Docuflow Ltd

Document Management, Content Management, Data Capture & Portals

infoRouter document and content management software is long established and is deployed globally with over 400,000 users it is easy to use with a collaborative document portal which connects information to individuals whether they work in words, pictures, audio, or video, infoRouter can manage any type of document or file.

Features

• Low Cost of Ownership
• Web based remote access
• Easy to Use and Maintain
• Instant Deployment
• Intranet Out-of-the-Box
• Web services API - Open Architecture
• Standards-based Technology
• LDAP integration
• Document Format independent
• Meta Data Services

Benefits

• Notifications and Reporting
• Version Control
• Integrates with Microsoft Office
• Works with documents, video, sound plus others
• Link to 3rd party solutions
• Look and user experience can easily changed
• Publish folders to share content
• Security and Access rights
• Automate manual processes
• Workflow and Approvals

£25.00 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.rowlands@docuflow.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

854779932069341

Contact

Chris Rowlands
0333 577 4900
chris.rowlands@docuflow.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: InfoRouter will link to most 3rd party ERP , Finance Systems and applications a lot of organisations implement infoRouter to get further value from systems already in place.
• Cloud deployment model: Public cloud
• Service constraints: If there is planned maintenance you are informed we would discuss prior to going live any issues that highlighted but essentially infoRouter is an "out of the box" solution which as long as you go on-line you are able to access.
• System requirements:
  • https://support.inforouter.com/documentation/v80/inforouter-system-requirements.aspx
  • Intel Xeon or better
  • 16 GB RAM (32 GB in high traffic environments)
  • 500 MB Application disk space
  • Virtual server environments are supported
  • SQL or Oracle Database
  • Physical or Virtual PC/Server
  • MS Web Server IIS7 or above

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday 9 - 5 normally within one hour
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We tend to provide support via a product called team viewer if remote support is required, https://www.teamviewer.com/en/trust-center/security/ , this provide live chat, screen sharing, screen control as an option.
• Web chat accessibility testing: We regularly use Teamviewer to support clients if problems can not be resolved on the phone.
• Onsite support: Yes, at extra cost
• Support levels: Telephone support is provided as part of the service, if application or development support is required this is charged at £125.00 ex vat per hour for an on-site technical engineer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: InfoRouter is a very intuitive product some customers just use the on-line training tools, there is a telephone help-desk and on-line training available via team viewer, we also provide chargeable training packs which are bespoke to the end user these can be a couple of hours or a couple of days depending on the requirement we would discuss at implementation the best option, essentially the training is bespoke and can be provided exactly to customer requirements
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: InfoRouter and InfoForms includes a data import /export module.
• End-of-contract process: There are no costs at the end of the contract, unless you require us to do any exporting of data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All features are accessible we recommend a tablet sized screen.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Access to core infoRouter functionality pro-grammatically is provided via the included Web Services API. infoRouter exposes a series of Web Service Calls allowing a subset of functionality to be driven pro-grammatically from any language that can interface with a Microsoft .net Web service as exposed by infoRouter. The API is free to use and documented is available. In addition there is a simple MS visual studio project available to demonstrate a basic integration. Individual Service Calls information and a test facility are available directly from the infoRouter server.; Currently there are 185 Web Service calls available, and this number is growing steadily. They provide access to a number of core features and functions of infoRouter, such as metadata search, and result retrieval, document upload, and download (including multiple files as a zip), plus library, folder, and user creation.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Yes, buyers can customise the Service if they have the correct credentials/authorisation. The correct credentials/authorisation is given to the users by the designated Sysadmin User. ; ; For instance the look and feel of the log on portal page can be changed, user views can be changed, types of documents to be viewed can be changed, workflows can be changed etc; ; With suitable access rights, users can customise the front end portal and their own folder structure, and also screen views can be customised. The authors can customise screens to customers’ requirements.

Scaling

• Independence of resources: If required you can have your instance of administrator license alternative if this not required we can manage on your behalf.

Analytics

• Service usage metrics: Yes
• Metrics types: Audit trials are provided that provide various statistics such as user access to files, types of files accessed, etc
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Extra Resources Ltd

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: InfoRouter includes a data import /export module.
• Data export formats:
  • CSV
  • Other
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Secura’s hosted platform is Highly Available by design, they operate an N+N infrastructure so hardware is protected from outages by multiple power feeds and power supplies. They also own and manage a resilient dark-fibre ring network with dual vendor supply that spans our Data Centres. The platform is virtualised using VMware’s hypervisor technology and all VMs hosted on the platform are protected by VMware’s native High Availability which guarantees a maximum of 120s VM failover to a working host in the event of hardware failure. Along-side this Secura publish a Standard Availability VPC SLA of 99.99% per VM and customers are reimbursed (financially) in the event that services fall below this level. ; ; For refunds the Service Credits accrued in any Month shall not in any event; exceed fifty per cent (50%) of the Total Monthly Service Charges; (“Service Credit Cap”). please see below link for a more detailed explanation of refunds and SLA's these are duplicated into our contracts. ; ; SLA & Refunds https://secura.cloud/master-services-agreement; ; PDF Download - ; file:///C:/Users/Chris%20Rowlands/Downloads/Blank%20Managed%20Services%20Schedule%20(1).pdf; ; Please see below document we use Secura as our cloud partner.; ; file:///C:/Users/Chris%20Rowlands/Downloads/Data%20Centre%20Overview%20Document.pdf
• Approach to resilience: The site is situated away from the road in a secure location and environment, with no point of failure and fully accredited for security and against failure. ; ; please see link more information can be provided or data centre visit can be arranged. ; ; file:///C:/Users/Chris%20Rowlands/Downloads/Data%20Centre%20Overview%20Document.pdf
• Outage reporting: Incidents including outages are communicated via http://www.securastatus.com/ this is updated. In the event of outages or network failure, along with the status page, emails are sent out via a Service Desk portal to all customers affected, explaining the issue and estimated resolution time – regular updates are sent out via the service desk to keep customers updated on progress.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Different users and groups have different levels of access and administration, which when they log in under their user name is automatically enforced.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 12/10/2017
• What the ISO/IEC 27001 doesn’t cover: Processes not involved with hosting and manged services.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Nettitude Ltd
• PCI DSS accreditation date: 16/04/19
• What the PCI DSS doesn’t cover: Requirement 1 – Not Tested; Requirement 2 – Not Tested; Requirement 3 – Not Tested; Requirement 4 – Not Tested; Requirement 5 – Not Tested; Requirement 6 – Not Tested; Requirement 7 – Not Tested; Requirement 8 – Not Tested; Requirement 9 – Partial Tested. 9.5 and 9.9 Not Tested as ‘Entity provides physical environmental security’; Requirement 10 – Partial Tested. 10.1, 10.7 and 10.9 Not Tested as ‘Entity provides physical environmental security’; Requirement 11 – Not Tested; Requirement 12 – Partial Tested. 12.3 Not Tested as ‘Entity provides physical environmental security’. 12.11 Not Applicable as ‘Entity provides physical environmental security’; Appendix A1 – Not Applicable; Appendix A2 – Not Applicable
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The objective of Information Security is to ensure business continuity and minimise business damage by preventing and minimising the impact of security incidents. In particular, information assets must be protected in order to ensure: 1. Confidentiality i.e. protection against unauthorised disclosure 2. Integrity i.e. protection against unauthorised or accidental modification 3. Availability as and when required in pursuance of the Organisation’s business objectives. To ensure that this objective is met the Organisation has implemented an Information Security Management System within which it has set a number of objectives which can be used to demonstrate Continual Improvement of this System.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Components consist of the Operating system, The Database and Web application.; ; Manual updates as and when required would be instigated.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Pen tests are run on a regular typically 4 times a year, and any threats that are detected are then dealt with immediately with the appropriate patch being released. An external consultancy is utilised for testing.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Once we are made aware of potential compromises, the authors of the software have procedures in place to facilitate the fixing of the issues.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are submitted to a central area where they are analysed and acted upon, all incidents are escalated as a process to the support and service so the most appropriate can be actioned.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Docuflow Ltd know our responsibility to protect the environment in which we operate. We commit to improving our environmental performance across all our business processes and try to encourage our business partners and those in the wider community to help support this effort. ; ; Docuflow Ltd recognises these key impacts: ; ; • Our energy use.; • Our waste generation onsite and remotely.; • The emissions we produce that go to the atmosphere and potentially the water courses.; • Our company vehicles and transport policy.; • General procurement of all products, equipment, and suppliers.; ; We will strive to: ; ; • Embrace environmental standards in all areas of operation and to exceed relevant ; legislative requirements ; where reasonably practicable.; • Assess work processes and highlight where we can minimise impacts.; • Minimise our waste through careful procurement and recycling processes.; • Procure sustainable products wherever feasible [e.g., recycled, FSC or low ; environmental impact products and ; energy from renewable sources].; • Provide information, instruction and training for employees to be involved in good ; environmental practice and ; remedial actions.; • Adopt and maintain a transport strategy that is environmentally friendly.; • Promote the use of video/telephone conferencing as an alternative to travelling ; to meetings.; • Improve on developing solutions to environmental impacts.; • Switch off all electrical equipment when not in use.; • Continually monitor and assess the environmental impact of all our operations.; ; Docuflow Ltd have developed a series of action plans to supplement each of our environmental policy objectives. These can be provided on request. ; Docuflow Ltd will periodically review performance and publish these results annually.
• Covid-19 recovery:

  Covid-19 recovery

  Covid 19 General Policy 2022 ; • To promote physical distancing between staff members; • To promote physical distancing between customers and staff members; • To promote physical distancing between groups of customers; • To provide physical distancing in welfare areas; • To provide facilities for hand hygiene; • To promote responsible respiratory etiquette; • To arrange for the hygienic cleaning of contact surfaces; • To provide facilities for segregating anyone who shows symptoms of Covid-19 while on the premises; and,; • To arrange for the hygienic cleaning and disinfection of surface if anyone shows symptoms of Covid-19 while on the premises.; • To ensure staff can WFH when and if required due to any Covid outbreak; • To support staff members affected by Covid 19
• Tackling economic inequality:

  Tackling economic inequality

  Docuflow believe that social quality and purpose is of the utmost importance to being recognised as a socially responsible organisation.; From creating business and employment opportunities, to improving and providing staff education and training, Docuflow is committed to tackling economic inequality. Our core policy is to be committed help lower the unequal distribution of income and opportunity between different groups in society by viewing everyone as unique no matter what their background. We believe in a supplier base which is reflective of the modern UK diverse society and recognise that prompt payment of invoices helps smaller organisations function effectively with this in mind we aim to settle supplier invoices well before the due date so that we are helping with smaller organisations cash flow and not being a partner who will negatively impact their organisations and ability to function.
• Equal opportunity:

  Equal opportunity

  Equal Opportunity Statement; ; “At Docuflow, we understand that everyone is unique, we embrace and respect an individual’s views, lifestyle, experiences, and positive ambitions and are committed to providing an environment where that person can be successful physically, emotionally, personally and professionally”
• Wellbeing:

  Wellbeing

  Policy Statement; ; Docuflow defines wellbeing as the experience of overall health. It encompasses good mental, physical, financial, and social health.; ; The aim of this policy is to create a workplace culture where employees feel comfortable to talk, seek help and support, and where wellbeing is recognised and embedded into Docuflow working practices.; ; Docuflow is committed to being recognised as a responsible employer, that supports the wellbeing of all its employees.; ; Docuflow recognises that its employees may encounter, throughout their lives, events that may affect them in the workplace including those related to their health, personal or domestic situation as well as work-related problems. The policy will provide a framework within which Docuflow will encourage and facilitate working practices and services that support employee wellbeing.; ; Director Statement; ; This policy will apply to all employees including those employed on temporary or fixed term contracts. Docuflow will engage with non-Docuflow employees such as visitors, agency staff, and students, and signpost them to the appropriate support.; ; Docuflow is committed to promoting and supporting the wellbeing of all its employees, to create an inclusive culture which focusses on prevention, and where issues are identified, minimised, and managed before they have a detrimental impact on employees; ; Policy ; ; Docuflow recognises that a rounded approach to employee wellbeing can foster a thriving workforce, which can deliver on its objectives to achieve increased employee engagement, productivity, retention, and recruitment.; ; *full policy avaialable upon request

Pricing

• Price: £25.00 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We provide a full working trial licences with instruction of how to use; Development work is not including , normally it is for 14 days but can be extended.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.rowlands@docuflow.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.