Skip to main content

Help us improve the Digital Marketplace - send your feedback


RailSmart FORMS

The FORMS application standardises inspections and checklists across your business, improve the accuracy of information captured and ensuring critical information is gathered and traced efficiently and securely through interactive documents.


  • Drag and drop Form Builder creates forms quickly and easily
  • Multiple field types for maximum configurability without losing standardised formatting
  • Multimedia-enabled supporting the uploading of photos, videos and audio
  • Newly created forms can be fully tracked and traced
  • Inbuilt version control
  • Allocate forms to individuals
  • Location Aware: Attach GPS co-ordinates or location to a form.
  • Receive notifications when a form has been completed.
  • Ensure clarity and consistency in collation and reporting of information
  • View all forms that require your attention.


  • Intuitive user interface ensures quick adoption of the tool
  • Consistent formatting creates clear, easy to use reporting tools
  • Multimedia functionality means field-based evidence is unambiguous
  • Multimedia functionality can provide clarity where language barriers exist
  • Targeted to ensure the right staff are collating relevant information
  • Supports safety critical roles in the field
  • Automatic synchronisation ensures fidelity of information


£55 a user a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

7 7 3 8 7 3 9 8 2 9 4 2 6 9 8


3Squared Martin Gleadow
Telephone: 0333 121 3333

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Routine server maintenance is performed in a regular window on Tuesday evenings after 10pm, with any software deployments requiring downtime performed by prior arrangement before 9am on a weekday morning. Mobile applications are supported on current versions of iOS/Android and 2 previous versions. Due to the wide range of Android devices available we maintain known reference devices which can be added to on request.
System requirements
  • Mobile applications: iOS or Android
  • Web application: Recent supported web browser
  • Supported on current and previous 2 operating systems releases

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard support levels do not include weekend coverage. Extended support hours can be contracted for P1 severity incidents in line with standard response times.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Support is provided in house by Service Analysts trained in our applications and knowledgeable about your business sector. Standard Support is included in license price, with Extended Support for P1 incidents available at extra cost.

Standard Support provides office hours support in line with SLA for any issues raised according to the following SLA:

P1: Critical - Response within 1 business hour, Resolution Plan within 2 business hours.
P2: High - Response within 1 business day, Resolution Plan within 2 business days.
P3: Medium - Response within 2 business days, Resolution Plan within 5 business days.
P4: Low - Response within 3 business days.

Extended Support costs will depend on size of organisation and specific coverage required.
Support available to third parties

Onboarding and offboarding

Getting started
3Squared have a robust, tried and tested onboarding process that has been continually improved using lessons learnt from previous implementation projects. The process consists of five main stages. In the first Analysis and Planning stage the project plan is agreed, teams identified and project governance is outlined. We begin aligning the software to current business processes and undertake data mapping exercises. During the Software Set Up stage we provision a specific instance of the software and undertake the necessary data configuration and import. In the third stage we undertake internal and client testing. This involves a collaborative pilot where feedback is gained from a small group of end users. In the fourth stage we will work with the client to devise an engagement and training strategy that caters to the specific needs of the business. This an include face to face training, distance learning or a blended approach. During the final stage, the software is rolled out across the business. We will work with the client every step of the way to ensure the transition is as smooth as possible. We pre-define communication strategies and collaboration for the early life support period.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
On contract end, by request, a database export of all company data within the system can be provided
End-of-contract process
Upon contract end, all client data is hard deleted within 6 months.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
Application to install
Compatible operating systems
Designed for use on mobile devices
Differences between the mobile and desktop service
The web application allows admin users to organise files by depot, region, team, or other hierarchy. Version control ensures employees access the latest forms. Admin users can create checklists, custom forms and produce reports.
The mobile app allows employees to work offline, ideal for remote locations with limited or no connectivity. Employees can upload multiple file types including photos and videos. Form sections can be bookmarked for quick access. Forms can be assigned to any number of employees for completion on the mobile app.
Service interface
User support accessibility
None or don’t know
Description of service interface
RailSmart FORMS reduces the cost of form distribution throughout your organisation while providing assurance that forms have been received and completed.

Forms are created and stored in the web application and distributed to employees on the mobile application. Admin users can setup and distribute forms in minutes with the recently updated form builder.
Forms can be easily assigned to any number of employees, who complete them using the mobile application. The mobile application allows employees to view forms in remote locations with limited or no connectivity.

Form response reports can be created and shared from the web application.
Accessibility standards
None or don’t know
Description of accessibility
FORMS partially supports 10.2.7 Info and Relationships, 10.2.8 Meaningful Sequence, 10.2.10 Use of colour 10.2.14 Images of Text, 10.2.9 10.2.13 Resize Text, Three Flashes or below threshold and 10.2.21 Document Titled, 10.2.37 Parsing, 10.2.28 Name, Role and Value, 10.2.5 Headings and Labels, 10.2.23 Link purpose, 10.2.33 Error Identification, 10.2.34.

FORMS does not support 10.2.15 Keyboard, 10.2.16 Keyboard Trap, 10.2.26 Focus visible, 10.2.27 Language of Page.

Remaining criteria do not apply to the content or structure of the application.
Accessibility testing
This is not an area where we have performed any formal testing, however we are happy to work with you on order to meet any requirements you have around Accesibility and Assistive Technology
Customisation available
Description of customisation
Within the FORMS application users can build custom forms for gathering responses from users of the application, tailored to your operational need


Independence of resources
Our applications are deployed using cloud computing platforms allowing services to be easily sized to meet capacity requirements, with automatic scaling enabled where appropriate. In situations where one customer could adversly affect the performance of the platform through normal usage, customer level resource isolation is used to mitigate this risk.


Service usage metrics
Metrics types
Within the application a reporting dashboard gives insights into behaviours and trends within the system which can be used to measure operational business goals and provide insights into behaviour, as well as allowing easy monitoring of compliance with relevant policies. Monthly service reports can be provided detailing service desk engagement statistics, along with additional user behaviour information taken from a suite of Analytics services integrated into our platforms. Custom reports are available on request through the service desk on an ad hoc or regular basis.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users request data access through their internal designated RailSmart admin who raises a ticket with our support team. The exported data is then provided by our a support team in an encrypted, password protected zip file.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The Target availability for this application is 99.5%, excluding agreed maintenance periods. For the avoidance of doubt the calculation of Availability will be: (Number of days in period) x 24 – (Cumulative hours down time for such period) / Number of days in period.

There is a sliding scale of License Fee reductions applicable to the period starting at 10% should availability drop below 99.5%, 20% below 97%, and 25% should availability drop below 95%.
Approach to resilience
Full details of service resiliency are available on request. As a basic principle all our solutions are hosted using high performance enterprise cloud solutions backed by service availability guarantees, ensuring the underlying infrastructure SLAs exceed the service SLAs. All services are provisioned with automatic backups to enable restore from total loss to be made in a timely fashion, and critical components are deployed in a resilient fashion where possible.

Extensive system monitoring is in place to alert engineers in the event of any problems being identified.
Outage reporting
Service Outages are reported by email alerts and follow up phone calls where the applications in question are critical to the business of the customer. Certain applications with dependency on third party systems additionally contain alert banners within the system to notify of any degraded service provision as a result of external factors.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access to the system is controlled by user accounts with role based permissions. Access to certain user data can be further restricted based on the organisationl hierarchy.

Access to our support ticketing system is limited to a pre-defined list of users, who access the service username and password. These user accounts are created as the service moves from Early Life Support (ELU) to Business as Usual (BAU)
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
N/A, our statement of applicability covers the delivery of Software Solutions. As part of our statement of applicability we have excluded Sub Contractors as we do not use any in the delivery of this service.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials
Information security policies and processes
As part of our ISO27001 certification, 3Squared implemented an Information Security Management System which consists of a number of controls including policies and processes to control our information security risks. Our in house, cross departmental compliance team own the ISMS and are responsible for designing and implementing appropriate policies and procedures.
All staff are trained on these when they join the organisation, with direct line managers responsible for ensuring they are followed. Any staff found not following these policies or procedures are dealt with inline with our disciplinary procedure.
In order to verify our policies are followed, internal audits are conducted monthly by an individual who is independent of the compliance team and is appropriately trained.

3Squared also employs a security hotline which all members of staff can use to highlight security concerns or risks. These are then triaged by the compliance team and appropriate action taken.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All work undertaken on our products follows our Secure Development Lifecycle Policy. This ensures security is considered from initial conception and then validated prior to deployment to a production environment. Steps we take to assess potential security impacts include threat models on the infrastructure and vulnerability scanning.

Prior to deployment to a production environment, our applications are subject to a thorough functional testing process to ensure there are no critical defects that may impair our end users.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Information about potential threats is sourced through subscriptions to vendor and industry notification services, and these are assessed for risk based on potential impact and likelyhood. Where the risk is high we will take immediate steps to mitigate the risk and deploy a patch as soon as practical. For all risks which do not exceed the threshold patches will be deployed on a monthly basis within a predefined maintenance window.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We employ passive monitoring on our servers, monitoring items such as: Disk, CPU and Memory usage. Should these certain level above our standard threshold, alerts are triggered to key personnel who can immediately investigate.

At 3Squared we employee a major incident and data breach process that staff are aware of, which is to be followed in the event of an incident. These processes also include the client communication process, ensuring impacted clients are notified as soon as possible.
Incident management type
Supplier-defined controls
Incident management approach
3Squared employees 2 distinct incident management processes; 1 for major incidents (classified as outages to the system or any defect in production categorised as 'Critical) and a second specifically to handle data breaches.

Defects are initially identified via our support or IT teams and my come from a client or internally. Once it has been triaged and established as a Critical issue (a P1), the issue is escalated to director level and appropriate resource is assigned to investigate and resolve the issue. Once resolved, incident reports are provided to clients in written form.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Our largest environmental impact is energy usage, and under our Environmental Policy we commit to reduce our energy consumption through energy efficient devices and smart technologies to reduce power use when equipment is not in use. Our office uses a balanced environmental control system which uses ambient air temperature when possible, to maintain a comfortable office temperature, and we use Microsoft Azure cloud hosting for our applications, configured to scale up and down in response to demand for efficient operation while benefiting from Microsoft’s Azure sustainability programme.

Our office has recycling facilities for glass, plastic, paper, and card, and we encourage active travel through good public transport connections, secure cycle storage, a cycle to work scheme, and showers available within the building. We support a hybrid working model with online meetings to reduce business travel, and employees are encouraged to champion green causes.

As part of our supplier review process, we consider green credentials as part of supplier selection, and we share our sustainability policy with our clients.
Covid-19 recovery

Covid-19 recovery

We carried out and continued to maintain a thorough COVID-19 risk assessment to help protect staff and visitors to our office, including making investments to new equipment in the office and amendments to the office layout to promote and maintain social distancing. Our risk assessment explicitly considered the mental health impact alongside the potential physical risk, and staff were supported to safely return to the office 2 days per week from 2022 onwards.
Tackling economic inequality

Tackling economic inequality

We work closely with local educational establishments to promote STEM careers and encourage participation from under-represented groups, working with secondary schools, colleges, and universities. As part of our outreach programme we support, sponsor, and participate in local specialist interest groups supporting the growth of digital industries in the local area.

We run work experience, apprenticeship, student placement and graduate schemes within the organisation and have been successful in retaining employees after involvement in these schemes, encouraging ongoing training and development including industry-relevant qualifications.

As an organisation we hold ISO27001, ISO9001, Cyber Essentials and Cyber Essentials Plus to ensure safe delivery of services and solutions, and as part of this we also consider security within the supply chain. Our supplier list includes local and growing companies across a broad base and seek out suppliers who share our social values. Our software also helps the rail industry supply chain to scale and future proof delivery, and we often collaborate across the industry to solve wider challenges.
Equal opportunity

Equal opportunity

We are signatories of the Tech Talent Charter & the Women in Rail / RIA EDI Charter, & we are a Disability Confident accredited employer. As an equal opportunity employer we value the differences and contributions of all our employees. We take care to ensure our job adverts and recruitment process are inclusive.

There is no discrimination in pay, hiring, compensation, access to training, promotion, and termination of employment or recruitment on the grounds of race, nationality, religion, age, disability, marital status, sexual orientation, union membership or political affiliation, and opportunities for personal and career development are equally available to all employees.

Equality, diversity, & inclusivity are actively supported across the company. We aim to attract and recruit candidates from a diverse range of backgrounds, to ensure that we are a diverse company both statistically & cognitively. We never recruit for ‘culture fit’, but for ‘culture enhancement’; we recruit people who share our value of respecting each other & each other’s differences.

As a regionally based Small to Medium Sized Enterprise (SME) firmly believe that we clearly demonstrate the benefit we provide as a socially responsible business.


As an employer we champion better work and working lives for our employees whether supporting their physical health and safety or their mental health. All employees have access to counselling, an employee assistance programme, mental health first aiders and occupational health. Line managers have ongoing guidance to help them support their teams through conversations or signposting to expert help where needed.

All employees are encouraged to have good self-care routines including access to discounted gym memberships, private health care and financial support. Personal growth and social relationships are also encouraged through genuine dialogue with senior leaders, career development opportunities and an open and collaborative working culture.

Flexible working and hybrid working practices are not only encouraged but form part of our ethical standard that all employees balance their personal and professional priorities.

We ensure that our working practices and equipment are safe and that our working environment, management practices, work design and pay and reward practices support our employee's wellbeing towards good work.

By focusing on wellbeing at work, we aim to promote a healthier and more inclusive culture, better work-life balance, and better employee engagement.


£55 a user a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.