HYLAND UK OPERATIONS LIMITED

Alfresco Digital Business Platform

Alfresco Digital Business Platform (DBP) is Hyland's cloud-native, open-source content services platform that includes industry-leading content, process, and governance services.
Alfresco DBP enables enterprises to build smart, content-centric business applications that transform their businesses: enhancing customer experiences and improving decision making, while ensuring compliance with regulatory requirements.

Features

• Manages, protects and connects your most important information
• Safeguards confidential corporate assets wherever they're accessed or stored
• Federated Service allows you to access content across systems
• Unmatched combination of simplicity and control for information governance
• Remote access
• Fast, powerful search including full-text search of text and metadata
• Analytics components report data to external databases and monitoring systems
• Built on open-source core, supports open standards and open APIs
• Configurable user interfaces enabling employees to easily access relevant content
• Web-enabled; works on smartphones, tablets, or any standards-compliant browser

Benefits

• Digitise and streamline content, governance and processes in one platform
• Collaborate with confidence, whilst maintaining data confidentiality
• Access content without risky, costly and time-consuming bulk migration
• Confidence in your ability to demonstrate continued compliance
• Automatically enrich content and gain valuable insights
• Find the information you need when you need it
• Make better decisions based on real-time data
• Easily integrate with other applications (and content) for efficient working
• Employees view content in way that works best for them
• Supports a mobile workforce, ensuring critical information always at hand

£245.05 to £702.00 a user

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at governmentcontracts@hyland.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

289002023612948

Contact

Stacey Chapman
+121 639 60261
governmentcontracts@hyland.com

Service scope

• Service constraints: Buyers should know about maintenance windows. Scheduled Maintenance is defined as:; Alfresco Scheduled Maintenance Windows – modification or repairs to shared infrastructure or platform patching and upgrades that Alfresco has provided notice of at least seventy-two (72) hours in advance or that occurs during 6:00 am to 10:00 am on Saturdays Eastern Time Zone.; Scheduled Customer Maintenance – maintenance customer requests and Alfresco schedules with customers in advance.; Scheduled Customer Deployments – customer requests that Alfresco schedules with the customer in advance.; Emergency Maintenance – critical unforeseen maintenance for security or performance of customer configuration/Alfresco's network.
• System requirements:
  • Operating System: Red Hat Enterprise Linux; Windows Server 2019
  • Operating System: Amazon Linux; CentOS
  • Operating System: Ubuntu
  • Database: MySQL; MS SQL Server
  • Database: Oracle; PostgreSQL
  • Database: MariaDB; Amazon Aurora
  • Browsers: Mozilla Firefox; Microsoft Edge
  • Browsers: MS Internet Explorer; Chrome; Safari

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support is provided Monday to Friday during standard business hours, and in accordance with the customer agreement. ; Hyland does not guarantee response times; however, support issues that materially impact production use of the system are addressed immediately. Hyland endeavors to identify a workaround whenever a permanent solution to a software error cannot be provided within a reasonable timeframe. The Technical Support analyst assigned to a support case is empowered to determine its impact on a customer’s implemented product per defined Severity Levels, and to obtain immediate attention to the issue as required.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Hyland Technical Support offers multiple self-service and assisted support opportunities to assist customers in resolving issues being experienced with their implemented Hyland technology solution.; ; Hyland support centers are available 24x7 by telephone for Alfresco emergency production system down support issues. Support for all other issues is available Monday through Friday, 8:00 AM to 6:00 PM based on a customer’s location, excluding major holidays, and should be reported using Hyland Community.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Depending on the security requirements your deployment users can enrol through self-service.; We will provide training courses for the customer's administration team in how to configure the system, manage users, and how to manage the community. The platform includes an integrated onboarding guide called "Getting Started" which guides new users through the primary functions of the platform. Platform administrators will have access to our documentation knowledge base and part of the support function is to help administrators get the best out of the platform.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: Github
• End-of-contract data extraction: In the event that a customer wishes to cancel the service, Hyland will provide the following off-boarding assistance for 30 days: ; ; While the Alfresco Cloud will go into read only mode, the customer will continue to have access to the data extraction capabilities for 30 days. This allows the customer to extract all content within the Alfresco Cloud.; If the customer provided custom code for Alfresco to deploy, upon the customer's written request, Alfresco will return a copy of that custom code to the customer.; For large content stores, Hyland will work with the customer to find the most cost effective method for retrieving or transferring the data. Additional fees may be required for this assistance and/or to migrate content in bulk.; While the Alfresco Cloud will go into read only mode, the customer will continue to have access to the data extraction capabilities for 30 days. This allows the customer to extract all content within the Alfresco Cloud.
• End-of-contract process: In the unfortunate event that a customer wishes to cancel the service, Hyland will provide the following off-boarding assistance for 30 days: ; While the Alfresco Cloud will go into read only mode, the customer will continue to have access to the data extraction capabilities for 30 days. This allows the customer to extract all content within the Alfresco Cloud.; If the customer provided custom code for Alfresco to deploy, upon the customer's written request, Alfresco will return a copy of that custom code to the customer.; For large content stores, Hyland will work with the customer to find the most cost-effective method for retrieving or transferring the data. Additional fees may be required for this assistance and/or to migrate content in bulk.

Using the service

• Web browser interface: Yes
• Using the web interface: The Alfresco Digital Workspace is the out-of-the-box end-user application for the Alfresco Digital Business Platform. It provides a simple and modern user interface that focuses on workforce efficiency where end users access files and work items quickly and easily. Built with a modern extension framework, the Digital Workspace is designed to be tailored to your needs. Customers may also elect to utilize the Alfresco Application Development Framework. ; The Alfresco Application Development Framework (ADF) is a modern javascript-based framework to rapidly build engaging web applications on top of the Alfresco Digital Business Platform. It provides a rich set of reusable Angular based UI components and services, command-line tooling and Javascript APIs that surface Alfresco Process, Content and Governance Services. Designed for developers, it allows the creation of responsive web applications that deliver outstanding experiences and truly support your digital transformation initiatives.; Through the available UIs, users will be able to to create/upload documents and folders, search and view documents, add/edit properties, manage users, permissions, and shared links, as well as managing records. Your users will also be able, via the UI, to create forms and processes, and start and interact with workflows.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Hyland uses various assistive technology tools to perform automated and manual testing. Additionally, Hyland utilizes third-party testers where the testing is performed, via assistive technologies, by testers dependant upon assistive technologies.
• API: Yes
• What users can and can't do using the API: Users can accomplish a variety of tasks using the Alfresco APIs, empowering them to integrate Alfresco with other systems, automate processes, and extend the platform's functionality.; Here are some common use cases and tasks that users can perform with Alfresco APIs:; ; 1. Content Management: Users can interact with content stored in Alfresco repositories programmatically, including creating, updating, retrieving, and deleting documents, folders, and metadata.; ; 2. Workflow Automation: Alfresco APIs allow users to automate business processes and workflows by programmatically initiating, managing, and tracking workflow instances, tasks, and transitions.; ; 3. Search and Discovery: Users can perform advanced searches against Alfresco repositories using the API, allowing them to find content based on metadata, full-text search, or custom query criteria.; ; 4. Integration with Third-Party Systems: Alfresco APIs support integration with other enterprise systems, such as CRM, ERP, or custom applications.; ; 5. User and Group Management: Administrators can manage users, groups, permissions, and access control lists (ACLs) within Alfresco repositories using the API, facilitating user provisioning, authentication, and authorization.; ; 6. Customization and Extension: Developers can extend Alfresco's functionality by building custom applications, dashboards, and user interfaces using the Alfresco APIs.; 7. Metadata Management; 8. Version Control; 9. Reporting and Analytics; 10. Content Transformation
• API automation tools:
  • Ansible
  • Chef
  • Puppet
  • Other
• Other API automation tools:
  • Can be managed using any standard Ci/CD tools and technologies
  • Build Tools: Maven, Gradle, Ant, etc.
  • Version Control System: GitHub, Atlassian BitBucket, SVN, etc.
  • Automation Server: Jenkins, Atlassian Bamboo, CruiseControl, Thoughtworks GoCD, etc.
  • Artifact Repository: Artifactory, Nexus, etc.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Alfresco Cloud uses AWS Virtual Private Cloud technologies to ensure your cloud instance is an isolated tenant private to you. ; In a PaaS environment, the only limitations are based on hardware and/or tier service levels. The higher the tier the fewer the limitations. ; There is no theoretical limitation on user number supported by a single server/cluster. The maximum number of users is more a function of what actions users are carrying out. We have seen multiple thousands of concurrent users running against a single Alfresco server. ; Alfresco uses Auto-Scaling of compute instances, native cloud storage (S3) and Database (Aurora).
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Encryption of all physical media AES-256; AWS KMS
• Data sanitisation process: Yes
• Data sanitisation type: Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Content
  • Database
  • Application Configurations
  • User Directory
  • Search Index
  • Application and Infrastructure Logs
• Backup controls: Data backup occurs at a fixed point in time according to a schedule specified by Alfresco. Any data collected or created between backups is vulnerable to data loss. The length of time between backups is the Recovery Point Objective. This is the point back in time to which a customer’s data can be recovered. Since backups take up considerable processing and storage resources, RPO levels are set per offering level, and enhanced back-up services are available if required. If a more frequent backup schedule is required, it must be pre-arranged with Alfresco and may result in some additional fees.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Alfresco Cloud Services offers different tiers - each tier has defined Recovery Point Objective targets (RPO) and Recovery Time Objective targets (RTO).
• Approach to resilience: The Alfresco Cloud has been designed following recommendations and best practices defined in the AWS Well Architected Framework. One of the benefits is that your deployment is spread redundantly across multiple availability zones providing resilience against underlying hardware failure.; To ensure consistency and repeatability, Alfresco Cloud deployments are fully automated with no manual steps. This gives confidence in correct deployments as the mechanisms used for deployments will have been fully tested before being run with no manual steps involved.; All Alfresco Cloud instances have a regular backup process, which is monitored for errors and regularly tested. These have defined Recovery Point Objective targets (RPO) and Recovery Time Objective targets (RTO) for the Alfresco Cloud operating environment varying based on which tier of Alfresco Cloud Services has been purchased.; Alfresco Cloud also includes comprehensive disaster recovery processes which will be regularly tested.; Your environment will be monitored for availability, capacity, and security incidents.; All infrastructure components, and the Alfresco Cloud itself, will be configured to capture key events and logs to enable the Alfresco team to have full visibility of the functioning of the system.
• Outage reporting: Email alert.; Customers will receive notifications on infrastructure related upgrades, outages, and the like.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
• Access restrictions in management interfaces and support channels: Access to the infrastructure is strictly controlled. All access is via controlled, audit logged access controls using strong PKI encryption. Accounts with access to the production environments are regularly reviewed. Access credentials are only provided on an “access required” basis to personnel who have undergone appropriate training and have passed all applicable background checking and onboarding requirements at the time of hire. These individuals are also subject to additional, ongoing information security and confidentiality training.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication
• Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The AWS certification was certified by EY CertifyPoint
• ISO/IEC 27001 accreditation date: AWS last certified in November 18, 2010
• What the ISO/IEC 27001 doesn’t cover: AWS details of certification available here: https://d1.awsstatic.com/certifications/iso_27001_global_certification.pdf
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: Certified since: November 6, 2020
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Details available here: https://d1.awsstatic.com/certifications/csa_star_certification.pdf
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC 2
• Information security policies and processes: The Alfresco Cloud follows the controls described in the SOC2 principles and is audited regularly against those controls. More widely, we have a corporate Information Security Management System (ISMS) that is aligned with appropriate industry standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Hyland provides the process and infrastructure for Customers to introduce change; into their environment via change management. Hyland follows internal change management procedures.; Generally, change requests are submitted via a change management system and are then evaluated by; subject matter experts. Upon approval by such subject matter experts, changes are implemented,; documented, and tested. Customers are responsible for testing all configuration changes, authentication; changes, and upgrades to their solution.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Hyland has a defined incident response and management policy, which includes processes for responding to product security vulnerabilities that are discovered after product release, as well as information security incidents identified within the Hyland Cloud.; ; Issues are categorised and communicated. Hyland will implement security fixes, patches, updates, etc. as they are released.; ; Hyland has an incident response policy for dealing with IS incidents that occur in the Hyland Cloud. The plan includes identifying necessary involved parties, defined management protocols of the incident, reporting protocols and requirements for Hyland personnel, defined incident response, notification and handling protocols, and post-incident reviews protocol.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We continuously monitor the user interface and the Public REST APIs to measure uptime availability for the Alfresco Cloud. Monitoring is made up of, but not limited to, the following critical system metrics:; Firewall and Load Balancer health checks; Resource Capacity on Servers (CPU/Memory/Disk Space); Monitoring the Health of the Operating System; Monitoring System Logs; Monitoring Application and Infrastructure Access Logs; Monitoring Search Indexes State and Performance; Monitoring Database Health and Performance of Database Indexing; Monitoring Repository Size and Performance; Monitoring Transformation Services Health and Performance; Monitoring background services such as backups ; System-wide Networking Performance Monitoring and Auditing
• Incident management type: Supplier-defined controls
• Incident management approach: Alfresco has a defined incident response and management policy, which includes processes for responding to product security vulnerabilities that are discovered after product release, as well as information security incidents identified within the Alfresco Cloud.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: We use AWS EC2 instance built on with AMI
• How shared infrastructure is kept separate: Data separation is a key focus for our security protocols. To achieve this, the Alfresco Cloud uses the AWS Virtual Private Cloud technologies to help ensure that your cloud instance is an isolated tenant that is private to you and not shared with any other customers.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Alfresco Cloud utilises AWS datacentres. As the leading cloud provider, AWS is energy efficient – 3.6 times more energy efficient than the median of surveyed enterprise data centers in the U.S. and up to five times more energy efficient than typical EU enterprise infrastructure.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Hyland continues to evaluate our approach and initiatives relating to Energy and Environmental Sustainability and Stewardship, to determine opportunities for improvement and enhanced policies, systems, measures, and practices.; ; As an organization, Hyland will work in stages to achieve environmental neutrality and show corporate responsibility. From an operations standpoint, several Hyland office locations hold environmental credentials, including LEED GOLD Certification and various Energy Star ratings.; ; Hyland is dedicated to helping our community, and with this dedication, Hyland recognizes that it has a responsibility to the environment beyond legal and regulatory requirements. We are committed to reducing our environmental impact and continually improving our environmental performance as an integral part of our business strategy and operating methods. Whether it's how we build our facilities or dispose of waste, or through the vendors we use, Hyland supports practices that intelligently recycle and reuse materials. Preserving resources and logically reducing waste is critical in all parts of our community, and Hyland is proud to support initiatives that contribute to a clean environment.

  Covid-19 recovery

  The future of work is already here. Employees’ demographics, their expectations from their employer and the tools they need for success are drastically different compared to the standard ways of working before COVID-19.; ; One thing is certain: Maintaining the decades-old status quo of paper-based, manual processes means falling behind the needs of 21st-century employees and the citizens they serve. Digital transformation and modernization are key to empowering your agency/enterprise for continued success in a digital-first world.

  Tackling economic inequality

  Tackling economic equality; ; Hyland understands our corporate responsibility in the community. We are committed and focused on doing all that we can to give back and to help in a way that is both responsible and encouraging.; ; Financial and In-Kind Donations: Since 2005, the Hyland corporate giving program has made financial, software and in-kind donations to nearly 500 nonprofit and educational organizations. Almost half of these contributions were in response to requests made by employees.; ; Charitable Events: Hyland coordinates several annual company-wide charitable giving events, giving employees a variety of ways to get involved; ; Community Engagement: Hyland is privileged by the opportunity to give back to the communities where we live and work. Each year Hyland expands our Community Engagement Program, making a difference through employee engagement, volunteerism and corporate giving.; ; Employee Engagement & Volunteerism: Hyland encourages employees to pursue and devote time to causes that incite their passion. The success of these programs has everything to do with Hyland’s greatest asset – their employees.; ; Financial and In-Kind Donations: When it comes to a worthy cause, Hyland puts its money where its mouth is. Hyland has these programs in place to support individual community interests. The company supports employees at the organizations they support through:; ; Matching Gifts - Match $1 for $1 employee contributions to nonprofits, up to $250 annually.; Dollars-For-Doers - Match $250 for every 24 hours volunteered at a community organization; up to $250 annually.; Leadership Grants - Donations to nonprofits ; ; Supporting Hyland Employees: Employees are family, and we actively engage in their well-being. Hylanders 4 Hylanders is an employee-funded emergency assistance program providing financial relief to colleagues in need.; ; Volunteerism with Options: The Hyland Volunteer Time Off (VTO) program empowers employees to take 12 hours of paid VTO per year to use volunteering at nonprofits.

  Equal opportunity

  It is Hyland’s policy to provide for and promote equal employment opportunities for all, without regard to race, color, religion, gender, national origin, age, physical or mental disability, marital status, sexual orientation, political affiliation, veteran status, or status as a member of any other protected group or activity, in accordance with applicable federal, state and local laws. This policy governs all aspects of personnel actions and employment including recruitment, job selection, job assignment, promotion, compensation, discipline, termination and access to benefits and training. Additionally, it is our policy that employees and applicants shall not be subjected to any form of harassment, intimidation, threats, coercion or discrimination under any circumstances whatsoever.; ; Hyland is committed to equal employment opportunity for all qualified job candidates and employees. No job applicant or employee will be discriminated against because of race, gender, age, disability, national origin, veteran status or any other characteristic protected by applicable law.

  Wellbeing

  We understand that true wellness isn’t one-size-fits-all. That’s why we provide diverse tools and resources that inspire employees to bring their best selves to work every day.; Hyland’s wellness programs consider what it means to truly be well, from a wellness center at headquarters staffed with nurse practitioners, to fitness reimbursements, support groups and friendly competitions to nutrition education, mindfulness resources and access to a mental health professional. And nearly all of these benefits are available remotely to our global workforce.; We understand the significance of financial peace of mind. Retirement planning, legal and financial advisors, and insurance offerings are just a few of the tools Hyland provides to help employees get and stay financially secure.; Hyland’s global workforce is encouraged and equipped to find balance with flexible schedules, team events and celebrations, telework options and even a sabbatical program.

Pricing

• Price: £245.05 to £702.00 a user
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A trial version of Alfresco Content Services is available in the following ways: ; Download: Docker-based, free for 30 days.; Online: Email activation, free for 14 days.; A trial version of Alfresco Process Services can also be downloaded. Point and click install, free for 30 days.
• Link to free trial: https://www.alfresco.com/try-alfresco

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at governmentcontracts@hyland.com. Tell them what format you need. It will help if you say what assistive technology you use.