Outsystems 11
OutSystems provides the only open, high-productivity application platform (PaaS) that makes it easy to create, deploy and manage enterprise mobile and web applications. OutSystems platform enables rapid delivery of Mobile and Web applications for all devices utilizing responsive web design.
Features
- Application Development
- Low Code
- Development Operations
- Full stack application development
- Mobile development
- Web development
- Artificial Intelligence
- Business process technology
- Automation
Benefits
- Rapid application development
- Full stack application development
- Visual application development
- Built in AI develpoment
- AI assisted development
Pricing
£78,300 a licence a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
3 9 1 7 9 5 8 8 7 5 8 0 8 5 2
Contact
OutSystems Ltd
Ben Bisley
Telephone: +447717661514
Email: ben.bisley@outsystems.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- OutSystems is a visual application development platform which can be used to build enterprise business applications and can also be used to integrate into any third part application and act as an extension to that software service
- Cloud deployment model
-
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud
- Service constraints
- No constraints
- System requirements
- No system requirements if hosted on the OutSystems cloud
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response can be used through multiple channels, i.e. online portal, telephone, email, web chat
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Go to https://www.outsystems.com/, our chatbot will appear and offer support. It will direct you to the correct channel, may it be portal, documentation or telephone support
- Web chat accessibility testing
- None
- Onsite support
- Yes, at extra cost
- Support levels
- OutSystems provides different types of support levels. By default 8x5 support is included in all editions of the platform. Customers also have the chance to purchase Extended or Premier 24x7 support at an additional cost. A technical account manager can also be included at an additional cost.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
OutSystems provides all customers with an intuitive online portal which includes detailed guided paths and training courses to take you from start to finish on which ever certification you aim on completing, whether it be a reactive web developer, mobile developer, UI developer and so many more. It also includes an extensive amount of user documentation and user forums so you will have all the collateral at your fingertips whenever needed.
OutSystems can also provide onsite training. Enjoy a highly interactive hands-on instructor-led experience in a small group of fellow OutSystems professionals. You will deep-dive into OutSystems development and more, with the assistance of a Certified Trainer from OutSystems. These fully immersive instructor-led courses, which can be delivered in a classroom, remotely, or in a hybrid setting (with some participants in the classroom and others remote), are the best way to learn OutSystems. - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- Online portal
- https://success.outsystems.com/documentation/
- End-of-contract data extraction
- It is up to the customer to extract any data before their contract ends. The data is either stored on a SQL or Oracle backend database, and the customer can request a full backup to their database before the contract ends. There are also multiple tools on the OutSystems Forge to extract data,
- End-of-contract process
- See SUBSCRIPTION (section 2) and TERM & TERMINATION (section 8) sections of Outsystems Master Service Agreement.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- Yes
- Compatible operating systems
-
- IOS
- Linux or Unix
- MacOS
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- With OutSystems you can build both mobile and web services. We provide an omnichannel experience
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- The service interface is that same experience as the rest of the development environment interface. One standard interface to make it easier for the users
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- To be confirmed
- API
- Yes
- What users can and can't do using the API
- OutSystems is a development platform, therefore you can expose or consume any API's through the platform. OutSystems provides APIs that allow you to extend the capabilities of your applications. With these APIs you can integrate your applications with external systems, and programmatically access OutSystems features.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- OutSystems is a low code, visual development platform, and therefore all applications developed within OutSystems can be fully customisable in an agile methodology
Scaling
- Independence of resources
- The OutSystems platform is designed for scalability, fully adjustable to the specific requirements of customers. As customer applications grow, whether in number of users, transactions, or volumes of data, to name a few, the platform easily handles the increased loads and demands. The OutSystems architecture supports vertical scalability (increasing the compute capacity of a single component, such as a server) and horizontal scalability (adding more components to distribute the load). As a result, customer applications can scale with virtually no restrictions.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Full Metrics on the use of both the platform and applications designed and landed on the platform. This includes Application Object reporting as well as number of users, sessions and integrations
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- No
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data extraction can be done in multiple ways. Customers have the choice to have their data managed in Microsoft SQL or an Oracle database. Customers also have the ability to request backup copies of their data. OutSystems also offers varies data migration options in our community market place, the Forge - https://www.outsystems.com/forge/list?q=data%20migration&t=&o=most-popular&tr=False&oss=False&c=%20&a=&v=&hd=False&tn=&scat=forge
- Data export formats
-
- CSV
- ODF
- Data import formats
-
- CSV
- ODF
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
Monthly Uptime Percentage is calculated as 100% minus the percentage of Downtime minutes out of the total minutes during that calendar month. Downtime minutes are counted as the number of minutes the Application runtime is not accessible to end users during the Support Access Periods the customer is entitled to. Where the Customer has more than one production runtime environment or stage, Uptime is calculated as the average of the availability of all such runtimes.
Service Remedy: Upon Customer’s timely notice to OutSystems in accordance with the Service Credits Claims process set forth below, if the availability of the OutSystems platform (measured separately for each Software product licensed by Customer when multiple Software products are licensed) for the month falls below the applicable Monthly Uptime Percentage commitment (Service Uptime exclusions apply), then OutSystems will credit to Customer for the next subscription renewal a portion of the subscription fees (measured separately for each Software product licensed by Customer when multiple Software products are licensed), prorated for the month where such failure occurred, as follows (each a “Service Credit”). - Approach to resilience
- Available on request
- Outage reporting
- There are a number of ways OutSystems reports outages, including a public dashboard - https://status.outsystems.com/, an API and email alerts.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
-
OutSystems comes bundled with Identity Service, a built-in Identity Provider (IdP). It provides authentication, authorization, and user management for your organization and apps. As the default IdP, Identity Service is always available.
In addition, you can use an external, self-managed IdP as an authentication provider for your organization and your apps. You can use any IdP that follows the OpenID Connect (OIDC) standard. You can configure most commercial IdPs, such as AzureAD and Okta, to support this standard. ODC supports using PKCE (Proof Key for Code Exchange) with external IdPs for an additional layer of security. - Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Standards Institution
- ISO/IEC 27001 accreditation date
- 10/08/2017
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 07/12/2023
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- None
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- A-LIGN Compliance and Security, Inc. dba A-LIGN
- PCI DSS accreditation date
- 01/12/2022
- What the PCI DSS doesn’t cover
- Multi-tenant provider
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
OutSystems has been certified and attested to confirm compliance with ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 9001 international standards standards, by independent auditors. Moreover, our Sentry offer holds a SOC 2 Type II and HIPAA attestations. Further details about these ISO certifications and SOC attestation and their contribute to OutSystems security practices can be found here: https://www.outsystems.com/compliance
Security policies and similar documents are classified as internal according to the OutSystems Information Classification Policy and are not shared with external parties.
OutSystems security documentation, including ISO certificates, SOC 2 and HIPAA reports, and Executive Summary of Penetration Test Reports are publicly available to customers, and prospects under NDA here: https://security.outsystems.com/
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- OutSystems has a set of defined policies and procedures regarding software development and change management, aligned with international standards as well as industry best practices, in order to guarantee that all changes are authorized, designed, developed, configured, documented, tested, approved, and implemented in accordance with security commitments and requirements.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
OutSystems maintains vulnerability and patch management policies and procedures ensuring all vulnerabilities are promptly identified, prioritized and mitigated.
OutSystems proactively monitors reputable industry sources for security vulnerabilities in the technology stacks, and uses standard risk rating methodologies to plan an appropriate response. More information available here: https://success.outsystems.com/Support/Security/Vulnerabilities - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- OutSystems Sentry offer includes extended monitoring of the OutSystems Cloud servers and a log review practice, following daily operational security procedures and checklists. This enhances the detection of attempts to breach the system security, further protecting the systems from both external parties and rogue employees. The OutSystems CSIRT uses a combination of tools, including security information and event management (SIEM), and administrative procedures to handle alarms and logs of systems such as OutSystems platform, operating systems, database, anti-virus, intrusion detection system, file integrity monitoring.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
OutSystems has defined internal policies and procedures regarding security incidents, to ensure all suspected information security incidents are reported promptly and that the correct procedures are performed to respond appropriately to security incidents.
More details about the OutSystems Computer Security Incident Response Team (OutSystems CSIRT) are available here - https://www.outsystems.com/compliance/csirt/
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- Police National Network (PNN)
- NHS Network (N3)
- Joint Academic Network (JANET)
- Scottish Wide Area Network (SWAN)
- Health and Social Care Network (HSCN)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Equal opportunity
Fighting climate change
A core value driver of Outsystems is enabling more efficient use of available resources for any organisation, thus very often capturing opportunities to reduce an organisations carbon footprint.Equal opportunity
Outsystems platform has a lower skills barrier to entry than "traditional" application development approaches, creating greater opportunity for all to start and/or excel in their technology career.
Pricing
- Price
- £78,300 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- The Personal Environment is the free, cloud-based version of OutSystems. It allows you to create, deploy, and run your personal applications. Once created, its address and status will always be accessible at your Platform Home page. Accounts are recycled if not developed in for an extended time frame.
- Link to free trial
- https://www.outsystems.com/low-code-platform/