Skip to main content

Help us improve the Digital Marketplace - send your feedback

Zebra Software Ltd


ZEBSOFT compliance management system.

ZEBSOFT incorporates modules for managing,
Auditing (Programme & CAPA Management, Checklist Auditing, Auditor Management),
Assets & infrastructure,
Risk & Environmental Register,
Document Control & Signing,
GDPR (DPIA, Information Records & Asset tracking),
Suppliers & Contractors,
Contingency Planning,
Reporting & Feedback,
Tasks & Meetings


  • Multiple ISO standards ISO9001, ISO14001, ISO22301, ISO27001, ISO45001,
  • CAPA - Nonconformity and corrective action management
  • Organisation Roles, Responsibilities, Authorities
  • Risk Management - monitor risks/set alerting reviews and assign ownership
  • Planning System - set goals/KPIs/interested parties and legal register
  • Document Management - control of revision, authorisation and user signing
  • GDPR Management, DPIA, Information Records Assets,
  • Auditing, Audit Programme Management, Checklists
  • Strategic Planning and Management Review
  • Asset Management - logs tests, maintenance, inspections, calibrations


  • Control of GRC requirements
  • Web based cloud software
  • Comprehensive all-in-one system
  • UK Based hosting with 2FA authentication
  • Continual improvement methodology of operation
  • Centralised process and compliance auditing platform
  • Control over multiple sites
  • Cascades compliance throughout the organisation
  • Ownership and accountability within organisation
  • Allows for real time data entry, update and monitoring


£5 to £40 a user a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

5 7 8 9 0 4 2 7 5 7 3 1 3 3 9


Zebra Software Ltd Steven Bloomfield
Telephone: 0333 222 9070

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
No known constraints.
System requirements
  • Modern Web Browser
  • Internet Connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
4 Hours

9am-5pm Monday to Friday
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Limited to questions & answers. Only available to logged in users.
Web chat accessibility testing
No tests carried out yet.
Onsite support
Yes, at extra cost
Support levels
Standard support included
2 hours per week by email through ticketing system.

Enhanced support - £1500 per month plus £1 per user per month
Includes a Dedicated phone number and account Manager

Additional support services.
Onsite support & training available at £600 per half day plus expenses
Support available to third parties

Onboarding and offboarding

Getting started
Zebra Software can provide onsite training or remote training via Zoom or Teams.

There are online training videos available within the App.

User documentation for the system is also available within the App.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Users may output their data to reports at any time. They also may request the data from Zebra Software in spreadsheet format at extra cost.
End-of-contract process
The subscription covers the cost for users to access the main system.

Disposable/deletion of data etc are additional costs.

Organisations have the option to pay a nominal charge to continue with read only access to data.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Mobile is designed for users who require access to the system when away from a Laptop or PC.

This is very useful for onsite checklist auditing, users can easily add photographic evidence or use the voice typing to enter information.

The Web App is installable as a Progressive Web App.
Service interface
User support accessibility
None or don’t know
What users can and can't do using the API
The ZEBSOFT platform is a multi faceted system and many areas are not designed to be accessed via an API.

The API is limited to simple functions such as User management, obtaining results from checklists & audits, feedback & reporting, asset management, tasks and notifications.

Full details available upon request.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The system can be customised during the setting up process and Zebra Software will provide consultancy to assist with this if necessary.

Bespoke development & customisation is available from Zebra Software at extra cost.


Independence of resources
ZEBSOFT is hosted by AWS and covered by their SLAs.

All services are monitored by our technical team.

ZEBSOFT can be provided on dedicated infrastructure at additional cost.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Reports are the most common way that users export their data.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Pdf
  • Jpg
  • Doc
  • Xls
  • Open office
  • Microsoft Office

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
A VPN can be setup & configured at extra cost.
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.99% uptime
Approach to resilience
AWS EC2 front end
RDS database (hourly snapshots)
S3 file storage (private)
Outage reporting
Email alerts
twitter alerts

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
The super administrator defines roles which determines what a user can see and do.
Each user login defines what users have access to, what they can see and what they can do. Users can enable 2FA or a system administrator can enforce adoption of 2FA.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
UK National Certification Limited
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Zebra Software Limited adopted all annex A controls in its' current statement of applicability dated 23rd March 2020.
ISO 28000:2007 certification
Who accredited the ISO 28000:2007
Self determined self declaration
ISO 28000:2007 accreditation date
What the ISO 28000:2007 doesn’t cover
Design & installation of security equipment
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • ISO 27001
  • ISO 22301

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We manage ISO27001 & GDPR utilising our ZEBSOFT platform with automated reporting.

ZEBSOFT includes document controls to ensure staff read and understand our policies.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
ZEBSOFT employs full version control.

Testing is carried out on development/staging servers before being released to production.

ZEBSOFT is developed using the AGILE methodology.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We carry out daily checks of log files.

Server maintenance is carried out weekly on a pre-defined window.

Service affecting emergency security patches are carried out within an hour once identified.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Daily checks of log files and twitter feeds.

Isolate, analyse & act.
Incident management type
Supplier-defined controls
Incident management approach
We have predefined plans kept within our software system ZEBSOFT. Users can report within our software system or via email ticketing system.

Incident reports are emailed to the ZEBSOFT main account contact.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

ZEBSOFT is a cloud based software system that offers an alternative to onsite auditing and facilitates online meetings and collaboration.

By removing the need for onsite audits we have eliminated unnecessary travel and improve efficiency of management of auditing.

As a cloud based system we have also eliminated the requirement for on-premises servers and the environmental impact of running servers.

Zebra Software operates and encourages remote & home working for employees.
Equal opportunity

Equal opportunity

Zebra Software is an equal opportunities employer. Our infrastructure is setup to enable homeworking, flexi-time & part-time working.


"Work how you want, when you want", this is Zebra Software's employee philosophy. We like happy employees and to make it fun to work at Zebra Software.

We have weekly meetings at our office in Knutsford, Cheshire and organise many social events.

With homeworkers we operate a "Virtual Office" and have a continuous teams session open so people can talk and operate as if in a physical office.


£5 to £40 a user a month
Discount for educational organisations
Free trial available
Description of free trial
Full system is available for a trial period of 1 month to 3 months depending on the project size.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.