Skip to main content

Help us improve the Digital Marketplace - send your feedback

BRAVE & HEART LTD

Microsoft SharePoint Enabled Bespoke Document Management System

Streamline your organisational efficiency with Brave & Heart’s bespoke Document Management System (DMS), powered by Microsoft SharePoint and backed-up by Microsoft Azure. Built using Microsoft365 and SharePoint architecture, our DMS provides one convenient, customisable location for storing, searching, approving and managing all your information. Brave & Heart are Microsoft Partners.

Features

  • Complete document lifecycle and workflow management on SharePoint
  • Customisable through Microsoft-approved SPFx extensions
  • Creation of a comprehensive DMS Strategy
  • Centralised document hub, increasing accessibility, security and transparency
  • Built-in notifications and global/local tagging libraries
  • Full auditing of document processing, with access traceability
  • Legally binding signature capability using optional add-on software
  • Secure retiral and storage folders
  • Protected access, using optional 2-factor authentication
  • Optional SPFx extensions, providing submission, approvals and complex management functions

Benefits

  • Improved organisational document management, planning and reporting
  • Greater control over document accessibility through full audit traceability
  • Efficient categorisation through class-leading document system
  • Collaborate or lock documents in real-time in one centralised location
  • Seamlessly integrates across all Microsoft-compatible systems
  • Consistently compliant to all Legislation and GDPR requirements
  • Easily transfer and link documents across the entire DMS
  • Compatible across all Microsoft365 systems, fully integrated with Teams/SharePoint
  • Optimised for various devices/document types, including iOS and Android
  • Reduce manual entry and errors through automated, accurate data capture

Pricing

£1,200 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dave@braveandheart.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

7 6 4 7 2 9 8 9 7 3 2 8 2 9 3

Contact

BRAVE & HEART LTD David Parkinson
Telephone: 07970173858
Email: dave@braveandheart.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
SharePoint Framework Extension, SharePoint Bespoke Collaborative Intranet, SharePoint Bespoke Project Management System and Power Platform Project Management System
Cloud deployment model
Private cloud
Service constraints
None. As a UK-based business, we are available Monday-Friday between the hours of 9am to 5pm but flexible to client needs.
System requirements
  • Compliant browser
  • Internet connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
Monday-Friday, between 9am-5pm: Within 4 hours. Out of Hours/Weekend: ASAP upon return or via senior exception management.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
For web chat support, we use Microsoft Teams which is WCAG 2.0 AA.
Web chat accessibility testing
As Teams is a Microsoft product, we do not conduct regular web chat testing. Upon requirement, we will conduct testing to support assistive technology users.
Onsite support
Yes, at extra cost
Support levels
General support: We deliver dedicated post-launch support to all our clients within our included 1-month Hypercare Package. Following this 1-month period, we offer an additional comprehensive Standard Support Package, which is negotiated depending on client requirements and preferences. Providing the optimal amount of support, our most popular option across our clients is our ‘5 Day Per Month’ Package. This includes access to our UK-based support desk between 9am-5pm (excluding national holidays), extensive technical support and a dedicated Account Manager. Onsite: We deliver onsite support to our clients on an ad-hoc basis within our Standard Support Package. Technical Account Manager/Cloud Support Engineer: Provided as agreed/required.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Ensuring users are able to competently use our products/services as soon as possible, we provide client-specific workshops, onsite training and online training through Teams and Loom. For clarity, we detail the usability of our products within our Service Agreement. Upon request, we also provide Full User Documentation for future reference.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • PowerPoint
  • Word
End-of-contract data extraction
As all data is hosted within the users own Microsoft Cloud infrastructure, there is no need for data to be extracted upon contract closure. Throughout our service, clients have complete ownership of their own data on their system.
End-of-contract process
Within our 1-month Hypercare Package, upon contract closure, we complete a Closure Report and Project Closure Review with the client. This allows us to identify/resolve any issues, and ensure a smooth transition to the supplier whilst establishing any agreements for post-handover support. Outside of the 1-month Hypercare Package, we provide the above end-of-contract processes by agreement within our Standard Support Package(s).

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Our Bespoke Document Management System is optimised for use across all device types, including iOS and Android.
Service interface
Yes
User support accessibility
WCAG 2.1 AAA
Description of service interface
SharePoint Graph API
Accessibility standards
WCAG 2.1 AAA
Accessibility testing
Available upon request, through SharePoint.
API
Yes
What users can and can't do using the API
All services on our Bespoke Document Management System can be accessed and changed using SharePoint's secure Graph API. The only limitation is posed by respective security levels, as categorised through Microsoft and monitored through Brave & Heart.
API documentation
No
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Driving complete customisation, Brave & Heart use Microsoft-supported SPFx extensions to personalise the client product/service. Customised through Microsoft's Fluent UI interface, we personalise our Document Management System in line with the user's specifications, which is then integrated into and run through the clients own SharePoint/Azure infrastructure.

Scaling

Independence of resources
All our services are managed by Microsoft, who have a global service availability across their localised edge servers of 99.9%, regardless of user demand.

Analytics

Service usage metrics
Yes
Metrics types
Enabling a comprehensive analysis of our service, we provide metrics through SharePoint. This is provided through Google Analytics integration and the SharePoint interface.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Never
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
If the user wishes to export their data, they can do so using in-built SharePoint tools.
Data export formats
  • CSV
  • Other
Other data export formats
XLS
Data import formats
  • CSV
  • Other
Other data import formats
XLS

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
All our Service Level Agreements are defined by Microsoft, who have a global service availability across of 99.9%. All availability agreements/refunds are the responsibility of Microsoft.
Approach to resilience
Maximising resilience, our service is backed-up by Azure.
Outage reporting
Microsoft send out email and public dashboard alerts to report any outages across their platforms.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
We restrict access in management interfaces/support channels in accordance with the 'Admin Rights' allocation, as agreed upon during commencement.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
CSA CCM version 3.0
Information security policies and processes
Upholding compliance, we work in accordance with the Data Protection Act 2018, GDPR,
and our robust Data Protection and Data Security Policy. Underpinned by ISO27001 principles, our Policy outlines our procedures for ensuring all client data/information is secure. As our services integrate with the client's own infrastructure, we hold the minimum amount of client-related data. Maximising security, for the minimal data we do hold, it is stored in our Finance System which is fully compliant to GDPR. To protect this data, it is stored and backed-up within the MS cloud server. Ensuring our policies are followed, we provide staff with dedicated GDPR training which outlines our overall Data Protection and Data Security Policy. To maintain standards, this is provided during induction, refreshed annually and adherence is monitored by Line Managers. Adhering to GDPR, our reporting structure follows the International Commissioner's Office (ICO) guidelines. In the rare circumstance that a data breach is identified, we will alert the ICO within 72 hours of discovery.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Brave & Heart follow Microsoft’s formal Standard Operating Procedures (SOPs) for tracking, governing and assessing the change management process in line with ISO27001, SOC1/SOC2, and NIST800-53. For delivering changes/conducting bug fixes on our behalf, Microsoft use their ‘Azure DevOps’ server and track all service components/changes within their Change Log. For ease-of-access, we also track and catalogue Microsoft changes, tests and deployments within our document process. Minimising risk, our products use Microsoft’s Operational Security Assistance (OSA) feature, to assess changes for their potential security impact.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Brave & Heart follow Microsoft’s formal Standard Operating Procedures (SOPs) for protecting our servers from viruses/malware in line with ISO27001, SOC1/SOC2 and NIST800-53. To assess potential threats to our servers, Microsoft use Operational Security Assistance (OSA) and regularly relay this information to their users, including Brave & Heart, through their Security Response Centre (MSRC). Providing a swift resolution to identified threats, we enable Microsoft to immediately deploy patches through their 'Azure DevOps' platform. Protecting user vulnerability at source, all our servers come readily equipped with multi-layer anti-virus/malware software from Microsoft.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Brave & Heart follow Microsoft’s formal Standard Operating Procedures (SOPs) for identifying/responding to compromises and protecting our servers in line with ISO27001, SOC1/SOC2 and NIST800-53. To identify potential compromises, our Microsoft-based servers use Azure Security use active monitoring software. This includes deploying specialist monitoring tools such as the 'Microsoft Monitoring Agent'. Upon identifying a potential compromise, an alert is raised to the Azure Security Team who immediately respond to the incident through Microsoft.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Brave & Heart have a pre-defined process for managing incidents. To rectify common events, such as minor glitches/bugs, we perform fixes through the Azure 'DevOps' server. Enabling swift resolutions, users can report incidents through any of our communication channels. Providing a proactive approach, incidents can also be identified within our 'Bug System'. As a Microsoft Partner, we report all incidents to Microsoft within Incident Reports and provide users with a link to Microsoft's formal Incident Report following resolution.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Evidencing our commitment to fighting climate change, we work in accordance with the principles outlined in our ISO14001-aligned Environmental Policy. As a UK-based supplier, we share the Government’s aim to be Net Zero by 2050 and have developed our Environmental Policy accordingly. Reducing our carbon footprint, we are an entirely remote/Work-From-Home organisation, meaning we do not incur any commute-related emissions. Where commuting to client locations is required, our Travel Policy promotes ‘green options’ such as public transport, cycling or car-sharing. Similarly, as we are based across remote locations, our energy consumption is reduced compared to a large-scale communal office.

Further reducing our carbon footprint, we have implemented the following initiatives across our home-based workforce:

• Reduce paper usage by sending all work correspondence online
• Encourage recycling through circulating educational resources
• Minimise energy consumption by switching-off laptops when not in use
• Promote energy-saving by researching/investing in energy-efficient resources
• Evaluate the environmental implications/benefits of new products before purchase
• Complying to all existing environmental legislation, regulations and requirements and meeting all new legislation

Demonstrating our environmental efforts, we are on track to be B-Corp Certified by the end of 2024. Extending this effort, we also sponsor a Northeastern-based STEM Charity. Fighting climate change, and protecting our environment, this Charity provides support for the next generation of STEM scientists who are piloting environmental transformation within their work.

Tackling economic inequality

Underpinned by the Social Value Act 2012, we are committed to tackling economic inequality wherever possible. To achieve this, we implement robust Fair Work First initiatives including:

• As an accredited Living Wage Employer, we pay all employees the UK Real Living Wage or above depending on position
• Tackling the gender pay gap, we determine all staff pay based upon their role, experience and performance
• Providing job security, we only operate fixed-term contracts, never use exploitative working practices and actively oppose fire-and-rehire practices
• We offer generous annual leave entitlement, beginning at 28 days per annum, with an additional 2 Mental-Health days and a further day for supporting community activities
• Ensuring we deliver in line with these commitments, we monitor our adherence to our Fair Work First initiatives within Key Performance Indicators

Equal opportunity

In line with the Equality Act 2010 and our robust Equal Opportunity Policy, we are committed to providing equal opportunities for all staff and applicants based on merit. Promoting inclusivity and fairness, we use inclusive advertisement methods and do not exclude anyone from our recruitment, providing they meet our minimum employment standards.

To maintain a diverse workforce, our recruitment strategy is designed to attract groups from groups that are underrepresented in our sector, including:

• Women, by participating in Women in Technology/IT events
• The LGBTQIA+ community by using targeted recruitment strategies
• Black, Asian and Minority Ethnic (BAME) individuals through inclusive language

Aligning with our Policy, we prioritise the internal promotion of our existing staff over external recruitment and assess all applicants fairly based on their experience, performance and capabilities. To support high-performing employees to move into a senior position, as part of our organisation-wide succession planning, we offer a structured training and upskilling programme.

As an organisation, we actively oppose discrimination, victimisation and harassment. We do not tolerate any form of discrimination and operate robust whistleblowing procedures for employees to confidentially raise an alert. Protecting employee welfare, any discriminatory action will be treated as a disciplinary offence.

Wellbeing

As a people-centric organisation, we actively support the wellbeing of all our employees. Promoting their wellbeing, we provide all employees with:

• Channels for welfare support through our dedicated HR Team and specialist Support Team
• A comprehensive benefits package including 2 Mental Health support sessions, which is extendable up to 10 days
• Access to Mental Health materials, webinars and helplines
• Monthly 1-2-1 meetings with their Line Manager, who is trained to provide Mental Health support and advice
• Flexi-time arrangements to better manage their work/life balance
• Dedicated Mental Health Days/Weeks/Months to increase awareness, such as Time to Talk Day and Stress Awareness Week

Pricing

Price
£1,200 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dave@braveandheart.com. Tell them what format you need. It will help if you say what assistive technology you use.