Articles in this section

Core System Configuration

Tom Levitt
  • Updated
Follow

This article provides answers to frequently asked questions in relation to the Core System Configuration of FastDraft. 

This articles contains the following:

Is FastDraft able to operate effectively with a standard broadband connection (e.g. 8MB download speed, 2MB upload speed) and will be built and hosted on an industry-recognised robust coding platform.

FastDraft is built and hosted using a robust coding and hosting platform, namely Microsoft Azure and Microsoft DevOps, used by Uber, Adobe and the UK government. FastDraft uses an industry-recognised Microsoft Azure PaaS infrastructure to ensure security, along with load balancing, autoscaling, backups, disaster recovery and automated management to provide a reliable, stable, scalable and high performing application.

As part of our subscription to the Microsoft developer programme, we get free access to regular technical sessions with our CSM to keep up to date with technology trends and have access to Microsoft experts to discuss best practises of Azure developer platform services like CI/CD, DevOps and PaaS.

Our senior team have defined best practice from a coding perspective in our ISMS documents, notably JavaScript Coding Standards (ISMS-C DOC 14.1) and Microsoft.Net Coding Standards (ISMS-C DOC 14.2). We also follow an Agile development methodology set out in our Scrum Framework (ISMS-C_DOC_14.3), and we have a Software Development Life Cycle (SDLC).

We also use Solarwinds Pingdom Real User Monitoring (RUM) toolset. Its feature sets for cloud infrastructure provide us  detailed insights on platform performance based on typical broadband connections, real user scenarios and helps ensure we deliver best practice in user experience.

RUM is a passive monitoring technology which records and reports user interaction statistics. This is included within our licence fee and client progress reporting. We analyse RUM reports as part of our management reporting to spot any problems with our web applications and to improve reliability and performance. Our RUM tests include synthetic monitoring - monitoring a web application with data as if a real user were performing step-by-step actions, such as going to an early warning register, raising an early warning and exporting the risk register. This uses complex scripts to closely mimic user behaviour. Failed checks automatically generate alerts for our operations teams.

Our tests and reporting include detailed data such as:

  • Critical page availability
  • Page load time
  • Geolocation of website visitors
  • Browsers and devices used
  • Number of return visitors
  • Number of page visits by users
  • Number of requests per page

FastDraft operates effectively with a standard broadband connection (8MB download speed, 2MB upload speed) and only requires a modern browser with entry level specification on a laptop, desktop computer and mobile devices and a standard internet connection. There is no need for software/code/ActiveX controls to be downloaded to a user or supplier computer.

How is contract data quality maintained when data entry is done? Do you support features such as standard formatting across the system, including UK style for dates, currency etc., use of drop-down, check-boxes, radio buttons to limit free text entry wherever possible, fields that can be marked as mandatory or optional for entry by system administrators and free-text fields that have character limits stated?

Data entry is made easy by standard formatting across FastDraft, including UK style for dates and currency. FastDraft also supports currency formatting and multiple currency types. Our prebuilt workflows and contract communications forms include inbuilt validation of data fields and encourage compliance with use of drop-down, check-boxes and radio buttons to limit free text entry.

On the early warning form example shown below, users must use the date selector, they also cannot notify an early warning in the future, as it’s impossible to notify an issue that you don’t know about yet, so dates in the future are greyed out.

This same workflow also mandates the user to complete other mandatory fields on the form and provides a warning if not completed (see screenshot).

We currently preconfigure fields to align to contract types and, where appropriate, dynamically adjust the conditional content of forms based on user inputs, which means that any fields that are not hidden are mandatory. Our workflow editor allows certain fields to be completely hidden if they are not required. We also support custom fields with configurable character limits which can be either optional or mandatory. The labels for these fields can include their mandatory and optional status as well as character limits.

Text fields/input fields dynamically adjust to include a scrollbar if the text entered exceeds the size of the input fields and the fields on the printed version of all communications automatically adjust to accommodate all the entered text.

Does FastDraft support Azure single-sign-on across all modules and functional areas? If there are several separate instances of FastDraft across our organisation group would single sign on support a single password for all of these instances? Does FastDraft support two-factor security for logins which are not from trusted networks i.e. multiple authentication methods on a single instance or a federated single sign on?

FastDraft uses Auth0 authentication service and works with several Single Sign-On solutions, including MS Azure Active Directory (via oAuth 2.0/OpenID Connect) and supports a federated (or multi-tenanted) service which will allow several separate instances of Azure across an organisation’s group.

We will request the customer to provide the relevant data for the federated Azure AD services, so that we can create a trust relationship through the Auth0 platform which will allow staff to access FastDraft using their existing credentials.

Federation is a collection of domains that have established trust e.g. the customers and the customer’s Group companies’ instances of Active Directory and BI’s FastDraft. Set up of Single Sign-On using Active Directory Federation Services (AD FS), breaks down into 4 key steps:-

  • Add a Relying Party Trust (RPT)
  • Create claims rules
  • Adjust the trust settings
  • Locate your certificate and complete set up in FastDraft

All modules and functions of FastDraft are authenticated and support Azure single-sign-on. Our API documentation is available on request to demonstrate this.

FastDraft also supports two-factor authentication (text/authentication app/password-less) for logins which are not from trusted networks.

Does FastDraft  operate with security monitoring via Azure Sentinel.

FastDraft is hosted on Microsoft Azure and easily operates with Azure Sentinel. We currently use Azure Security Centre.

Implementing Azure Sentinel would be as simple as enabling this feature within Azure, configuring the required regional workspaces and sentinel services to ingest data from the relevant Azure PaaS resources (i.e. Security Modules, App Services, SQL Servers, Blob storage etc.).

Does FastDraft allow users to carry out self-service password reset via their official email address? Do lost usernames require helpdesk support and confirmation?

User can currently reset their password from the login page via their official email address.

It is worth noting that when Single Sign-On is implemented, resetting of passwords is typically controlled by the authentication service e.g. the customers’ Azure Active Directory. Where a customer uses a federated service with some non-trusted networks, we would support native password resets as well as password resets through the customer’s Group Azure Active Directory.

Contact details for our customer support team are included in all communications (both welcome emails, general notifications, and training packs). In case a user loses their usernames they can reach out to our helpdesk support and your superusers.

Does a user’s password structure follow UK National Cyber Security Centre guidance?

We follow NCSC’s password structure guidance by,

  1. Reducing your reliance on passwords by
    • implementing SSO and MFA, helping to reduce the number of passwords required to access resources.
    • using Auth0’s IDaaS platform to create connectors for services which provide a rich feature set such as multi-factor authentication, one-time passwords, password-less authentication, password strengthen monitoring and more.
  2. Implement technical solutions by
    • configuring a number of additional security controls on its services and platforms to prevent brute force and DDos attacks with Azure Defender service for our hosted solutions such as FastDraft and, where possible, enabled and configured for our other SaaS platforms / services (i.e. Reachback, Academy, Helpdesk etc.)
    • enabling a number of features to help prevent brute force attacks such as, notifying the user of failed login attempts, blocking the suspicious IP address and locking the account until the true owner of the account releases the block.
    • Using Auth0 monitoring tools and services that allow us, as administrators of the service, to review attempted attacks and either remove the blocks, notify the users, provide a limited day pass or force a password reset.
  3. Protect all passwords by
    • Enforcing all traffic to and from its platforms and services be done over HTTPS/TLS1.2+ protocols.
    • Protecting access to our management systems by requiring our staff to use strong, random passwords managed using LastPass.
    • Proving SHA-256-bit encryption where passwords are used. 
    • Protecting databases that contain user authentication credentials by hashing and encrypting this data, so passwords are not discoverable, even by BI staff
    • Implementing ISO 27001 policies for any “Administrator” access to FastDraft also requires MFA.
  4. Key messages for staff training by
    • Providing ISO 27001 training to all staff, highlighting the importance of using password vaults with randomly generated strong passwords. LastPass provides “Security Score” for each staff member.
    • Configuring LastPass to ensure passwords are randomly generated strings with at least 16 characters, containing a special character, upper and lower case characters.
    • Helping staff and users prioritise important accounts by enabling MFA requirements and LastPass training.
    • Providing interactive training courses on ISO 27001 topics and policies ensuring training is easy to follow and understand.
  5. Help users generate better passwords by
    • Providing LastPass to ensure passwords are randomly generated and strong and provides a mechanism to measure the security score of stored passwords
    • Configure LastPass to enforce passwords that are at least 16 characters long.
    • Configure LastPass to not restrict the maximum length of passwords.
  6. Help users cope with password overload by
    • Providing LastPass to all staff members and have ISO 27001 policies in place detailing how to use password vaults.
    • Providing login rules that can notify user of their login location and notify users of repeated failed login attempts.

Does the system support storage of documents and media in a range of common office formats?

FastDraft stores documents and media in a range of common office formats under both its document management module, for general contract documents, drawings, etc, and for attachments to specific contract notices.

Any file format can be supported, but we have preconfigured FastDraft to allow certain file formats (see screenshot below) and restricted unrecognised file types. This can be changed as part of the implementation plan if required, it's as simple as a configuration setting. File size limits are also configurable and set by default to 350MB. All attachments are checked for viruses and malware.

The storage functionality allows drag and drop, browsing for files on the computer or mobile device, as well as bulk upload.

Does FastDraft support the flexibility to offer customisable fields for use across the system? Can FastDraft be customised with additional or custom fields?

FastDraft provides a “Custom fields” function which allows fields to be added to:

  • any workflows (such as early warning notices or CE)
  • user profile e.g. employee IDs
  • company/supplier profiles e.g. CPV codes, etc.

such that unique data from third party systems used by the customer can be added to the different parts of FastDraft, ensuring data validation is also enforced on these custom fields (with mandatory fields, character limits, etc.) These extra fields will be displayed in registers and reports in the UI and available via our API for reporting purposes.

Custom fields are displayed at the bottom of the relevant form and can be added to all pages in FastDraft such as workflow forms, company profile page, project and contract overview pages and user profile page.

Can FastDraft be used whilst mobile, from a tablet or, in a limited way, from a smartphone? Does FastDraft have a responsive design user interface?

All workflows and the rest of the application is fully functional using a mobile device, as FastDraft employs a fully responsive user interface based on Bootstrap framework. Mobile browser support includes:

  • Safari in Apple iOS 10 or later
  • Google Chrome in Apple iOS 10 or later
  • Google Chrome in Android OS 4.4 or later

FastDraft provides dedicated workflows for the site diary and weather records, in addition to  32+ other workflows to support communicating contract comms and track contract status via a mobile device.

We use the Google Chrome Developer toolkit and a third party WCAG compliance monitoring software https://accessi C DOC 17A be.com/ to check compliance to Bootstrap responsive design framework and WCAG Level AA Criterion 1.4.10 which encompasses responsive design without loss of information or functionality for people with visual impairments. We comply fully with this and wider AAA requirements and this is monitored continuously with alerts set.

Does FastDraft support rich text formats, including copy/paste operations, so that bold/italic/bullet points etc. can be used.

FastDraft supports rich text, so that bold, italics and bullet points can be used, as well as coloured text. Copy/paste functions are also supported between browser tabs and into third party software. Italics are turned off by default but can be enabled free of charge as part of implementation, it’s as simple as turning this feature on. Italics are already supported via a keyboard shortcut [ctrl+i], but for this feature to be on permanently must be added to the implementation plan.

Does FastDraft allow multiple windows or notices to be viewed simultaneously to allow easy comparison between two or more related issues and copying and pasting between communications?

FastDraft allows multiple screens to be viewed simultaneously by the same user in separate windows or browser tabs to allow easy comparison of notices and/or copying and pasting information between notices if required.

Our API also supports a version checking, so if two users have the same notice open simultaneously in draft and one updates it, if the other user then tries to update the same notice the user will get a message telling them that they are not working on the latest version of the notice and to reload it.

 

Related articles

Comments

0 comments

Article is closed for comments.