Skip to main content

Help us improve the Digital Marketplace - send your feedback

OutSystems Ltd

Outsystems 11

OutSystems provides the only open, high-productivity application platform (PaaS) that makes it easy to create, deploy and manage enterprise mobile and web applications. OutSystems platform enables rapid delivery of Mobile and Web applications for all devices utilizing responsive web design.

Features

  • Application Development
  • Low Code
  • Development Operations
  • Full stack application development
  • Mobile development
  • Web development
  • Artificial Intelligence
  • Business process technology
  • Automation

Benefits

  • Rapid application development
  • Full stack application development
  • Visual application development
  • Built in AI develpoment
  • AI assisted development

Pricing

£78,300 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ben.bisley@outsystems.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 9 1 7 9 5 8 8 7 5 8 0 8 5 2

Contact

OutSystems Ltd Ben Bisley
Telephone: +447717661514
Email: ben.bisley@outsystems.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
OutSystems is a visual application development platform which can be used to build enterprise business applications and can also be used to integrate into any third part application and act as an extension to that software service
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
No constraints
System requirements
No system requirements if hosted on the OutSystems cloud

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response can be used through multiple channels, i.e. online portal, telephone, email, web chat
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Go to https://www.outsystems.com/, our chatbot will appear and offer support. It will direct you to the correct channel, may it be portal, documentation or telephone support
Web chat accessibility testing
None
Onsite support
Yes, at extra cost
Support levels
OutSystems provides different types of support levels. By default 8x5 support is included in all editions of the platform. Customers also have the chance to purchase Extended or Premier 24x7 support at an additional cost. A technical account manager can also be included at an additional cost.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
OutSystems provides all customers with an intuitive online portal which includes detailed guided paths and training courses to take you from start to finish on which ever certification you aim on completing, whether it be a reactive web developer, mobile developer, UI developer and so many more. It also includes an extensive amount of user documentation and user forums so you will have all the collateral at your fingertips whenever needed.

OutSystems can also provide onsite training. Enjoy a highly interactive hands-on instructor-led experience in a small group of fellow OutSystems professionals. You will deep-dive into OutSystems development and more, with the assistance of a Certified Trainer from OutSystems. These fully immersive instructor-led courses, which can be delivered in a classroom, remotely, or in a hybrid setting (with some participants in the classroom and others remote), are the best way to learn OutSystems.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Online portal
  • https://success.outsystems.com/documentation/
End-of-contract data extraction
It is up to the customer to extract any data before their contract ends. The data is either stored on a SQL or Oracle backend database, and the customer can request a full backup to their database before the contract ends. There are also multiple tools on the OutSystems Forge to extract data,
End-of-contract process
See SUBSCRIPTION (section 2) and TERM & TERMINATION (section 8) sections of Outsystems Master Service Agreement.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Yes
Compatible operating systems
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
With OutSystems you can build both mobile and web services. We provide an omnichannel experience
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
The service interface is that same experience as the rest of the development environment interface. One standard interface to make it easier for the users
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
To be confirmed
API
Yes
What users can and can't do using the API
OutSystems is a development platform, therefore you can expose or consume any API's through the platform. OutSystems provides APIs that allow you to extend the capabilities of your applications. With these APIs you can integrate your applications with external systems, and programmatically access OutSystems features.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
OutSystems is a low code, visual development platform, and therefore all applications developed within OutSystems can be fully customisable in an agile methodology

Scaling

Independence of resources
The OutSystems platform is designed for scalability, fully adjustable to the specific requirements of customers. As customer applications grow, whether in number of users, transactions, or volumes of data, to name a few, the platform easily handles the increased loads and demands. The OutSystems architecture supports vertical scalability (increasing the compute capacity of a single component, such as a server) and horizontal scalability (adding more components to distribute the load). As a result, customer applications can scale with virtually no restrictions.

Analytics

Service usage metrics
Yes
Metrics types
Full Metrics on the use of both the platform and applications designed and landed on the platform. This includes Application Object reporting as well as number of users, sessions and integrations
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data extraction can be done in multiple ways. Customers have the choice to have their data managed in Microsoft SQL or an Oracle database. Customers also have the ability to request backup copies of their data. OutSystems also offers varies data migration options in our community market place, the Forge - https://www.outsystems.com/forge/list?q=data%20migration&t=&o=most-popular&tr=False&oss=False&c=%20&a=&v=&hd=False&tn=&scat=forge
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Monthly Uptime Percentage is calculated as 100% minus the percentage of Downtime minutes out of the total minutes during that calendar month. Downtime minutes are counted as the number of minutes the Application runtime is not accessible to end users during the Support Access Periods the customer is entitled to. Where the Customer has more than one production runtime environment or stage, Uptime is calculated as the average of the availability of all such runtimes.

Service Remedy: Upon Customer’s timely notice to OutSystems in accordance with the Service Credits Claims process set forth below, if the availability of the OutSystems platform (measured separately for each Software product licensed by Customer when multiple Software products are licensed) for the month falls below the applicable Monthly Uptime Percentage commitment (Service Uptime exclusions apply), then OutSystems will credit to Customer for the next subscription renewal a portion of the subscription fees (measured separately for each Software product licensed by Customer when multiple Software products are licensed), prorated for the month where such failure occurred, as follows (each a “Service Credit”).
Approach to resilience
Available on request
Outage reporting
There are a number of ways OutSystems reports outages, including a public dashboard - https://status.outsystems.com/, an API and email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
OutSystems comes bundled with Identity Service, a built-in Identity Provider (IdP). It provides authentication, authorization, and user management for your organization and apps. As the default IdP, Identity Service is always available.

In addition, you can use an external, self-managed IdP as an authentication provider for your organization and your apps. You can use any IdP that follows the OpenID Connect (OIDC) standard. You can configure most commercial IdPs, such as AzureAD and Okta, to support this standard. ODC supports using PKCE (Proof Key for Code Exchange) with external IdPs for an additional layer of security.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Standards Institution
ISO/IEC 27001 accreditation date
10/08/2017
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
07/12/2023
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
None
PCI certification
Yes
Who accredited the PCI DSS certification
A-LIGN Compliance and Security, Inc. dba A-LIGN
PCI DSS accreditation date
01/12/2022
What the PCI DSS doesn’t cover
Multi-tenant provider
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
OutSystems has been certified and attested to confirm compliance with ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 9001 international standards standards, by independent auditors. Moreover, our Sentry offer holds a SOC 2 Type II and HIPAA attestations. Further details about these ISO certifications and SOC attestation and their contribute to OutSystems security practices can be found here: https://www.outsystems.com/compliance

Security policies and similar documents are classified as internal according to the OutSystems Information Classification Policy and are not shared with external parties.
OutSystems security documentation, including ISO certificates, SOC 2 and HIPAA reports, and Executive Summary of Penetration Test Reports are publicly available to customers, and prospects under NDA here: https://security.outsystems.com/

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
OutSystems has a set of defined policies and procedures regarding software development and change management, aligned with international standards as well as industry best practices, in order to guarantee that all changes are authorized, designed, developed, configured, documented, tested, approved, and implemented in accordance with security commitments and requirements.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
OutSystems maintains vulnerability and patch management policies and procedures ensuring all vulnerabilities are promptly identified, prioritized and mitigated.
OutSystems proactively monitors reputable industry sources for security vulnerabilities in the technology stacks, and uses standard risk rating methodologies to plan an appropriate response. More information available here: https://success.outsystems.com/Support/Security/Vulnerabilities
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
OutSystems Sentry offer includes extended monitoring of the OutSystems Cloud servers and a log review practice, following daily operational security procedures and checklists. This enhances the detection of attempts to breach the system security, further protecting the systems from both external parties and rogue employees. The OutSystems CSIRT uses a combination of tools, including security information and event management (SIEM), and administrative procedures to handle alarms and logs of systems such as OutSystems platform, operating systems, database, anti-virus, intrusion detection system, file integrity monitoring.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
OutSystems has defined internal policies and procedures regarding security incidents, to ensure all suspected information security incidents are reported promptly and that the correct procedures are performed to respond appropriately to security incidents.

More details about the OutSystems Computer Security Incident Response Team (OutSystems CSIRT) are available here - https://www.outsystems.com/compliance/csirt/

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

Social Value

Social Value

  • Fighting climate change
  • Equal opportunity

Fighting climate change

A core value driver of Outsystems is enabling more efficient use of available resources for any organisation, thus very often capturing opportunities to reduce an organisations carbon footprint.

Equal opportunity

Outsystems platform has a lower skills barrier to entry than "traditional" application development approaches, creating greater opportunity for all to start and/or excel in their technology career.

Pricing

Price
£78,300 a licence a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
The Personal Environment is the free, cloud-based version of OutSystems. It allows you to create, deploy, and run your personal applications. Once created, its address and status will always be accessible at your Platform Home page. Accounts are recycled if not developed in for an extended time frame.
Link to free trial
https://www.outsystems.com/low-code-platform/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ben.bisley@outsystems.com. Tell them what format you need. It will help if you say what assistive technology you use.