NHS Shared Business Services

NHS SBS Robotic Process Automation (RPA) and Intelligent Automation Cloud Software

Our RPA offering, excelled by Intelligent Automation, Artificial Intelligence and Machine Learning, providing a transformative platform to automate mundane tasks, optimise processes, and unlock new opportunities for growth and competitiveness. We streamline operations, improve customer experiences, or drive digital transformation, our RPA solutions are key to unlocking the full potential.

Features

• RPA & Intelligent Automation as a fully managed service
• Automate logic-based process using RPA
• Cloud based scalable solutions
• Build solutions that use AI and ML capabilities
• Process auditing via documentation for ‘As-Is’ and ‘To-Be’ states
• Software licences for UiPath, and SS&C Blue Prism
• Partnerships with industry leaders, Blue Prism, UiPath and others
• Migration Support between Cloud Providers
• The enablement of automation integrations into Salesforce and Oracle applications
• Seamless integration with MuleSoft into Salesforce, enabling smooth data exchange/connectivity

Benefits

• Improved Productivity
• Increased process accuracy
• Able to scale to meet demand instantly.
• Lower costs due licencing models and solutions
• Reduced time to see ROI.
• Solutions focused on benefit, rather than technology
• Security, Auditory & Regulatory Compliance (ISO27001 Accredited)
• Department of Health and Socialcare (DHSC) with Sopra Steria
• Access to industry leading vendors through partnerships
• Competitive cost model

£800 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sbs-b.bidmanagement@nhs.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

295938683676244

Contact

Louise Hillcoat
07720899258
sbs-b.bidmanagement@nhs.net

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No constraints to detail at this stage. NHS SBS will collaborate with you during the proposal stage to identify any such constraints tailored to local considerations and requirements.
• System requirements: Blue Prism software and hardware requirements

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: UiPath offers three types of technical support programs:; (1)Standard support is in English and included with every license purchase. Available during regular UiPath business hours for each region, and 24/7 support is available for Priority 1 (P1) issues. Standard support is free.; (2)The Premium Support plan is meant for customers who:; -Have critical business processes in production which require 24x7 support, accelerated case response and resolution and mission-critical support.; -Want assistance with initial architectural analysis as well as basic installation and upgrade preventive care; (3) The Premium Plus Support plan is meant for customers who:; -Have critical business processes in production which require 24x7 support, accelerated case response and resolution and mission-critical support.; -Want coordinated, ongoing assistance with their architectural design; -Are new customers seeking to build a strong foundation and confidence in their automation program; -Are mature organizations seeking to expand the benefits of their automation program; -Want to inject UiPath product and implementation expertise in planning, training and quickly enabling relevant features; -Seek to drive continuous improvement and technical maturity in their automation program; Premium plans include a Technical Account Manager; Please see; https://www.uipath.com/support/packages-options
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Our experienced team at NHS SBS collaborates closely with clients to craft a comprehensive roadmap for the implementation of data visualisations and automated reporting cloud services. We establish a true partnership, prioritising a deep understanding of your objectives and challenges. Our holistic offering encompasses design, planning and consultancy services throughout the entire transformation lifecycle.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: SS&C Blue Prism does not pertain or archive data used by automations during processing.; Audit logs are exportable as .CSV; SS&C Blue Prism Automation process designs are exportable as XML based export formats.
• End-of-contract process: When using SS&C Blue Prism cloud platform, platforms are deleted after 90 days, including the AWS or Azure subscription that they align to.; Any configuration information of logs requests will be shared at the end of the contract.; For both On-Premises or Cloud based deployments, access to support services and updates ceases on end of contract

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: SS&C Blue Prism features are securely accessed via Web Browser based applications or, in the case of some administrative tasks, remote client applications assessed via secure Remote Desktop Connection
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None.
• API: Yes
• What users can and can't do using the API: From an integration standpoint, in the realm of automation, the Cloud Platform (SaaS) or Cloud Deployment can connect with applications through APIs. The Orchestrator's REST API comprehensively supports all server-side operations such as adding robots, processes, assets, queues, and initiating/stopping/scheduling processes programmatically. This serves as the standard method for integrating with external BPM or workflow tools, ERP, CRM, or any other applications. The Orchestrator REST API boasts robust capabilities to seamlessly integrate with partner BPM systems or other applications, offering 22 Custom API methods for accessing and controlling 29 logical resources within Orchestrator, including Jobs, Logs, Queues, Robots, and Settings. For instance, users can easily employ external applications like chatbots to trigger robots for specific tasks based on input within the chatbot. For more details on the APIs200 words max.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Users' services are separated between customers.

Analytics

• Service usage metrics: Yes
• Metrics types: Customers can view the availability of the services and incidents that have occurred using the portal: http://status.uipath.com
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: SS&C Blue Prism

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data in XML.
• Data export formats: Other
• Other data export formats: Users are able to export their data in XML
• Data import formats: Other
• Other data import formats:
  • Data cannot be imported but created in the Cloud Platform
  • Manual steps for migration from on-prem to cloud-platform are available.

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Service Level Standard; ; SS&C Blue Prism Cloud Services will be available to Customer for normal use no less than 99.9% of the Scheduled Uptime.; ; Calculation; a. (Actual Uptime / Scheduled Uptime) *; 100 = Percentage Uptime (as calculated by; rounding to the second decimal point); ; Performance Credit; a. Where Percentage Uptime is equal to or greater than 99.9%, no service credit will be due to Customer.; b. Where Percentage Uptime is less than 99.9%, Customer shall be due a service credit.; c. The service credit shall be in the amount of 5% of the monthly subscription fee (if the subscription fee is invoiced annually, the monthly fee is calculated by dividing the annual fee by twelve; the service credit is as calculated on a monthly basis for the reporting month).; d. The service credit shall increase by a further 5% for each full 1% reduction in Percentage Uptime, up to a maximum of 15%.
• Approach to resilience: Both SS&C Blue Prism Cloud and On Premise versions are designed, architected, delivered and managed as Enterprise class applications.; ; Further information on exactly how this is achieved is available from Blue Prism on request.
• Outage reporting: SS&C Blue Prism Cloud provides a service status page as well as proactive service notifications via email to nominated customer contacts.; ; SS&C Blue Prism solutions provide various web-based UI's to allow appropriately permissioned users to monitor, alert and resolve service outages as they occur.; ; SS&C Blue Prism Automations themselves can be configured to provide any technical or business notifications during operation, via any channel (email, web page, API call, pdf report, etc) to allow bespoke service outage, issue or exception reporting during processing.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: We will use Smartcards
• Access restrictions in management interfaces and support channels: SS&C Blue Prism provides detailed software security features that enable a secure environment and methodology. These mechanisms result in the only Enterprise RPA platform that can withstand increasing regulatory compliance and non-repudiation requirements.; • Centrally managed user access control, limiting access to named individuals only; • Role based access according to the principle of least privilege; • Multi-Factor security, such that no individual can make changes without secondary approval; • A complete retrospective audit/changelog of all activity; • Segregation of environments with separate controls governing each; • Infrastructural security
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV
• ISO/IEC 27001 accreditation date: 24 February 2016
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: NHS SBS operates a Quality Assurance Board, with SIRO, Caldicott Guardian and Info Sec Lead on panel. Business policies and procedures are submitted through this Board alongside regular reporting of Info Sec and Info Gov activity. NHS SBS commissions an audit of our DSP Toolkit annually, which includes our central polices and their application.; It is mandatory for all new employees to read all information security policies during the induction process, and regular 3rd party audits, internal monitoring, and an incident management process, provide data feedback from the business ensuring we capture and eradicate any breach of policy or process.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: SS&C Blue Prism offers an integrated Release Manager which applies structure, governance, and control to the Change and Release Management processes.; ; Release Manager controls the promotion of automations between environments as well as ensuring that this process is only carried out by authorised users, with all actions fully audited.; ; Every time a package is created or edited, this is recorded in the audit trail.; ; Customers with particularly strict information assurance requirements may have different Release Managers for each environment so that, for example, one user can create and export a Release from the Development environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: For every new platform release we perform penetration testing and vulnerability testing.; We remediate High and Medium issues before releasing to customers.; We also utilise a vulnerability management solution (Qualys) as part of our platform agents to feed into our Security, Information and Event Management (SIEM) solution.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: SS&C Blue Prism operates a comprehensive protective monitoring process across its services and internal operations.; In the interests of security, further details on these practices are available on request.; To date, all threats are identified and mitigated in our operations before they become an issue.
• Incident management type: Supplier-defined controls
• Incident management approach: Under Blue Prism's ISO/IEC 27001:2013 compliant ISMS, every single security Incident is logged, tracked, managed, and resolved under a documented process. Blue Prism operates a no-blame policy ensuring that all issues are immediately reported and the Incident Management process is initiated at point of reporting.; ; Blue Prism has a comprehensive IS strategy and documented policies across a number of areas such as employee vetting, etc.; Security and Vulnerability Assessments are carried out periodically which validate the appropriateness of controls which are in place and these include input validation and sanitisation; authentication and access control; audit; and management of sensitive information.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are dedicated to delivering social value and fighting climate change as part of everything we do and for the NHS SBS Robotic Process Automation (RPA) & Intelligent Automation Service, implementing a more efficient, digital-first solution is core to supporting the NHS achieve Net Zero. ; Our NHS SBS goal is to reach Net-Zero by 2040, 10 years earlier than the government target, and we are proud to have achieved a 33% reduction against our 2019 baseline. Our Net-Zero agenda guides our work on reducing our impact on the environment, and we have the flexibility to deliver specific actions for our individual contracts. ; NHS SBS brings extensive experience of fighting climate change as showcased through our CDP A-List position and our new Level 4 Evergreen assessment maturity rating. We will work with our customers to understand their specific social value needs and implement programmes that are proportionate, but always in addition, to the contract. ; For customers using NHS SBS Robotic Process Automation (RPA) & Intelligent Automation Service, we can baseline and deliver contract specific emissions reporting. Alongside this, we work from energy efficient buildings and offer working from home and flexible arrangements for all staff to reduce travel emissions. Moreover, we have a digital, cloud-first policy for all our services, aimed at minimising paper usage with an average target of 50% reduction over the life of the contract. ; Our dedicated Sustainability and Social Value team can share knowledge, and best practise with our customers through training to support emissions reduction. Finally, in addition to the core service, we can offer all employees working on this service 3 volunteering days which can be allocated to supporting environmental initiatives in the local area with partners such as Sow the City and the White Rose Forest.

  Tackling economic inequality

  We are dedicated to delivering social value and fighting climate change as part of everything we do and for the NHS SBS Robotic Process Automation (RPA) & Intelligent Automation Service, implementing a more efficient, digital-first solution is core to supporting the NHS achieve Net Zero. ; Our NHS SBS goal is to reach Net-Zero by 2040, 10 years earlier than the government target, and we are proud to have achieved a 33% reduction against our 2019 baseline. Our Net-Zero agenda guides our work on reducing our impact on the environment, and we have the flexibility to deliver specific actions for our individual contracts. ; ; NHS SBS brings extensive experience of fighting climate change as showcased through our CDP A-List position and our new Level 4 Evergreen assessment maturity rating. We will work with our customers to understand their specific social value needs and implement programmes that are proportionate, but always in addition, to the contract. ; For customers NHS SBS Robotic Process Automation (RPA) & Intelligent Automation Service, we can baseline and deliver contract specific emissions reporting. Alongside this, we work from energy efficient buildings and offer working from home and flexible arrangements for all staff to reduce travel emissions. Moreover, we have a digital, cloud-first policy for all our services, aimed at minimising paper usage with an average target of 50% reduction over the life of the contract. ; Our dedicated Sustainability and Social Value team can share knowledge, and best practise with our customers through training to support emissions reduction. Finally, in addition to the core service, we can offer all employees working on this service 3 volunteering days which can be allocated to supporting environmental initiatives in the local area with partners such as Sow the City and the White Rose Forest.

  Equal opportunity

  At NHS SBS, we recognise that a diverse workforce is key to the success of our business, encouraging different approaches and greater creativity. It is integral to our values that we are an actively inclusive employer. ; For any contracts delivered under the G-Cloud framework, we will work with customers to understand how we can create projects to support equal opportunity in alignment with the service being provided. Our dedicated Sustainability and Social Value team will support customers to understand their Social Value focus areas and drive and deliver bespoke activity in these areas.; In relation to equal opportunity, for customers that utilise our NHS SBS Robotic Process Automation (RPA) & Intelligent Automation Service, where appropriate, we will undertake a bespoke materiality assessment to determine the diversity of the workforce. This can look at data points including but not limited to, gender, religion, ethnicity, and disability. For this service, where improvements are identified, we can work alongside partners, customers, and our teams to implement programmes to address areas for improvement. ; For example, we recognise there is a UK-Wide disability employment gap, a key priority for the NHS. For this service, we would work with our partner DFN Project search to support young people with disabilities into internships in our organisation looking to target at least 4 young people per year. ; We have 7 strong inclusivity and diversity networks, and one area of focus is supporting women to reduce the gender gap, therefore, at NHS SBS, we have a mentoring programme for our female colleagues to utilise to support confidence and development in our organisation. However, to build on this further, for new contracts, we will ensure that any applicant from our service is given a place on the mentorship programme to improve the skills development of females.

  Wellbeing

  NHS SBS is dedicated to delivering social value and supporting staff wellbeing. We provide a working environment that contributes to positive health and wellbeing and are committed to supporting the overall wellbeing of the communities we are a part of. ; For employees who work on this service, we will empower managers and employees to work together in a trusting and open-minded way to achieve a healthy work/life balance for all.; Our employee centred initiatives can be implemented alongside NHS SBS Robotic Process Automation (RPA) & Intelligent Automation Service both in our organisation and by sharing best practise with customers. These initiatives include: ; - Accessible recruitment practices; - Flexible working options for all employees; - An employee assistance programme that supports employees with anything from mental and physical health issues to financial and legal concern; - Healthcare benefits; - An Employee Trust (providing financial support in times of hardship); - Mental Health First Aiders who act as a first point of contact for employees; ; Recent new measures designed to prevent and manage risks to employee wellbeing, together with appropriate training and individual support include:; - running regular initiatives to raise awareness of mental health issues at work. ; - encouraging all managers to have ongoing conversations about wellbeing and mental health with all their reports. ; In addition to supporting our colleagues who work on this service, we can also support the wellbeing of our wider community through our volunteering programme, which can deliver three days per employee and can focus on wellbeing projects such as those that support mental health, including social prescribing activity. ; ; Our dedicated Sustainability and Social Value team can support customers to understand their Social Value focus areas and drive and deliver bespoke activity in these specific areas.

Pricing

• Price: £800 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sbs-b.bidmanagement@nhs.net. Tell them what format you need. It will help if you say what assistive technology you use.