Govforms is designed from the ground up to meet the security, compliance, and data handling requirements of UK government and public sector organisations. Every layer of the platform, from encryption and access control to hosting and audit is built to help your security team.
All data handled by Govforms is protected with industry-standard encryption, both in transit between users and the platform and at rest within our UK-hosted infrastructure.
.svg)
TLS 1.2+ encryption in transit.
All communication between users, the Govforms builder, and deployed services is encrypted using Transport Layer Security 1.2 or higher. This includes form submissions, file uploads, API calls, and builder sessions.
AES-256 encryption at rest.
Submission data, uploaded files, and service configurations are encrypted at rest using AES-256 within our UK-hosted AWS infrastructure. Encryption keys are managed through AWS Key Management Service with automatic rotation.
Secure file handling.
User-uploaded files pass through virus scanning and optional face blurring before storage. File type and size validation is enforced at the platform level. Files can be stored in Govforms or routed directly to your own AWS S3, Google Cloud Storage, or Azure Blob Storage.
Encrypted API communications.
Outbound API calls from Govforms actions support mutual TLS with client certificates, ensuring secure authenticated communication with your downstream systems.
SSL certificates for custom domains.
Services running on custom production domains (e.g. apply.service.gov.uk) are protected with managed SSL certificates, or you can provide your own.
Govforms provides granular role-based access control across both the builder platform and deployed services, ensuring that users can only see and do what their role requires.
Five user access levels.
Every library supports five distinct roles: Admin (full control including user management and MFA enforcement), Live Data (access to production submission data and analytics), Designer + Analytics (build and edit services, view performance dashboards), Read-only (view service designs without editing), and QA Tester (access to QA environment only). Roles are assigned per library, so users can have different permissions across different organisational units.
MFA enforcement.
Multi-factor authentication can be enforced at the library level, requiring all users to authenticate with a second factor before accessing the builder or live data. This applies to all access levels.
Properties and secrets management.
API keys, credentials, and configuration values are stored as environment-specific key-value pairs within each library. Production secrets are separated from QA secrets, and access is restricted by user role. Secrets are never exposed in service designs or prototypes.
Govforms API keys.
Programmatic access to library resources is controlled through dedicated API keys with defined scopes, allowing integration with CI/CD pipelines and external tooling without exposing builder credentials.
Seven authentication methods.
Each deployed service can be configured with the appropriate authentication method for its audience: anonymous access, GOV.UK Notify magic link, OIDC/OAuth 2.0 (Azure AD and other providers), AWS Cognito with MFA, configurable session timeouts, save-and-return modes, and group-based sharing.
Session management.
Configurable inactivity timeouts with user warnings ensure sessions are closed after a defined period, reducing the risk of unattended access. Timeout durations can be set per service.
Group-based sharing.
For multi-party processes, users within the same group can view each other’s submissions. This enables caseworker teams and collaborative workflows without exposing data across organisational boundaries.
Read-only mode.
Submissions can be shared in view-only mode for review, audit, or reference purposes without granting edit access.
Authorization actions.
Permission checks and role-based access decisions can be embedded within service flows, ensuring users can only progress through journeys they are authorised for.
Govforms enforces strict separation between development, testing, and production environments, ensuring that test data never touches live systems and that changes are promoted through a controlled pipeline.
Three isolated environments.
Every service has access to Prototype, QA, and Production environments. Each runs independently with its own data store, configuration, and integration endpoints. There is no data leakage between environments.
Prototype environment.
Always available and instantly updated as you build. Used for design iteration and stakeholder previews. Prototype data is completely separate from QA and Production. Shareable preview links can be generated for user research and feedback without exposing any live data.
QA environment.
A dedicated deployment target for integration testing and user acceptance testing. QA can be pointed at test API endpoints and test authentication providers, allowing full end-to-end verification without touching production systems. QA has its own analytics dashboard.
Production environment.
The live, public-facing or staff-facing deployment. Production uses its own secrets, API endpoints, and authentication configuration. Custom production domains are supported with managed or provided SSL certificates.
Controlled promotion.
Changes are promoted between environments with explicit actions — never automatically. Every promotion is logged in the revision history with full traceability of who promoted what and when.
Private cloud options.
For organisations with specific hosting requirements, Govforms supports deployment into dedicated infrastructure. Contact us to discuss private cloud arrangements for your department.
Govforms captures a complete, tamper-evident record of every event across the platform. From builder changes to live submissions, every action is logged and available for inspection.
Full event-level audit log.
Every interaction is recorded: page views, form submissions, field validations, action executions (API calls, emails, file uploads), errors, and review decisions. Audit entries include timestamps, user identifiers, and event details.
Review workflow audit trail. For services using multi-stage approval workflows, the complete review history is preserved and visible to subsequent reviewers. This includes approval decisions, return-to-applicant comments, cancellations, and withdrawals, providing full accountability across the review chain.
Submission data viewer.
A searchable, filterable table of all submissions with full field data. Authorised users can inspect individual submissions, track their status through review stages, and export data for reporting.
Performance dashboard.
Real-time analytics covering completion rates, bounce rates, drop-off pages, validation failure rates, journey times, and device/browser breakdown. Dashboards are available for both QA and Production environments, with no analytics cookies required — all data is captured server-side.
Tagged field analytics.
Specific field values can be tagged for tracking in the analytics dashboard, allowing you to monitor key data points like service type selections, eligibility outcomes, or regional distribution without building custom reports.
Action failure alerts.
If an API call, email notification, or other post-submission action fails in production, Govforms sends an email alert to your configured team. This ensures integration issues are caught immediately rather than discovered through user complaints.
Revision history.
Every change to a service design — page edits, logic changes, action configurations — is tracked in a full cross-user revision history. You can revert to any previous version at any stage without losing intermediate iterations.
Govforms holds the certifications that UK government procurement teams require. Our certifications are independently assessed and maintained through annual audit cycles.
ISO 27001:2022 — Information Security Management
Govforms is certified to ISO 27001:2022, the international standard for information security management systems (ISMS). This certification covers the design, development, hosting, and support of the Govforms platform. Our ISMS is independently audited annually and covers risk management, access control, incident response, business continuity, and supplier management.
ISO 9001:2015 — Quality Management
Our quality management system is certified to ISO 9001:2015, covering our development processes, customer support, and service delivery. This ensures consistent quality in how we build, deploy, and maintain the platform.
Cyber Essentials Plus
Govforms holds Cyber Essentials Plus certification, the UK Government’s enhanced cyber security standard. Unlike the basic Cyber Essentials self-assessment, Plus includes independent hands-on testing of our systems and controls. This certification is a mandatory requirement for many government contracts involving the handling of sensitive data.
AWS Well-Architected Partner
Govforms is an AWS Well-Architected Partner, meaning our cloud infrastructure has been reviewed against AWS’s five pillars: operational excellence, security, reliability, performance efficiency, and cost optimisation. This gives government teams confidence that the underlying infrastructure follows cloud best practices.
Crown Commercial Service Approved Supplier
Govforms is an approved supplier on the Crown Commercial Service framework, including G-Cloud. This means government departments can procure Govforms through established, compliant procurement routes without running a separate competitive tender. Our services are listed on the Digital Marketplace.
Regular Penetration Testing
The Govforms platform undergoes regular independent penetration testing to identify and address potential vulnerabilities. Test results are reviewed and remediated as part of our ISO 27001 continuous improvement cycle. Penetration test summaries are available on request to government procurement and security teams.
All data processed by Govforms remains in the United Kingdom at every stage of its lifecycle. We do not transfer, process, or store data outside the UK.
UK-only hosting.
The Govforms platform runs entirely on AWS UK regions. All compute, storage, databases, and backups are physically located within the United Kingdom. No data leaves the UK at any point.
UK-resident backups.
Fully managed backups are stored within UK data centres. Enhanced support customers benefit from a 1-hour Recovery Point Objective (RPO) and 24-hour Recovery Time Objective (RTO), ensuring rapid recovery in the event of an incident.
GDPR compliance.
Govforms is designed to support your GDPR obligations. Submission data is encrypted at rest and in transit, access is controlled through role-based permissions, audit logs provide full accountability, and data can be deleted or exported on request. Govforms acts as a data processor on behalf of your organisation as the data controller.
No analytics cookies.
Govforms captures analytics entirely server-side. There are no analytics cookies placed on end users’ devices, which means no cookie consent banners are required for your services. This simplifies your GDPR compliance posture and improves user experience.
Data portability.
Submission data can be exported via the submission data viewer in the builder, or routed directly to your own systems through API actions, SharePoint integration, or cloud storage (S3, GCS, Azure Blob). You retain full control over where your data goes.
Private cloud options.
For departments with specific sovereignty or isolation requirements that go beyond standard multi-tenant hosting, Govforms can be deployed into dedicated private infrastructure. Contact us to discuss private cloud arrangements for your organisation.
Revision history.
Every change to a service design — page edits, logic changes, action configurations — is tracked in a full cross-user revision history. You can revert to any previous version at any stage without losing intermediate iterations.
