next planned release.
Priority 5 system enhancements, new and additional features with a target to respond in <8 hours and negotiate resolution.
Support available to third parties

Onboarding and offboarding

Getting started
As standard, the Workpro Implementation Team will set up a client instance of Workpro on the Workpro Private or Public Cloud and will ensure client specific security settings are in place. Additional modules, customisation, support, integration and migration services can be purchased with Workpro. Workpro Cloud Support Services are available in G Cloud Lot 3.
While Workpro is designed to be intuitive and easy to use, we recommend training on the system to ensure that your organisation can use it to best advantage. Training is available for users, Train the Trainer, System Administrators and Report Writers. This can be onsite, or web based. A Workpro User Guide is supplied with the system and is accessible by a help link on screen.
Service documentation
Documentation formats
End-of-contract data extraction
We would provide client data in the form of a spreadsheet when the contract ends. We would also transfer any stored documents to a client drive.
End-of-contract process
1 month's notice is required, during which time service deprovisioning will be done.
Data and document extraction would be included in the price of the contract.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Chrome
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Workpro has a responsive design so it can be accessed from any mobile device.
Service interface
User support accessibility
WCAG 2.1 A
Description of service interface
Workpro is a responsive web application, and is therefore accessible from any web-enabled device.
Accessibility standards
WCAG 2.1 A
Accessibility testing
We have some customers with partially sighted users who use screen reader software to access Workpro.
What users can and can't do using the API
The Workpro API interface is designed for access by a client website and provides functionality to support the creation of Workpro cases. Additionally, it allows users to upload one or more supporting pieces of documentation and associate them with a case. Workpro web services are typically hosted in one of two configurations: Within a separate application hosted inside a Workpro application or as a completely separate web site hosted in IIS.
Access to the services is normally limited by a firewall to specific source networks or addresses, to prevent unauthorised use. Other security mechanisms can be added depending on requirements. It is implemented as a set of WCF services configured to communicate using the WS-I Basic Profile1. This specification uses WSDL to define services and a version of SOAP for communication. To access and consume the services you should be able to use any programming language or tool which supports access to web services using SOAP.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Administration tools allow many aspects of the solution to be maintained by authorised users with the required access level and appropriate training. Authorised users can make changes for example to look-up lists, data categories, fields, document templates, targets, thresholds and alerts, user permissions and some file management and data retention activities. The Workpro team are also available to support customisation should clients require or prefer it . We also provide integration (e.g. with your HR/Payroll system) and data migration services as required. See Workpro Cloud Support services in Lot 3.


Independence of resources
Each application has a separate application pool / database so that resource allocation can be profiled and allocated according to expected usage. Overall performance of the system is monitored by checking response times and resource usage. Where necessary, additional resources can be allocated.


Service usage metrics
Metrics types
Support service metrics can be viewed on the Workpro online support portal. • Colour coded Issue List shows priority and status • Billing dashboard shows contracted hours used and how many remain • Reporting dashboard shows e.g. issues raised, closed or currently open. If the Usage Based Licencing model is chosen, monthly user login reports determine how many users have logged in that month. An invoice will be produced based on that number. A user will be defined as a named individual and usage will be defined as the initial login for that named individual in a calendar month.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported from reports to other applications and formats, e.g. Excel, Word, PDF.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • HTML
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • PDF
  • HTML

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We guarantee service availability of 99.9% within a calendar month and offer a refund of licence fees for periods where the service isn't available
Approach to resilience
Available on request.
Outage reporting
Email alerts are sent to our support team if the service isn't available.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Administrator accounts are not granted permissions to access case data within the system. Access to servers is via named accounts and is monitored.
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
BM TRADA Certification Ltd.
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The CAS ISO27001 certification scope covers the service provided directly by the organisation, i.e. the software processing and storage environment, and development and administrative systems in place to support this. The provision of hardware and network services is the responsibility of our service partners, Iomart, who have their own ISO 27001 certification.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials
Information security policies and processes
As an ISO 27001 certified organisation, CAS has a fully documented ISMS (Information Security Management System) which includes the following policies: CAS Information Security Standard, CAS Information Backup Procedure, CAS Logical Access Security Standard, CAS Risk Assessment and Treatment Procedure, CAS Physical Security Guidelines, CAS Site Security Instructions, CAS Data Protection Procedure, CAS HR Security Guidelines. Copies of policies are available on request. The CAS Chief Executive Officer is responsible for overseeing the high level co-ordination of Information Security Management within CAS. CAS has an Information Security Forum who meet regularly and are responsible for ensuring policies are followed, consisting of:
• CAS Chief Technical Officer
• CAS Information Security Manager
• CAS Business Relationship Manager
• CAS Quality Manager.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our change management process is included within the scope of our ISO9001 accreditation.
At the start of a customer project a baseline specification is created. Changes to this are managed via a formal change control process with customers required to approve any changes to this specification.
Core product changes are managed using an agile process. A specification for the core product is checked in to our source control system which describes the version at that revision.
Configuration changes are managed in the same way and deployed using an automated build for removing variability from deployments.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
CAS assign information processing assets to individual owners within the organisation, who are responsible for assessing risks and mitigation steps applicable to these assets. The Workpro application can be patched with very little notice: there is no specific timetable for such updates as the priority depends on the nature of any vulnerability. Regarding information on potential threats, Workpro is subject to constant review during development and installation. Additionally external penetration tests are conducted annually or on request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The Workpro environment is subject to constant ongoing monitoring by an industry standard tool which can report failures or other incidents to responsible staff. These monitors are run from a range of systems, including externally hosted servers. Any incident is subject to review, discussion and escalation with an experienced team in place to identify and address issues. Since reporting is real time, the response to any incident can be immediate.
Incident management type
Supplier-defined controls
Incident management approach
CAS has a documented incident reporting process that includes action steps to handle critical incidents, up to and including large scale business continuity issues. CAS maintains a robust reporting system, accepting inputs from internal and external sources. Incidents are recorded in a formal database and are treated according to priority and impact. Failures that impact on user access or data can result in a formal report including details of actions taken, and any steps proposed to prevent or mitigate further incidents.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

CAS recognises that commercial activity needs to be conducted in an environmentally sustainable manner. We have a well-established ISO 14001 accredited environmental management system and seek continual improvements to our environmental performance. Our key impacts are in energy and raw material use, transport and waste generation, including disposal of electrical equipment. All staff are made aware of our Environmental Policy. Initiatives include: •Separate recycling bins for paper, cardboard, batteries etc. •Paper use is minimal. E-documents are used as routine including contracts, user manuals and business documents. •As electronic storage is not free either, vast data centres use electricity 24/7, we promote timely file management in our office systems and products to reduce data storage. •Discussions are under way with our UK hosting partner, iomart Group, to reduce hosting footprint. Our Canadian hosting partner AWS has a climate pledge. •Employees offered cycle2work and electric car schemes. •Heating levels are controlled, programming to “off” when the office is unoccupied. •Lights motion activated for safety and security in non-core areas (toilets, kitchen), “sleeping” when not in use. We moved to remote working during the pandemic and the team has chosen to continue to work from home by default saving fuel and time in unnecessary commutes. Most sales and customer meetings are now conducted via Teams, where before they would have been face to face – a huge saving in business travel. As cloud hosted software, Workpro is a key enabler for our customer’s environmental practices: •It enables remote working - it can be accessed anywhere by users with appropriate authorisation. •It promotes paperless working - it is designed to bring all casework into one online system, with everything electronically stored. •Workpro training has been re-designed for online delivery, with training materials such as manuals in electronic format, reducing waste, travel and pollution.
Covid-19 recovery

Covid-19 recovery

When Covid-19 struck, we immediately transitioned to home working - our staff were already set up for this. Other equipment was provided, e.g. office chairs, to ensure everyone had a comfortable working environment. Throughout the pandemic, the team worked full time, with no redundancies and no use of the furlough scheme. However, some of our customers struggled. We helped any way we could with the transition, e.g. providing laptops which were in short supply. We also provided a dozen laptops to a local school to distribute to families who could not afford the equipment needed for online schooling. Our Workpro product enables casework to be coordinated in remote settings, and it can be securely deployed remotely. During the pandemic we experienced an increase in enquiries from organisations who suddenly needed an online case management system. We made it easier to procure Workpro with reduced contract commitment terms and fees - giving people with immediate needs the flexibility to review arrangements post-crisis. We added c.30% to our customer base during Covid. We conducted online team sessions on mental health wellbeing, including Mindfulness training with an independent consultant and a talk from the Samaritans on recognising mental health concerns. Employees have 24/7 access to confidential counselling and medical services as part of an employee assistance programme through our Zurich insurance policy. Through an employee consultation exercise, the team chose to continue to work from home going forward saving unnecessary commutes. The office has been re-configured for team meetings and hybrid working. Any employees who prefer to work in the office can do so, with a desk booking system to manage numbers and appropriate hygiene measures in place. Most sales and customer meetings are now conducted via Teams, whereas before they would have been face to face a huge saving in business travel.
Tackling economic inequality

Tackling economic inequality

Given the current Digital Skills shortage in Scotland, our strategy is to “grow candidates” by supporting local educational communities. Initiatives to date include: •When Covid19 struck, we provided a dozen PCs and laptops to a local school to distribute to families who could not afford IT equipment for online schooling. •We regularly accept local school children for work experience, e.g. this year we have offered work experience to a 6th year pupil interested in an IT career. •We proactively encourage women into the IT sector where they are under-represented: o We sponsored our UX Designer through her Professional Diploma in UX, supporting her to change career from graphic designer. o Between 2014 and 2020 we supported the CareerWISE scheme run by Equate Scotland with paid women-only internships. The scheme no longer continues in the same format, but you can read our case study here. •We sponsored two Graduate Apprentices, and three employees came to us via CodeClan, a local Digital Skills Academy which transforms careers through software development and data analysis training. •We offered an IT Analyst position through the Kickstart scheme, which provides funding to create new jobs for 16- to 24-year-olds on Universal Credit who are at risk of long-term unemployment. Our employees are encouraged to undertake training relevant to their work. We have recently commissioned an independent consultant from Connect Three to conduct a Training Needs Analysis session with all employees. Our Workpro product is used by Ombudsman organisations amongst others to tackle injustice. Case outcome data feeds into analysis of lessons learned and root causes, which is then used in initiatives to tackle systemic injustice in their sectors. We undertake periodic pay comparisons, using external benchmarking via PurposeHR our HR service provider, to ensure that we have no gender-related pay gap for example.
Equal opportunity

Equal opportunity

CAS is committed to treating all employees and applicants equally. We maintain full transparency in our employment and business practices, with published policies that are audited annually as part of our ISO 9001 quality management accreditation. Our Equality and Diversity policy is available in our CAS Company Handbook. We are an accredited Living Wage supplier- ensuring anyone working for us, including third party suppliers, is paid a fair, living wage. Our male/female ratios are better than industry averages, especially in management positions, and we have no gender-related pay gap. We undertake periodic pay comparisons, using external benchmarking via PurposeHR, our HR service provider. We are working with a recruitment agency specializing in candidates who are higher on the Autism Spectrum and have allocated headcount for this initiative. CAS is committed to acting ethically in all our business dealings. This includes zero-tolerance of modern slavery and human trafficking throughout our business and supply chain. Our suppliers comprise mainly UK-based professional services or IT providers. All staff have a duty to avoid any activity that might lead to a breach of this policy and are encouraged to raise any concerns at the earliest possible stage. We have a Whistleblowing policy based on the Public Interest Disclosure Act 1998 to ensure staff feel comfortable raising concerns. Our customer base includes Ombudsman and others who use Workpro to support their own customers and ensure fair case outcomes. Our product includes features that promote consistent case handling, with alerts to vulnerabilities or additional needs, e.g., that someone requires Braille documents. Workpro can be configured to collect equality and diversity data to help organisations with equality initiatives. Our UX Designer works hard to ensure the Workpro UI is user friendly and accessible to users with additional needs, and we are working towards full WCAG 2.0 compliance.


All of our employees have access to an employee assistance programme through the company insurance policy with Zurich. The Health Assured programme gives all employees 24/7 access to: • Confidential helpline to access face to face or telephone counselling, medical, bereavement and financial wellbeing support. • My Healthy Advantage App for self-help tools, factsheets and webinars for mental and physical health. Employees can also choose a health cash plan with Healthshield which allows them to claim back the costs of dental check-ups, fillings, eye tests, physiotherapy, prescriptions and much more up to the limit of their choice. During Covid19 we conducted sessions on mental health wellbeing, including Mindfulness training with an independent consultant and a talk from the Samaritans on recognising mental health concerns (in return for a charitable donation which we were glad to do). Feedback on these sessions was positive. We use Trickle employee engagement platform as a safe place for people to share their thoughts – anonymously if they prefer. Trickle is used to conduct “moodsense” surveys, to arrange social activities and to give people encouragement (via “fist bumps”) for a job well done, amongst other things. Regular social activities are organised to promote team unity and connection. During lockdown these were held online – now we have moved to regular in-person activities organised by various team members. Recent events have included an online board games evening, an online magic show with family members invited, and four meals out since lockdown ended. We operate an employee volunteering scheme, through Social Good Connect, making 2 hours per week/1 day per month available during work time to help their choice of charity. Example charities include Sepsis Research, Dignity Boxes and a local Youth Club. Feedback shows that this has a positive effect on the wellbeing of participating team members.


£120 to £475 a user a month
Discount for educational organisations
Free trial available
Description of free trial
Clients are given a login to a trial version. Report Builder is not included with this version. Access is usually for one month, but is negotiable.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.