Microsoft SharePoint Enabled Bespoke Document Management System
Streamline your organisational efficiency with Brave & Heart’s bespoke Document Management System (DMS), powered by Microsoft SharePoint and backed-up by Microsoft Azure. Built using Microsoft365 and SharePoint architecture, our DMS provides one convenient, customisable location for storing, searching, approving and managing all your information. Brave & Heart are Microsoft Partners.
Features
- Complete document lifecycle and workflow management on SharePoint
- Customisable through Microsoft-approved SPFx extensions
- Creation of a comprehensive DMS Strategy
- Centralised document hub, increasing accessibility, security and transparency
- Built-in notifications and global/local tagging libraries
- Full auditing of document processing, with access traceability
- Legally binding signature capability using optional add-on software
- Secure retiral and storage folders
- Protected access, using optional 2-factor authentication
- Optional SPFx extensions, providing submission, approvals and complex management functions
Benefits
- Improved organisational document management, planning and reporting
- Greater control over document accessibility through full audit traceability
- Efficient categorisation through class-leading document system
- Collaborate or lock documents in real-time in one centralised location
- Seamlessly integrates across all Microsoft-compatible systems
- Consistently compliant to all Legislation and GDPR requirements
- Easily transfer and link documents across the entire DMS
- Compatible across all Microsoft365 systems, fully integrated with Teams/SharePoint
- Optimised for various devices/document types, including iOS and Android
- Reduce manual entry and errors through automated, accurate data capture
Pricing
£1,200 a unit
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
7 6 4 7 2 9 8 9 7 3 2 8 2 9 3
Contact
BRAVE & HEART LTD
David Parkinson
Telephone: 07970173858
Email: dave@braveandheart.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- SharePoint Framework Extension, SharePoint Bespoke Collaborative Intranet, SharePoint Bespoke Project Management System and Power Platform Project Management System
- Cloud deployment model
- Private cloud
- Service constraints
- None. As a UK-based business, we are available Monday-Friday between the hours of 9am to 5pm but flexible to client needs.
- System requirements
-
- Compliant browser
- Internet connection
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Monday-Friday, between 9am-5pm: Within 4 hours. Out of Hours/Weekend: ASAP upon return or via senior exception management.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- For web chat support, we use Microsoft Teams which is WCAG 2.0 AA.
- Web chat accessibility testing
- As Teams is a Microsoft product, we do not conduct regular web chat testing. Upon requirement, we will conduct testing to support assistive technology users.
- Onsite support
- Yes, at extra cost
- Support levels
- General support: We deliver dedicated post-launch support to all our clients within our included 1-month Hypercare Package. Following this 1-month period, we offer an additional comprehensive Standard Support Package, which is negotiated depending on client requirements and preferences. Providing the optimal amount of support, our most popular option across our clients is our ‘5 Day Per Month’ Package. This includes access to our UK-based support desk between 9am-5pm (excluding national holidays), extensive technical support and a dedicated Account Manager. Onsite: We deliver onsite support to our clients on an ad-hoc basis within our Standard Support Package. Technical Account Manager/Cloud Support Engineer: Provided as agreed/required.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Ensuring users are able to competently use our products/services as soon as possible, we provide client-specific workshops, onsite training and online training through Teams and Loom. For clarity, we detail the usability of our products within our Service Agreement. Upon request, we also provide Full User Documentation for future reference.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- Other
- Other documentation formats
-
- PowerPoint
- Word
- End-of-contract data extraction
- As all data is hosted within the users own Microsoft Cloud infrastructure, there is no need for data to be extracted upon contract closure. Throughout our service, clients have complete ownership of their own data on their system.
- End-of-contract process
- Within our 1-month Hypercare Package, upon contract closure, we complete a Closure Report and Project Closure Review with the client. This allows us to identify/resolve any issues, and ensure a smooth transition to the supplier whilst establishing any agreements for post-handover support. Outside of the 1-month Hypercare Package, we provide the above end-of-contract processes by agreement within our Standard Support Package(s).
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Our Bespoke Document Management System is optimised for use across all device types, including iOS and Android.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AAA
- Description of service interface
- SharePoint Graph API
- Accessibility standards
- WCAG 2.1 AAA
- Accessibility testing
- Available upon request, through SharePoint.
- API
- Yes
- What users can and can't do using the API
- All services on our Bespoke Document Management System can be accessed and changed using SharePoint's secure Graph API. The only limitation is posed by respective security levels, as categorised through Microsoft and monitored through Brave & Heart.
- API documentation
- No
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Driving complete customisation, Brave & Heart use Microsoft-supported SPFx extensions to personalise the client product/service. Customised through Microsoft's Fluent UI interface, we personalise our Document Management System in line with the user's specifications, which is then integrated into and run through the clients own SharePoint/Azure infrastructure.
Scaling
- Independence of resources
- All our services are managed by Microsoft, who have a global service availability across their localised edge servers of 99.9%, regardless of user demand.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Enabling a comprehensive analysis of our service, we provide metrics through SharePoint. This is provided through Google Analytics integration and the SharePoint interface.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- Never
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- If the user wishes to export their data, they can do so using in-built SharePoint tools.
- Data export formats
-
- CSV
- Other
- Other data export formats
- XLS
- Data import formats
-
- CSV
- Other
- Other data import formats
- XLS
Data-in-transit protection
- Data protection between buyer and supplier networks
- Private network or public sector network
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- All our Service Level Agreements are defined by Microsoft, who have a global service availability across of 99.9%. All availability agreements/refunds are the responsibility of Microsoft.
- Approach to resilience
- Maximising resilience, our service is backed-up by Azure.
- Outage reporting
- Microsoft send out email and public dashboard alerts to report any outages across their platforms.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- We restrict access in management interfaces/support channels in accordance with the 'Admin Rights' allocation, as agreed upon during commencement.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users receive audit information on a regular basis
- How long user audit data is stored for
- Between 6 months and 12 months
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- Between 6 months and 12 months
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- CSA CCM version 3.0
- Information security policies and processes
-
Upholding compliance, we work in accordance with the Data Protection Act 2018, GDPR,
and our robust Data Protection and Data Security Policy. Underpinned by ISO27001 principles, our Policy outlines our procedures for ensuring all client data/information is secure. As our services integrate with the client's own infrastructure, we hold the minimum amount of client-related data. Maximising security, for the minimal data we do hold, it is stored in our Finance System which is fully compliant to GDPR. To protect this data, it is stored and backed-up within the MS cloud server. Ensuring our policies are followed, we provide staff with dedicated GDPR training which outlines our overall Data Protection and Data Security Policy. To maintain standards, this is provided during induction, refreshed annually and adherence is monitored by Line Managers. Adhering to GDPR, our reporting structure follows the International Commissioner's Office (ICO) guidelines. In the rare circumstance that a data breach is identified, we will alert the ICO within 72 hours of discovery.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Brave & Heart follow Microsoft’s formal Standard Operating Procedures (SOPs) for tracking, governing and assessing the change management process in line with ISO27001, SOC1/SOC2, and NIST800-53. For delivering changes/conducting bug fixes on our behalf, Microsoft use their ‘Azure DevOps’ server and track all service components/changes within their Change Log. For ease-of-access, we also track and catalogue Microsoft changes, tests and deployments within our document process. Minimising risk, our products use Microsoft’s Operational Security Assistance (OSA) feature, to assess changes for their potential security impact.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Brave & Heart follow Microsoft’s formal Standard Operating Procedures (SOPs) for protecting our servers from viruses/malware in line with ISO27001, SOC1/SOC2 and NIST800-53. To assess potential threats to our servers, Microsoft use Operational Security Assistance (OSA) and regularly relay this information to their users, including Brave & Heart, through their Security Response Centre (MSRC). Providing a swift resolution to identified threats, we enable Microsoft to immediately deploy patches through their 'Azure DevOps' platform. Protecting user vulnerability at source, all our servers come readily equipped with multi-layer anti-virus/malware software from Microsoft.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Brave & Heart follow Microsoft’s formal Standard Operating Procedures (SOPs) for identifying/responding to compromises and protecting our servers in line with ISO27001, SOC1/SOC2 and NIST800-53. To identify potential compromises, our Microsoft-based servers use Azure Security use active monitoring software. This includes deploying specialist monitoring tools such as the 'Microsoft Monitoring Agent'. Upon identifying a potential compromise, an alert is raised to the Azure Security Team who immediately respond to the incident through Microsoft.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Brave & Heart have a pre-defined process for managing incidents. To rectify common events, such as minor glitches/bugs, we perform fixes through the Azure 'DevOps' server. Enabling swift resolutions, users can report incidents through any of our communication channels. Providing a proactive approach, incidents can also be identified within our 'Bug System'. As a Microsoft Partner, we report all incidents to Microsoft within Incident Reports and provide users with a link to Microsoft's formal Incident Report following resolution.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Evidencing our commitment to fighting climate change, we work in accordance with the principles outlined in our ISO14001-aligned Environmental Policy. As a UK-based supplier, we share the Government’s aim to be Net Zero by 2050 and have developed our Environmental Policy accordingly. Reducing our carbon footprint, we are an entirely remote/Work-From-Home organisation, meaning we do not incur any commute-related emissions. Where commuting to client locations is required, our Travel Policy promotes ‘green options’ such as public transport, cycling or car-sharing. Similarly, as we are based across remote locations, our energy consumption is reduced compared to a large-scale communal office.
Further reducing our carbon footprint, we have implemented the following initiatives across our home-based workforce:
• Reduce paper usage by sending all work correspondence online
• Encourage recycling through circulating educational resources
• Minimise energy consumption by switching-off laptops when not in use
• Promote energy-saving by researching/investing in energy-efficient resources
• Evaluate the environmental implications/benefits of new products before purchase
• Complying to all existing environmental legislation, regulations and requirements and meeting all new legislation
Demonstrating our environmental efforts, we are on track to be B-Corp Certified by the end of 2024. Extending this effort, we also sponsor a Northeastern-based STEM Charity. Fighting climate change, and protecting our environment, this Charity provides support for the next generation of STEM scientists who are piloting environmental transformation within their work.Tackling economic inequality
Underpinned by the Social Value Act 2012, we are committed to tackling economic inequality wherever possible. To achieve this, we implement robust Fair Work First initiatives including:
• As an accredited Living Wage Employer, we pay all employees the UK Real Living Wage or above depending on position
• Tackling the gender pay gap, we determine all staff pay based upon their role, experience and performance
• Providing job security, we only operate fixed-term contracts, never use exploitative working practices and actively oppose fire-and-rehire practices
• We offer generous annual leave entitlement, beginning at 28 days per annum, with an additional 2 Mental-Health days and a further day for supporting community activities
• Ensuring we deliver in line with these commitments, we monitor our adherence to our Fair Work First initiatives within Key Performance IndicatorsEqual opportunity
In line with the Equality Act 2010 and our robust Equal Opportunity Policy, we are committed to providing equal opportunities for all staff and applicants based on merit. Promoting inclusivity and fairness, we use inclusive advertisement methods and do not exclude anyone from our recruitment, providing they meet our minimum employment standards.
To maintain a diverse workforce, our recruitment strategy is designed to attract groups from groups that are underrepresented in our sector, including:
• Women, by participating in Women in Technology/IT events
• The LGBTQIA+ community by using targeted recruitment strategies
• Black, Asian and Minority Ethnic (BAME) individuals through inclusive language
Aligning with our Policy, we prioritise the internal promotion of our existing staff over external recruitment and assess all applicants fairly based on their experience, performance and capabilities. To support high-performing employees to move into a senior position, as part of our organisation-wide succession planning, we offer a structured training and upskilling programme.
As an organisation, we actively oppose discrimination, victimisation and harassment. We do not tolerate any form of discrimination and operate robust whistleblowing procedures for employees to confidentially raise an alert. Protecting employee welfare, any discriminatory action will be treated as a disciplinary offence.Wellbeing
As a people-centric organisation, we actively support the wellbeing of all our employees. Promoting their wellbeing, we provide all employees with:
• Channels for welfare support through our dedicated HR Team and specialist Support Team
• A comprehensive benefits package including 2 Mental Health support sessions, which is extendable up to 10 days
• Access to Mental Health materials, webinars and helplines
• Monthly 1-2-1 meetings with their Line Manager, who is trained to provide Mental Health support and advice
• Flexi-time arrangements to better manage their work/life balance
• Dedicated Mental Health Days/Weeks/Months to increase awareness, such as Time to Talk Day and Stress Awareness Week
Pricing
- Price
- £1,200 a unit
- Discount for educational organisations
- No
- Free trial available
- No