JOTFORM LTD

Jotform Enterprise

Jotform is an online form-building platform that allows users to create and customize forms and e-sign documents for various purposes such as surveys, registrations, order forms, and more. Jotform provides an easy-to-use interface and a wide range of form fields, customization options, several built-in features to automate your business process.

Features

• User-Friendly Forms
• Mobile-Friendly Forms
• White-Labelling
• User Managemenet
• Advanced Security (such as SSL encryption and GDPR compliance)
• Single Sign-On (SSO)
• API Access
• Dedicated Customer Success Manager
• Hosting Data Locally
• Importing Existing Forms and Submissions

Benefits

• Creating Custom Forms
• Access Anywhere, Anytime
• Streamline Data Collection
• Approval Workflows
• Collaborate in Real-Time
• Customizing User Experience
• Creating Forms Mobile-Friendly
• Dedicated customer support
• Conditional Notifications
• Offline Form Access

£6,666.00 a unit a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jamie@jotform.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

654810508689919

Contact

Jamie Boyd
+44-7495-803454
jamie@jotform.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Jotform has a formalized change management policy. Jotform Enterprise Product Team notifies customers via email two weeks prior to new releases. Upon customer confirmation, updates or bug fixes are deployed within agreed timelines. Customers have the option to opt out of updates, accommodating their preferences. To ensure business continuity, Jotform offers staging environments for testing new features. Product Managers and Customer Success Managers can provide end-user training upon request. Each release undergoes thorough QA by Jotform's QA Team and is accompanied by release notes shared with Enterprise customers beforehand.
• System requirements:
  • As a SaaS solution, no server or software installation needed.
  • As a SaaS solution, no server or software installation needed.
  • As a SaaS solution, no server or software installation needed.
  • As a SaaS solution, no server or software installation needed.
  • As a SaaS solution, no server or software installation needed.
  • As a SaaS solution, no server or software installation needed.
  • As a SaaS solution, no server or software installation needed.
  • As a SaaS solution, no server or software installation needed.
  • As a SaaS solution, no server or software installation needed.
  • As a SaaS solution, no server or software installation needed.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Per day average 1 hour
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: There is no cost for maintenance. You can find the support levels below:; ; Level 0: Self-help using Jotform Help guides https://www.jotform.com/help/ ; Level 1: Zoom and email consultations via Jotform Enterprise support engineers; Level 2: Solution support via https://www.jotform.com/ticket-categorize/create-ticket; Level 3: Expert solution from Jotform Enterprise development teams.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Online training
• Service documentation: No
• End-of-contract data extraction: Users can extract their data by exporting data within one month after the contract ends. Here is the detailed information: https://www.jotform.com/help/374-how-to-export-all-of-your-data-at-once/
• End-of-contract process: Jotform Enterprise charges on a per-user basis. A “user” is defined as an individual who has a login to your Jotform Enterprise account to:; ; Create/edit forms and documents; Initiate integrations, and/or; View/edit/analyze submission data directly in the form submission of documents database.; ; Additional features like SSO integration and HIPAA compliance have extra annual fees. Additional Permitted Users can be added in bundles of 5, for additional annual fees.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our solution supports desktop and mobile versions of the surveys. All surveys built on the Jotform platform can be previewed on different devices such as phones, tablets, and desktops.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: Here is the details: https://api.jotform.com/docs/
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Jotform offers customizable survey options, including color themes, branding removal, survey closure settings, messaging options, and various question types. ; Below, we have elaborated on these:; ; Jotform offers 29 survey elements, such as text boxes, radio buttons, and checkboxes, which can be easily added and customized without coding. ; ; Users can customize the layout by rearranging elements and adjusting sizes, while Jotform Advanced Designer allows for style customization with various color schemes and fonts.; ; With Jotform Enterprise, surveys can be fully customized to match branding, and users can utilize custom URLs and domains without coding.; ; Additionally, Jotform provides options for survey closure, including thank you pages and notification emails.

Scaling

• Independence of resources: Jotform Enterprise customer's data will be kept in a single-tenant dedicated instance and no connection exists with other clients.

Analytics

• Service usage metrics: Yes
• Metrics types: Forms, total submissions, form views, payment submissions, signed documents, submissions, and upload space.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Jotform grants SaaS Jotform Enterprise customer secure system access via TLS connections. This access is only to Jotform Enterprise data systems, no other systems in the environment. These connections are secured and encrypted and are the only method for customers to connect to Jotform Enterprise-hosted systems. In the case of an investigation, Jotform will assist customers, at Jotform’s discretion, and law enforcement in forensics.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Jotform offers the flexibility to export form submissions in a variety of formats including CSV, Excel, and PDF. This functionality enables seamless integration of data into your existing systems and workflows. Additionally, our feature of filtering submissions on Jotform Tables allows you to export a specific data set.; ; Our Export Data feature provides the ability to download all forms as HTML files, submission data as a CSV file, and uploaded files, all in a single, convenient ZIP file. There is no additional cost associated with exporting all data.; ; For more information, please visit these links; https://www.jotform.com/help/73-how-to-download-form-submissions-as-excel-csv-pdf/ & https://www.jotform.com/help/374-how-to-export-all-of-your-data-at-once/
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • HTML
  • API
• Data import formats:
  • CSV
  • Other
• Other data import formats: PDF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: If Jotform fails to meet the response times, the Customer will receive a service credit equal to twenty percent (20%) of the monthly fees attributable to the month at issue.; ; Additionally, if Jotform fails to meet the response times more than three times in any given month or the required Uptime for two consecutive months, Customer may terminate the Agreement without any further obligation to Jotform. If the Customer has prepaid any fees, Jotform will provide a prorated refund of the total fees from the date of Termination.; ; Here are the response times:; ; "Critical Issues Response Time: 1 Hour / Resolution Time: 4 Hours; High Issues Response Time: 4 Hours / Resolution Time: 8 Hours; Low Issues Response Time: 1 Day / Resolution Time: Next Maintenance Release"
• Approach to resilience: All data centers where we host our servers meet the highest security standards. Our primary platform is Google Cloud, which complies with SSAE16 / ISAE 3402 Type II, SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017 (Cloud Security), ISO 27018 (Cloud Privacy), and PCI DSS v3.2. It also enables HIPAA compliance. You can find more information about Google Cloud compliance at https://cloud.google.com/security/compliance.; ; Additionally, Jotform has a business continuity plan. We can share detailed information according to the customer's request.
• Outage reporting: Jotform is a powerful online application that allows anyone to create custom online forms quickly. Its intuitive drag-and-drop user interface makes form building incredibly simple and doesn't require you to write a single line of code. Jotform shares historical uptimes publicly. You can find it here: https://status.jotform.com/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: We can share detailed information when the NDA signed.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Tevora Business Solutions Inc.
• PCI DSS accreditation date: 2023
• What the PCI DSS doesn’t cover: Here is detailed information about Jotform's PCI DSS certification: https://www.jotform.com/blog/pci-dss-service-provider-level-i-compliant/
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • HIPAA
  • GDPR
  • SOC 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: GDPR, CCPA, HIPAA, and SOC 2. You can find details here: https://www.jotform.com/security/
• Information security policies and processes: Jotform complies with HIPAA, SOC2, GDPR, CCPA, PCI/DSS, and other listed certifications here: https://www.jotform.com/security/

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: For updates and patches, Jotform Enterprise notifies customers via email two weeks prior. Upon confirmation, updates are deployed within agreed timeframes. Customers can opt out of updates. Staging environments are provided for testing. Product Managers offer end-user training upon request. Each release undergoes QA and is shared with customers beforehand.; ; Regular Maintenance involves updates on staging environments before production. Timeframes and impacts are communicated beforehand.; Updates are demonstrated on staging environments before deployment to production.; ; Jotform monitors systems 24/7 and addresses issues promptly. Critical issues prompt immediate updates and customer notification, with downtime requiring customer approval.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The process of Jotform to conduct thorough and timely risk assessments of the potential threats and vulnerabilities to the confidentiality, integrity, and availability of electronically protected Jotform Enterprise customer data (and other confidential and proprietary electronic information) it stores, transmits, and/or processes for its customers and to develop strategies to efficiently and effectively mitigate the risks identified in the assessment process as an integral part of the Jotform’s information security program. Our risk management program is part of our SOC2 Type II compliance audit.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Jotform uses PagerDuty as the incident management platform. The Incident Response Platform contains automated and manual alerts coming from various resources such as SIEM, Security Team, employees, etc.; Ensuring the privacy and security of user data is a top priority for Jotform therefore we have a bug bounty program in place with collaboration HackerOne. ; Jotfrom's security team regularly performs pen tests on our system and shares their response plan with the product team or fixes it immediately if it is high risk on the system.
• Incident management type: Supplier-defined controls
• Incident management approach: The Jotform Vulnerability Management program shall be based upon performing periodic scans of Jotform assets, examining both infrastructure and application vulnerabilities. After discovery, vulnerabilities shall be prioritized based on the likelihood and impact of exploitation. This program shall identify target timelines for remediating, applying compensating controls, or accepting the risk for identified vulnerabilities. ; ; Jotform infrastructure network and any future networks must be designed, implemented, and operated in a manner that ensures adequate protection commensurate with the information classification and acknowledged risk of its information assets.; Penetration testing is conducted quarterly.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  To make the world a better place, Jotform is here to help non-profit and education organizations do it. To thank them for making a difference, Jotform offers nonprofit and education organizations 30% off the Jotform Enterprise plan.

Pricing

• Price: £6,666.00 a unit a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jamie@jotform.com. Tell them what format you need. It will help if you say what assistive technology you use.