JN 21:6 LTD

J Forms

Cloud platform for Forms Builder. Based on MoJ forms. No code easy to build forms adhering to the Gov.UK design systems.
Forms as a Service.

Features

• No code Forms Building
• Conforms Gov.UK design system
• Support API, CSV, PDF, Microsoft Lists for data collection
• Conditional branching
• Custome validation
• Build form pages using a variety of question formats
• GOV.UK Pay for an uninterrupted payment journey
• Save and return feature
• Link form to a Google Analytics account to monitor performance

Benefits

• Easy to build forms - No coding required
• Ideal for UK Government form
• Ideal for digitisation of forms
• Use GOV.UK Design System for government design patterns and standards
• Managed hosting
• Accessible and secure by default
• WYSIWYG visual design tool

£199 a unit a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@jforms.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

902089176781478

Contact

Bijesh Babu
07718998946
sales@jforms.io

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • An internet connection and web browser to design/access forms
  • A validated email address to access the service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Business hours support 9 am to 5 pm, Monday to Friday, within which we respond to a question within 2 hours
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is available independently on GCloud. Experienced consultants can advise, design, build, and deploy your forms solution. They can also help you integrate J Forms APIs with your internal systems or build new workflows. Please refer to the SFIA rate card for charges.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: User documentation is provided. ; Customers can also try the forms builder functionality free of cost before purchasing the service.; Additional support services are available at extra cost.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: There is no need to extract the customer data as the forms platform does not store it. Any partially saved data will be encrypted, and won't be available to decrypt once the user session ends.
• End-of-contract process: Access to the J Forms services is terminated, and any forms and themes deployed by the customer are un-deployed and taken offline.; ; End users' answers to incomplete forms will be automatically deleted.; ; There are no additional costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All features are available for mobile and desktop web interfaces. We recommend using desktop for building the forms
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: J Forms APIs are provided to collect and integrate the data captured by the forms into your internal systems and databases.
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The look and feel of the J Forms are fully customizable; you can also have custom validations

Scaling

• Independence of resources: By monitoring the response times of the service, we scale our cloud resources when necessary

Analytics

• Service usage metrics: Yes
• Metrics types: Availability; user breakdown; form volumes
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: As soon as the end user submits the form the data will be transferred to customers systems and will be deleted from the Forms platform. A range of options are available for the customer to receive the submitted data. ie csv, pdf, API etc
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • JSON
  • XML
• Data import formats: Other
• Other data import formats: Doesn't support data import

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We aim for 99.95% uptime during any month. Users are free to cancel at any time if they are not happy with the availability of the service without any cancellation fees.
• Approach to resilience: This information is available upon request.
• Outage reporting: Via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Users must login to the form building service using a validated email and 2FA.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: We aim to follow the standards laid down by the ISO27001 framework

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We leverage cloud-based tracking software for seamless monitoring of changes throughout our software development lifecycle. Our codebase and configurations are securely stored in Git repositories, allowing for efficient version control with distinct tagging for test and live releases. Employing continuous integration and automated build processes ensures that our software remains consistently versioned. Integral to our pipeline are automated security tests, seamlessly integrated into our deployment process. Additionally, our infrastructure provider conducts continuous security monitoring across our testing and live environments, ensuring robust security measures.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We uphold a vigilant stance on security through our continuous monitoring strategy, integrating advanced security monitoring tools alongside the Security Vulnerability Assessment Service offered by our platform provider. Employing Platform as a Service (PaaS) instances, we benefit from automatic patching facilitated by our Infrastructure as a Service (IaaS)/PaaS provider. In instances where we rely on Infrastructure as a Service (IaaS), we implement an automated patch management service provided by our IaaS/PaaS provider. Additionally, we remain proactive in our security measures by subscribing to security bulletins disseminated by our IaaS/PaaS provider, ensuring swift responses to emerging threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We adopt a proactive stance with our continuous monitoring strategy, utilising the Continuous Security Monitoring & Threat Detection service provided by our IaaS/PaaS provider to identify potential compromises swiftly. ; In the event of a suspected compromise, especially if linked to a recent deployment, we take immediate action by reverting to the previous version of our service. Subsequently, we conduct a thorough investigation into the incident, tracing it back to the code or configuration responsible. Swiftly thereafter, we implement necessary fixes within our test environment, ensuring rapid resolution and strengthening our overall security posture.
• Incident management type: Supplier-defined controls
• Incident management approach: Our user ticketing system seamlessly integrates with our internal work management system, ensuring all incidents are promptly logged and tracked. These incidents undergo rigorous scrutiny through our code/configure - test - deploy pipelines and processes. Detailed documentation capturing the incident's description, background, and resolution is meticulously stored within our internal knowledge base, facilitating quick reference in case of future incidents. In the unfortunate event of an incident leading to the loss or potential risk to user data, affected users are promptly notified, and clear instructions on mitigating actions are communicated without delay.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We will actively work to reduce the environmental impact of our operations and contract delivery. ; This includes:; Implementing robust carbon reduction, energy efficiency, and waste management initiatives; Engaging our staff, suppliers, and communities to promote sustainable behaviors; Collaborating with partners to support environmental protection and restoration projects

  Covid-19 recovery

  To aid the national recovery from the pandemic, we will:; Create new employment, training, and skills development opportunities; Offer community support services and innovative ways of working to assist those affected; Leverage our capabilities to bolster local resilience and economic regeneration

  Tackling economic inequality

  We are committed to building a diverse and inclusive supply chain that creates opportunities for underrepresented groups. Our efforts will include:; Increasing the proportion of contract work awarded to SMEs, social enterprises, and minority-owned businesses; Providing new full-time jobs, apprenticeships, and other skills-building initiatives; Strengthening the capacity and capability of our supplier base

  Equal opportunity

  We will actively work to improve employment outcomes for disabled people, including:; Enhancing our recruitment, retention, and progression practices for disabled employees; Partnering with disability organizations to implement inclusive workplace policies and programs; Ensuring our products, services, and environments are accessible to all

  Wellbeing

  Underpinning all our social value activities is a commitment to maximizing the positive impact we can have on people's lives. We will regularly engage with our stakeholders to understand their needs and priorities, and use these insights to inform our decision-making and contract delivery.; By embedding social value across our business, we aim to be a force for good - creating lasting benefits for our employees, customers, supply chain, and the wider community. We will monitor and report on our social value performance to ensure continuous improvement and accountability.

Pricing

• Price: £199 a unit a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The forms Builder feature of J Forms is free. It does not allow live deployment.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@jforms.io. Tell them what format you need. It will help if you say what assistive technology you use.