3Squared

RailSmart FORMS

The FORMS application standardises inspections and checklists across your business, improve the accuracy of information captured and ensuring critical information is gathered and traced efficiently and securely through interactive documents.

Features

• Drag and drop Form Builder creates forms quickly and easily
• Multiple field types for maximum configurability without losing standardised formatting
• Multimedia-enabled supporting the uploading of photos, videos and audio
• Newly created forms can be fully tracked and traced
• Inbuilt version control
• Allocate forms to individuals
• Location Aware: Attach GPS co-ordinates or location to a form.
• Receive notifications when a form has been completed.
• Ensure clarity and consistency in collation and reporting of information
• View all forms that require your attention.

Benefits

• Intuitive user interface ensures quick adoption of the tool
• Consistent formatting creates clear, easy to use reporting tools
• Multimedia functionality means field-based evidence is unambiguous
• Multimedia functionality can provide clarity where language barriers exist
• Targeted to ensure the right staff are collating relevant information
• Supports safety critical roles in the field
• Automatic synchronisation ensures fidelity of information

£55 a user a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at martin.gleadow@3squared.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

773873982942698

Contact

Martin Gleadow
0333 121 3333
martin.gleadow@3squared.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Routine server maintenance is performed in a regular window on Tuesday evenings after 10pm, with any software deployments requiring downtime performed by prior arrangement before 9am on a weekday morning. Mobile applications are supported on current versions of iOS/Android and 2 previous versions. Due to the wide range of Android devices available we maintain known reference devices which can be added to on request.
• System requirements:
  • Mobile applications: iOS or Android
  • Web application: Recent supported web browser
  • Supported on current and previous 2 operating systems releases

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard support levels do not include weekend coverage. Extended support hours can be contracted for P1 severity incidents in line with standard response times.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided in house by Service Analysts trained in our applications and knowledgeable about your business sector. Standard Support is included in license price, with Extended Support for P1 incidents available at extra cost.; ; Standard Support provides office hours support in line with SLA for any issues raised according to the following SLA:; ; P1: Critical - Response within 1 business hour, Resolution Plan within 2 business hours. ; P2: High - Response within 1 business day, Resolution Plan within 2 business days. ; P3: Medium - Response within 2 business days, Resolution Plan within 5 business days. ; P4: Low - Response within 3 business days. ; ; Extended Support costs will depend on size of organisation and specific coverage required.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: 3Squared have a robust, tried and tested onboarding process that has been continually improved using lessons learnt from previous implementation projects. The process consists of five main stages. In the first Analysis and Planning stage the project plan is agreed, teams identified and project governance is outlined. We begin aligning the software to current business processes and undertake data mapping exercises. During the Software Set Up stage we provision a specific instance of the software and undertake the necessary data configuration and import. In the third stage we undertake internal and client testing. This involves a collaborative pilot where feedback is gained from a small group of end users. In the fourth stage we will work with the client to devise an engagement and training strategy that caters to the specific needs of the business. This an include face to face training, distance learning or a blended approach. During the final stage, the software is rolled out across the business. We will work with the client every step of the way to ensure the transition is as smooth as possible. We pre-define communication strategies and collaboration for the early life support period.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: On contract end, by request, a database export of all company data within the system can be provided
• End-of-contract process: Upon contract end, all client data is hard deleted within 6 months.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems: IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The web application allows admin users to organise files by depot, region, team, or other hierarchy. Version control ensures employees access the latest forms. Admin users can create checklists, custom forms and produce reports.; The mobile app allows employees to work offline, ideal for remote locations with limited or no connectivity. Employees can upload multiple file types including photos and videos. Form sections can be bookmarked for quick access. Forms can be assigned to any number of employees for completion on the mobile app.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: RailSmart FORMS reduces the cost of form distribution throughout your organisation while providing assurance that forms have been received and completed. ; ; Forms are created and stored in the web application and distributed to employees on the mobile application. Admin users can setup and distribute forms in minutes with the recently updated form builder.; Forms can be easily assigned to any number of employees, who complete them using the mobile application. The mobile application allows employees to view forms in remote locations with limited or no connectivity. ; ; Form response reports can be created and shared from the web application.
• Accessibility standards: None or don’t know
• Description of accessibility: FORMS partially supports 10.2.7 Info and Relationships, 10.2.8 Meaningful Sequence, 10.2.10 Use of colour 10.2.14 Images of Text, 10.2.9 10.2.13 Resize Text, Three Flashes or below threshold and 10.2.21 Document Titled, 10.2.37 Parsing, 10.2.28 Name, Role and Value, 10.2.5 Headings and Labels, 10.2.23 Link purpose, 10.2.33 Error Identification, 10.2.34.; ; FORMS does not support 10.2.15 Keyboard, 10.2.16 Keyboard Trap, 10.2.26 Focus visible, 10.2.27 Language of Page.; ; Remaining criteria do not apply to the content or structure of the application.
• Accessibility testing: This is not an area where we have performed any formal testing, however we are happy to work with you on order to meet any requirements you have around Accesibility and Assistive Technology
• API: No
• Customisation available: Yes
• Description of customisation: Within the FORMS application users can build custom forms for gathering responses from users of the application, tailored to your operational need

Scaling

• Independence of resources: Our applications are deployed using cloud computing platforms allowing services to be easily sized to meet capacity requirements, with automatic scaling enabled where appropriate. In situations where one customer could adversly affect the performance of the platform through normal usage, customer level resource isolation is used to mitigate this risk.

Analytics

• Service usage metrics: Yes
• Metrics types: Within the application a reporting dashboard gives insights into behaviours and trends within the system which can be used to measure operational business goals and provide insights into behaviour, as well as allowing easy monitoring of compliance with relevant policies. Monthly service reports can be provided detailing service desk engagement statistics, along with additional user behaviour information taken from a suite of Analytics services integrated into our platforms. Custom reports are available on request through the service desk on an ad hoc or regular basis.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users request data access through their internal designated RailSmart admin who raises a ticket with our support team. The exported data is then provided by our a support team in an encrypted, password protected zip file.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Target availability for this application is 99.5%, excluding agreed maintenance periods. For the avoidance of doubt the calculation of Availability will be: (Number of days in period) x 24 – (Cumulative hours down time for such period) / Number of days in period.; ; There is a sliding scale of License Fee reductions applicable to the period starting at 10% should availability drop below 99.5%, 20% below 97%, and 25% should availability drop below 95%.
• Approach to resilience: Full details of service resiliency are available on request. As a basic principle all our solutions are hosted using high performance enterprise cloud solutions backed by service availability guarantees, ensuring the underlying infrastructure SLAs exceed the service SLAs. All services are provisioned with automatic backups to enable restore from total loss to be made in a timely fashion, and critical components are deployed in a resilient fashion where possible.; ; Extensive system monitoring is in place to alert engineers in the event of any problems being identified.
• Outage reporting: Service Outages are reported by email alerts and follow up phone calls where the applications in question are critical to the business of the customer. Certain applications with dependency on third party systems additionally contain alert banners within the system to notify of any degraded service provision as a result of external factors.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access to the system is controlled by user accounts with role based permissions. Access to certain user data can be further restricted based on the organisationl hierarchy.; ; Access to our support ticketing system is limited to a pre-defined list of users, who access the service username and password. These user accounts are created as the service moves from Early Life Support (ELU) to Business as Usual (BAU)
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 14/12/2017
• What the ISO/IEC 27001 doesn’t cover: N/A, our statement of applicability covers the delivery of Software Solutions. As part of our statement of applicability we have excluded Sub Contractors as we do not use any in the delivery of this service.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: As part of our ISO27001 certification, 3Squared implemented an Information Security Management System which consists of a number of controls including policies and processes to control our information security risks. Our in house, cross departmental compliance team own the ISMS and are responsible for designing and implementing appropriate policies and procedures.; All staff are trained on these when they join the organisation, with direct line managers responsible for ensuring they are followed. Any staff found not following these policies or procedures are dealt with inline with our disciplinary procedure. ; In order to verify our policies are followed, internal audits are conducted monthly by an individual who is independent of the compliance team and is appropriately trained. ; ; 3Squared also employs a security hotline which all members of staff can use to highlight security concerns or risks. These are then triaged by the compliance team and appropriate action taken.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All work undertaken on our products follows our Secure Development Lifecycle Policy. This ensures security is considered from initial conception and then validated prior to deployment to a production environment. Steps we take to assess potential security impacts include threat models on the infrastructure and vulnerability scanning. ; ; Prior to deployment to a production environment, our applications are subject to a thorough functional testing process to ensure there are no critical defects that may impair our end users.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Information about potential threats is sourced through subscriptions to vendor and industry notification services, and these are assessed for risk based on potential impact and likelyhood. Where the risk is high we will take immediate steps to mitigate the risk and deploy a patch as soon as practical. For all risks which do not exceed the threshold patches will be deployed on a monthly basis within a predefined maintenance window.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We employ passive monitoring on our servers, monitoring items such as: Disk, CPU and Memory usage. Should these certain level above our standard threshold, alerts are triggered to key personnel who can immediately investigate. ; ; At 3Squared we employee a major incident and data breach process that staff are aware of, which is to be followed in the event of an incident. These processes also include the client communication process, ensuring impacted clients are notified as soon as possible.
• Incident management type: Supplier-defined controls
• Incident management approach: 3Squared employees 2 distinct incident management processes; 1 for major incidents (classified as outages to the system or any defect in production categorised as 'Critical) and a second specifically to handle data breaches. ; ; Defects are initially identified via our support or IT teams and my come from a client or internally. Once it has been triaged and established as a Critical issue (a P1), the issue is escalated to director level and appropriate resource is assigned to investigate and resolve the issue. Once resolved, incident reports are provided to clients in written form.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Our largest environmental impact is energy usage, and under our Environmental Policy we commit to reduce our energy consumption through energy efficient devices and smart technologies to reduce power use when equipment is not in use. Our office uses a balanced environmental control system which uses ambient air temperature when possible, to maintain a comfortable office temperature, and we use Microsoft Azure cloud hosting for our applications, configured to scale up and down in response to demand for efficient operation while benefiting from Microsoft’s Azure sustainability programme. ; ; Our office has recycling facilities for glass, plastic, paper, and card, and we encourage active travel through good public transport connections, secure cycle storage, a cycle to work scheme, and showers available within the building. We support a hybrid working model with online meetings to reduce business travel, and employees are encouraged to champion green causes. ; ; As part of our supplier review process, we consider green credentials as part of supplier selection, and we share our sustainability policy with our clients.
• Covid-19 recovery:

  Covid-19 recovery

  We carried out and continued to maintain a thorough COVID-19 risk assessment to help protect staff and visitors to our office, including making investments to new equipment in the office and amendments to the office layout to promote and maintain social distancing. Our risk assessment explicitly considered the mental health impact alongside the potential physical risk, and staff were supported to safely return to the office 2 days per week from 2022 onwards.
• Tackling economic inequality:

  Tackling economic inequality

  We work closely with local educational establishments to promote STEM careers and encourage participation from under-represented groups, working with secondary schools, colleges, and universities. As part of our outreach programme we support, sponsor, and participate in local specialist interest groups supporting the growth of digital industries in the local area. ; ; We run work experience, apprenticeship, student placement and graduate schemes within the organisation and have been successful in retaining employees after involvement in these schemes, encouraging ongoing training and development including industry-relevant qualifications. ; ; As an organisation we hold ISO27001, ISO9001, Cyber Essentials and Cyber Essentials Plus to ensure safe delivery of services and solutions, and as part of this we also consider security within the supply chain. Our supplier list includes local and growing companies across a broad base and seek out suppliers who share our social values. Our software also helps the rail industry supply chain to scale and future proof delivery, and we often collaborate across the industry to solve wider challenges.
• Equal opportunity:

  Equal opportunity

  We are signatories of the Tech Talent Charter & the Women in Rail / RIA EDI Charter, & we are a Disability Confident accredited employer. As an equal opportunity employer we value the differences and contributions of all our employees. We take care to ensure our job adverts and recruitment process are inclusive. ; ; There is no discrimination in pay, hiring, compensation, access to training, promotion, and termination of employment or recruitment on the grounds of race, nationality, religion, age, disability, marital status, sexual orientation, union membership or political affiliation, and opportunities for personal and career development are equally available to all employees. ; ; Equality, diversity, & inclusivity are actively supported across the company. We aim to attract and recruit candidates from a diverse range of backgrounds, to ensure that we are a diverse company both statistically & cognitively. We never recruit for ‘culture fit’, but for ‘culture enhancement’; we recruit people who share our value of respecting each other & each other’s differences. ; ; As a regionally based Small to Medium Sized Enterprise (SME) firmly believe that we clearly demonstrate the benefit we provide as a socially responsible business.
• Wellbeing:

  Wellbeing

  As an employer we champion better work and working lives for our employees whether supporting their physical health and safety or their mental health. All employees have access to counselling, an employee assistance programme, mental health first aiders and occupational health. Line managers have ongoing guidance to help them support their teams through conversations or signposting to expert help where needed. ; ; All employees are encouraged to have good self-care routines including access to discounted gym memberships, private health care and financial support. Personal growth and social relationships are also encouraged through genuine dialogue with senior leaders, career development opportunities and an open and collaborative working culture. ; ; Flexible working and hybrid working practices are not only encouraged but form part of our ethical standard that all employees balance their personal and professional priorities. ; ; We ensure that our working practices and equipment are safe and that our working environment, management practices, work design and pay and reward practices support our employee's wellbeing towards good work. ; ; By focusing on wellbeing at work, we aim to promote a healthier and more inclusive culture, better work-life balance, and better employee engagement.

Pricing

• Price: £55 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at martin.gleadow@3squared.com. Tell them what format you need. It will help if you say what assistive technology you use.