PDMS Limited (Professional Data Management Services Limited)

Digital Signing Service

PDMS's Digital Signing Service uses digital signing technology, through our partner GlobalSign. The Digital Signing Service, enables our clients' business systems to submit documents to the Digital Signing Service, to provide guarantee to 3rd parties that the signing party is trusted and the document has not been tampered with.

Features

• Integrated Advanced Electronic Signature process
• Issues Advanced Electronic Seals
• Verification of signatory through onboarding process
• Uniquely links the document to the signatory
• Tamper evident digital signing
• EIDAS compliant digital signing
• Adobe PDF and Adobe Approved Trust List (AATL) compliant
• Long Term Validation
• Signing via an API endpoint authenticated with Active Directory
• Can integrate into Power Automate or other low code solutions

Benefits

• Ongoing cost savings through digital signing
• Ease of implementation to existing workflows
• Compliance with digital signing industry standards
• Cross border acceptance of digital signatures
• Low barrier to onbboarding digital signing solution
• Secure transmission of documents
• Supports high volume transactions of digital signatures
• High availability of digital signing service
• PDFs can be digitally signed without manual intervention
• Digitally signed certificates reduces environmental impact

£0.50 to £1.50 a transaction

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at saasenquiries@pdms.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

477370679985422

Contact

Catriona Watt
+44 (0) 1624 664000
saasenquiries@pdms.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: There are no specific system requirements.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: A response to a support request can typically be expected to be received within four working hours of the support call being raised, however PDMS will work to agree SLAs with the buyer and can provide higher levels of service where required.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support availability; 09:00 to 17:00 Monday to Friday, excluding UK public holidays. (24/7 and public holidays can be agreed). ; ; A response to a support request can be expected to be received within 4 Working Hours of the support call being raised. A resolution, or work-around, can, in most cases, be expected to be received within 7.5 Working Hours of the support call being raised.; ; Further information is available within our Service Definition document.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Support can be offered via any of the following methods:; - Documentation ; - Video conferencing ; - Onsite training
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be provided in an agreed format - typically CSV/XML. The digital certificates have long-term validity, and can be validated until the signing certificate applied to the document expires.
• End-of-contract process: If the Service is terminated either by the Customer or by PDMS, PDMS will contact the Customer to establish your off-boarding requirements. PDMS will supply your data to you on Termination by exporting relevant data. Bespoke data extract requirements can also be provided on request, but would form part of a service request. The cost of this is not included in the subscription to the service. Other mechanisms are available and can be requested (either at Take-up or at Termination).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no functional differences between the desktop and mobile service.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The solution includes a RESTful API to enable end-users to integrate the digital signing service within workflows.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: PDMS is able to provide additional custom services, including integration support.

Scaling

• Independence of resources: PDMS' digital signing solution is hosted on our highly resilient private cloud that uses multiple storage, memory and processing units across multiple locales in multiple data centres on the Isle of Man – an architecture aimed at achieving extremely high availability, scalability and fast response times. Our private cloud meets a broad set of international, industry and regional compliance standards including ISO 27001 and UK G-Cloud. PDMS holds ISO 27001:2022 Information Security Management System standard certification and Cyber Essentials Plus.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage metrics are available on a dashboard.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: GlobalSign

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: PDMS uses industry best practice configurations in each environment to ensure that all data is encrypted at rest. Within the PDMS private cloud data is persisted on storage devices that implement encryption of all at rest data.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported to the end-user by agreement.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Service Availability is set at 99.9%
• Approach to resilience: PDMS Software-as-a-Service is hosted on a highly resilient infrastructure using multiple storage, memory and processing units across multiple locales in multiple Data Centres on the Isle of Man – an architecture aimed at achieving extremely high availability. ; ; The Data Centres adhere to best practices described by the EU Code of Conduct for Data Centre Operations, and meet the Uptime Institute Tier Level 3 classification. PDMS holds ISO 27001:2022 Information Security Management System standard certification alongside Cyber Essentials Plus certification. Further information is available on request and also within the Service Definition document.
• Outage reporting: In the case of an outage we will communicate via e-mail.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Access (to management interfaces and support channels) is restricted by least privilege access using accounts with strong username and password combinations.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA
• ISO/IEC 27001 accreditation date: Held since 25/03/2003
• What the ISO/IEC 27001 doesn’t cover: All areas of the business and our services are in scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: As part of its ISMS, PDMS have the following policies and processes; Information Security Policy, Secure Development Process, Acceptable Use Policy, Change Control Policy, Data Classification and Handling Policy, Data Protection Policy, Business Continuity Policy and an Incident Management Process, all of which are governed, managed and audited through our ISO certifications. All policies are owned and regularly reviewed by the relevant departmental manager. It is the responsibility of each departmental manager to ensure that all of their staff follow the information security policies and processes, however compliance is audited by the Quality and Standards Manager, with any issues identified reported to the relevant manager, for rectification. Operationally, Information Security is jointly managed by the Chief Operating Officer and the Quality and Standards Manager, both of whom report directly to the Chief Executive Officer, who has overall ownership at Executive Level for Security, allowing issues that require immediate escalation to be reported to the Executive Team. Operational Issues that do not require immediate escalation are discussed at the monthly management meetings, where it is a standing issue. All issues discussed during these meetings that require escalation are reported upwards to the Executive Team for it to be discussed, where appropriate.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have change management processes in place for both system and software changes. These processes are part of the lifecycle of each system or service. They involve the use of tools and technical controls, as well as policies and procedures for our engineers to follow.; ; All changes are documented and tracked. This includes peer review and approvals before any changes are implemented in our environments.; ; We control changes and releases through automated pipelines. This provides repeatable, audited, and secure methods for introduction of environment changes.; ; Notifications from the change management process ensures that relevant stakeholders are aware of the changes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Firstly, we promptly apply updates from the providers/manufacturers of devices and operating software that constitute our hosting platform. Updates are typically applied within a 14-days of release, barring any exceptional circumstances hindering successful deployment.; ; Secondly, we employ vulnerability management tools to scrutinise the installed software/configuration within our environments. The data generated is aggregated and examined by our engineers. If modifications are deemed necessary, they are managed through change management processes.; ; Lastly, through our software development lifecycle, we use code analysis and vulnerability scanners to detect known vulnerabilities within our developed software. This proactive approach addresses potential issues before impacting systems/services.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We operate systems that gather/process telemetry from a range of aspects related to our hosting/service offerings, extending the scope of vulnerability management system monitoring.; ; Telemetry provides valuable insight to our operations teams, who maintain security/stability of hosted systems. Identified issues/operational enhancements are prioritised/delegated/resolved appropriately.; ; Security findings are overseen by qualified engineers, allowing for a customised response/remediation process.; ; Where telemetry indicates potential compromise, it’s escalated through incident management procedures.; ; The tools/methods we use continually evolves. As new insights/remediations are discovered, they contribute to ongoing improvement of operational procedures and overall environment. This iterative process ensures systems remain secure, efficient and up-to-date.
• Incident management type: Supplier-defined controls
• Incident management approach: PDMS allow all staff the ability to report security incidents through a number of methods, including email, telephone, and system based forms. Ultimately all reported incidents are managed by the Chief Operating Officer, who follows the Incident Management Process, which identifies how the incident should be managed, including when to provide updates to any customers that may be affected. Customer Incident Reports are normally provided in a written document. ; ; All incidents are reviewed following their satisfactory conclusion, in order to determine what lessons can be learned, in order to improve the process or prevent future occurrences.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  PDMS is committed to reducing our impact on the environment and has held the ISO I4001 environmental certification for over 10 years. PDMS holds the Bronze Level Social Value Quality Mark accreditation which recognises distinction in values-led business that benefits customers, communities, and the planet. It is one of the most rigorously tested standards of its kind in the UK. As part of our certification, we have pledged to develop a comprehensive roadmap to achieve Net Zero by 2023 and offset our carbon emissions. We have a fully documented Carbon Reduction Plan which is published on our website. ; ; PDMS uses an online portal to report and calculate our carbon footprint, which is then forwarded to an external provider for offsetting through carbon credits. In addition, we have recently helped to fund a local carbon credit project by purchasing land that will support a tree-planting initiative with the dual purpose of carbon sequestration and biodiversity enhancement. ; ; We installed solar panels at our Global House head office which now produce 50-60% of our annual energy consumption based on a daytime energy consumption. ; ; Our employees have embraced Treekly, a platform that plants trees for every day they achieve over 5,000 steps, effectively "turning footsteps into forests." This initiative not only promotes reforestation but also enhances both mental and physical wellbeing among our staff.; ; Chris Gledhill, our founder, is the sector lead for the local Chamber of Commerce Climate Change Programme which enables us to share best practice across the business community. We cover environmental issues as part of our Lunch Time Learning sessions empowering our team to make environmentally conscious decisions both at work and at home. ; ; We also ensure that environmental protection and improvement is a key consideration of any partners or suppliers we work with.

  Covid-19 recovery

  COVID-19 took a toll on the physical and mental health of many people and within our organisation, we have expanded our comprehensive support programme for our staff and their family wellbeing, helping to reduce the burden on local healthcare services. This includes providing paid time off to attend any health-related appointments, access to bereavement support and counselling, externally trained mental health first aiders and private health care. In addition, we have provided all our staff with access to the HeadSpace meditation app to help support mental health app. ; ; We have improved workplace conditions that support the COVID-19 recovery effort by introducing a flexible policy allowing employees to decide whether they want to work from home or in our offices. ; ; We work with our local authority clients who have our employment and skills portal, SignedUp Skills, supporting their work to create employment, re-training and other return to work opportunities for those left unemployed by COVID-19, and new opportunities in their chosen high growth sectors.; ; During Covid we supported recovery by supporting our clients with various initiatives including rapidly developing a Covid-19 website for the Isle of Man Government.

  Tackling economic inequality

  When working with our clients in central and local government we assess where we can add social and economic value to the local communities both in where our clients work and where we work. We will collaborate with you to ensure that our social value commitments agreed as part of a contract are well aligned with your organisation’s specific social value priorities. ; ; PDMS holds the Bronze Level Social Value Quality Mark accreditation. The Social Value Quality Mark recognises distinction in values-led business that benefits customers, communities and the planet. It is one of the most rigorously tested standards of its kind in the UK. We have pledged to:; ; Provide opportunities for young people to gain valuable work experience which supports their future employment and to create sustainable employment opportunities in PDMS.; ; Actively support skills development and knowledge sharing and to promote awareness and understanding of career opportunities in the technology sector to help address the digital skills gap.; ; Be a force for good in our local communities by investing our time, expertise and money to positively impact people and our environment. ; ; Some of the varied activities we undertake that contribute to our pledges above, in relation to economic inequality, include donating our time to digital sector career talks, career mentoring, mock interview sessions and work buddies. We regularly host work experience students in different parts of our business from development and UX through to infrastructure and marketing. We have a structured apprenticeship programme and one in six of our technical staff originally started with use as an apprenticeship. ; ; Our team are allocated time for mentoring young people schemes including MCR Pathways and the Digital Critical Friends Programme. PDMS is also a key supporter of Junior Achievement; a global organisation that helps provide financial literacy, employability and entrepreneurship education to students.

  Equal opportunity

  We passionately believe in fostering inclusive environments that champion equal opportunity for all, regardless of gender, ethnicity, or background. Our commitment extends across the company ensuring that we have robust hiring practices that emphasis fairness and impartiality. We ensure that all candidates are evaluated solely on their qualifications and also merit based. Our promotion policies are transparent and merit-based too. We actively support career progression for all employees, regardless of their background or working pattern.; ; Given the gender gap in the technology sector we are involved in initiatives to help address this. We are proud that 34% of our tech roles are performed by females which is above the national average of 26% and we strive for greater representation. Our generous Maternity Pay is 12 weeks full pay and 12 weeks half pay.; ; We operate a fully hybrid working model, where our staff chose whether to work from home or come into the office and flexible working patterns to suit individual needs. ; ; PDMS has supported the Empowering Women programme through sponsorship and participation. This is a cross-industry initiative, backed by industry and government partners. The programme is unique as it is directed at women who work in digital transformation roles with the aim of building a collaborative and powerful community of emerging women leaders in digital transformation across all industry sectors. ; ; We also support charities that help women and young girls to progress a career in technology such as LoveTech and have STEM ambassadors in our team and focus on promoting awareness of accessibility and diversity in digital design – speaking at third party events and hosting our own webinars to highlight the importance of ensuring that all digital services cater to diverse user needs. ; We celebrate diversity, empower women, and work tirelessly to create an environment where everyone thrives.

  Wellbeing

  At PDMS, we promote an open culture around wellbeing and mental health. We conduct regular anonymous staff surveys every six weeks to monitor how staff feel in relation to workload, stress, health and mental health issues. This regular feedback helps form the support we provide to our team. Our Health & Wellbeing score is 8.6 which puts us in the top 25% of technology companies.; We measure our performance, and our results are also benchmarked against other companies in our sector. ; ; We operate inclusive and accessible recruitment practices and have a flexible work policy where our employees decide whether they want to work from home or the office.; ; We have an internal Wellbeing Team and a dedicated Wellbeing Channel within our corporate intranet along with the following in support of the wellbeing of our staff:; ; • Externally trained mental health first aiders; • Access to bereavement support and counselling; • Access to private health care including online tools to help support mental health and access to specialist one-to-one counselling covering a range of issues from money worries to a relationship breakdown; • A regular series of talks from external experts on mental and physical health covering topics including nutrition, dealing with stress & anxiety, mindfulness, addiction and posture; • Time off to attend any medical, dentist, opticians, or health related appointments; • Subsidised gym membership to encourage physical activity; • Every member of staff has a minimum of 2 days allocated to undertaking work to support a local charity or not for profit ; • Free access for our staff and their family to the HeadSpace app; ; We also put emphasis on training and continuing professional development supporting paid support for professional qualifications and study leave. We also support a range of different charities that focus on mental health.

Pricing

• Price: £0.50 to £1.50 a transaction
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at saasenquiries@pdms.com. Tell them what format you need. It will help if you say what assistive technology you use.