Softcat Limited

Automation Anywhere Success Platform

The third generation of the Automation Success Platform from Automation Anywhere seamlessly integrates 20+ years of cloud-native robotic process automation with intelligent automation, document automation, process mining, automated development capability, API integration, automation co-pilot, benefits tracking, Generative AI, artificial intelligence, and DevOps to provide the most advanced AI-powered automation layer.

Features

• Harness AI, RPA, APIs, to rapidly create and deliver automations

Benefits

• Successful deployments in NHS, Local Government, Central Government and Education

£600 to £8,000 a unit a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at psitq@softcat.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

395704102447886

Contact

Charles Harrison
01628 403403
psitq@softcat.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Extension to any Windows or web-based application. The platform's purpose is to automate complex business processes that are conducted within one or many of these systems. For certain applications, such as Microsoft Excel, Salesforce, ServiceNow and Workday, we have specific integrations that make Automation Anywhere an extension of those platforms.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Whilst the Automation Anywhere Control Room can be accessed from any device supporting a modern web browser, bots can only be run on a Windows (7, 8, 10,11 and Server) machine, therefore the platform can only automate applications that are supported by that operating system. Details of this can be found below: https://docs.automationanywhere.com/bundle/enterprise-v2019/page/enterprise-cloud/topics/deployment-planning/on-prem-install/cloud-bot-agent-compatibility.html. The Automation Anywhere platform is available in 3 possible deployment models. Details about the models can be found below: https://docs.automationanywhere.com/bundle/enterprise-v2019/page/enterprise-cloud/topics/migration/choose-deployment-model.html
• System requirements:
  • Virtual or physical client/desktop machines for runnning automation
  • Virtual/physical servers for hosting Control Rooms (if on-premise deployment)
  • Bot Creator / Runner licenses for executing and build automation
  • 5Mbps (20Mbps or greater preferred) Internet connection
  • 1Gbps or greater IPV4/IPV6 LAN
  • Windows Operating systems (W10+, WS2012+) for running automation
  • CPU (i3 2.6 GHz) with 4 multi-core or higher, 64-bit
  • Two extra cores for every additional user on machine

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The SLA for average first response time depends on severity levels and support offerings . At date of application, we are 99% compliant on the average first response. Complete Support SLA Details based on different models available here: https://www.automationanywhere.com/legal/technical-support-terms
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Unknown
• Onsite support: Yes, at extra cost
• Support levels: Our award-winning products are backed by a worldwide team of highly trained and experienced technical support engineers to meet the needs of the modern enterprise, no matter where your applications are deployed. The “Orange” Support Plan is included in your subscription and features business hours support through the customer portal as well as through our fully AI-enabled search across our extensive knowledge base, community support forums via our Pathfinder Community, and our product documentation repositories. Organisations can invest in premium support to benefit from Tighter Target Initial Responses, Architecture Consultation, Sandbox Setup and Implementation, Upgrade, and Installation Assistance, Access to the Premium Support Team, Premium Field Alerts, RCA for Severity 1 Case, Premium A-People Community Access and more. SLA: Severity 1 Initial Response: 4 hours, 2 hours, 1 hour, or 15 minutes, based on Support Model Selected SLA: Severity 2 Initial Response: 4 business hours, 2 business hours, or 1 business hours based on Support Model Selected SLA: Severity 3 Initial Response: 12 business hours, 8 business hours, 4 business hours based on Support Model Selected SLA: Severity 4 Initial Response: 16-8 business hours depending on Support Model Selected Complete Support SLA Details based on different models available here: https://www.automationanywhere.com/legal/technical-support-terms
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Firstly, we provide a Community Edition which is our free software solution to try out and get hands-on. To support this, we have the Automation Anywhere University providing free e-learning modules as well as our own YouTube channel and plenty resources on our website. (https://university.automationanywhere.com) (https://www.youtube.com/c/Automationanywhere) and resource page (https://www.automationanywhere.com/resources/asset-library). We have a complete onboarding service wherein right from being assigned product license to usage training and analysis or consultancy for an Intelligent Automation program is provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Video tutorials
  • E-Learning
• End-of-contract data extraction: All Data can be extracted in the form of Bot Files and other Database Files. As such, Automation Anywhere only stores Audit Logs, User Role-Based Access Details, Training data for document data extraction and Bot Insight analytics. Customers can ask for Audit Log and Database files during the offboarding process.
• End-of-contract process: Automation Anywhere will keep customer data, configs (bots), Document Extraction data, and most logs for 30 days after the customer’s subscription ends. Some logs may be kept for up to 180 days after the customer’s subscription ends. Full details of the data retention policy can be found here in our Data Processing Addendum: automationanywhere.com/support/DPA.pdf

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Users on mobile devices interact with bots via our co-pilot solution which is web-based. Bots won't execute on mobile devices, only windows machines.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Automation Anywhere has an API (Application Programming Interface) that allows users to deploy bots, manage files, administrate users and more. This is accessible through the REST protocol and allows full programmatic access to the platform.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: We have undergone the "Voluntary Product Accessibility Template" Test for our product/service conforms with Section 508 of the Rehabilitation Act of 1973
• API: Yes
• What users can and can't do using the API: The Automation Anywhere Control Room provides various APIs that allow you to customize the way that you (and your bots) interact with Automation Anywhere. Users can perform tasks such as manage bot deployments, create and manage credentials in the Credential Vault, create and manage user accounts and roles, and create and manage queues. More detailed information: https://docs.automationanywhere.com/bundle/enterprise-v2019/page/enterprise-cloud/topics/control-room/control-room-api/cloud-control-room-apis.html
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users cannot customise the source code of the platform. However, through the user interface, end users can build customised automated processes, custom document automation models, and custom forms via our co-pilot solution.

Scaling

• Independence of resources: We have a performance check in place and we offer credits if we fail to maintain a 99.9% uptime. We currently have extremely low 0.001 milisec latency. Our Cloud Ops team constantly monitors and manages the resources. Each User has its own individual Tenant ID and each tenant's performance will not be affected by another.

Analytics

• Service usage metrics: Yes
• Metrics types: Automation Anywhere maintains a Cloud status website available at status.automationanywhere.digital for its users. We do not provide service usage matrix as a function of pricing, as our pricing is not dependent on the hours used. Certain reports can be requested or are shared proactively by Customer Success Managers
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Automation Anywhere

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Data is protected during transmissions between a customer's network and the cloud service, including through Transport Layer Encryption (TLS) leveraging at least 2048-bit RSA server certificates and 128-bit symmetric encryption keys at a minimum. Additionally, all data, including Customer Data, is transmitted between data centers for replication purposes across a dedicated, encrypted link utilizing AES-256 encryption. Customer data is protected at rest across all data storage facilities using asymmetric encryption with AES-256 bit keys.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: BotFiles are JAVA based and exported in a zip file. Audit Logs and Bot Insights data can be exported as XML, CSV or PDFs.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XMLs
  • PDFs
  • JAVA
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Word
  • Database Files
  • HTML
  • PDFs
  • Images
  • XLS
  • CSV, TXT

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Automation Anywhere practices layered approach to network segregation with controls at each layer. Public subnet(s) shields the internal private subnet(s) from direct internet access. Sensitive data and/or other information assets are deployed on the internal private subnets only, where there is no direct access to the internet. The only access to those assets is from select authorized hosts, restricted by network layer access control lists (ACLs), virtual private cloud (VPC) routing, and firewall rules as relevant. Within the private subnet, lateral propagation is also restricted based on business needs. We control access to our sensitive networks on a need-basis only.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Cloud infrastructure is configured based on industry and vendor-specific security best practices to ensure that misconfigured resources do not result in data exposure. In addition to security configuration, all cloud resources including virtual machines, 3rd party software components, and applications are regularly scanned for security vulnerability and prioritized/remediated in accordance with defined SLAs. Network access to infrastructure and cloud application is limited to approved TCP/IP ports and VPN connected devices. To detect security threats, Intrusion Detections, and Prevention Systems (IPS) are deployed across all cloud environments. DDoS protection is deployed to protected Automation Anywhere cloud services against the availability attack.

Availability and resilience

• Guaranteed availability: We offer Availability Service Level Credits for failure to meet 99.90% Service Availability as per our availability service level terms here: https://www.automationanywhere.com/uptime-availability-SLA
• Approach to resilience: All our Services have High-availability and Disaster recovery. Automation Anywhere maintains emergency and contingency plans and has ISO 22301 BCMS certification. High Availability: Each regional data centre presence Is designed with application-level high availability and highly available public cloud services across the region. Automation Anywhere follows industry standards best practices with a cloud uptime SLA of 99.9%. Disaster Recovery: Backups are taken and maintained in an encrypted format to restore the service in the case of a disaster. Backups are taken every 6 hours to another location. If a disaster is declared for the primary location, a secondary location is instantiated for all tenants using the backup taken every 6 hours. The current objectives for this recovery are: • RTO (Recovery Time Objective): Time to get a new location up and running with the last backup data restored = 6 hours. • RPO (Recovery Point Objective): The maximum duration for data loss during a restore = 6 hours.
• Outage reporting: We have a status page where all service statuses are updated in real-time. Status Page: https://status.automationanywhere.digital/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: The Control Room implements Separation of Duties through a configurable Role-Based Access Control (RBAC) capability, addressing NIST AC 2, 3, 5 and 6. Default Admin role is available. The role-based accessibility model ensures each User has console-access, to view information or data that is relevant to the role assigned by the Control Room Administrator. User Roles and relevant privileges are assigned from the Security Console. One can create as many different roles as required and we also publish a permission matrix on documentation portal to enable you to create a combination of roles and permissions that suit your organizational requirements.
• Access restrictions in management interfaces and support channels: Access is deny-all and allow by exception based on roles, domains as defined in Role-based Access Control (RBAC). These roles can also be limited to specific groups. e.g. Only those users who have access to User Management will be able to manage users in system. Authorized users can assign various combinations of these access rights to different sets of users and roles, as the business requires.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Key security areas to protect cloud data include identity and access management (IAM), logging and monitoring, infrastructure security, application security, data protection, and incident response. Identity is the cornerstone of cloud security, defining what access is required for each cloud entity. Automation Anywhere implements access controls based on the principle of least privilege, applying fine-grained permissions to all cloud entities. All cloud entities that access the underlying infrastructure have specifically defined roles ensuring that the attack surface of the cloud environment is minimized.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 07/09/2020
• What the ISO/IEC 27001 doesn’t cover: "Scope of Registration: The Information Security Management System at Automation Anywhere encompasses all information assets and processes utilized for deployment, maintenance and management of cloud infrastructure required to support the product stack for the customers and provision of IT infrastructure management services provided by Information Technology, Information Technology Cloud Solutions and Cloud Operations team."
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 25/03/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: This is for all our product suite as well as cloud service. i.e. Software as a service.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • All Certifications can be viewed at: https://www.automationanywhere.com/compliance-portal
  • SOC 1 & SOC 2 compliance
  • FISMA moderate controls
  • PCI-DSS
  • SOX
  • HIPAA
  • ISO 22301:2019
  • ISO 27001:2013
  • Veracode Verified
  • HITRUST

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Automation Anywhere cloud services are protected based on industry standards and frameworks like NIST Cybersecurity Framework, Cloud Security Aligns (CSA) Controls AWS Cloud Adaption Framework, Center for Information Security (CIS) baselines, ISO 27001, ISO22301:2019, SOC 2 Type 1+2 and others.
• Information security policies and processes: Automation Anywhere cloud services are protected based on industry standards and frameworks like NIST Cybersecurity Framework, Cloud Security Aligns (CSA) Controls AWS Cloud Adaption Framework, Center for Information Security (CIS) baselines, ISO 27001, SOC 2 Type 1+2 and others. Automation Anywhere is a security- and privacy-focused enterprise. This is reflected in the Automation Anywhere platform. This continued endeavour has resulted in achieving multiple security, business continuity, and data privacy-related certifications. As part of the cloud security framework, there are a few key security areas required to protect the cloud service. They include: • Security program management • Asset management • Access management • Physical and environmental security (access control, availability control) • Application and development • Secure operations • Incident management • Vendor management • Business continuity and disaster recovery. We can also make available our security whitepaper.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All teams at Automation Anywhere follow Agile methodology for delivery and can respond swiftly and effectively to any change that the business demands. A change request works its way from various sources (customers, stakeholders, product vision etc.) to the product backlog as user stories from where the team can pick them up as a part of iterations. The regular show and tell of the ongoing work keeps the stakeholders well informed and helps to make any course correction as and when required. Updates are then released 2-4 times per year.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Cloud infrastructure is configured on industry and vendor-specific security best-practice to ensure misconfigured resources do not result in data exposure. Cloud infrastructure is continuously monitored to meet best practices and any deviation is remediated based on risk to customer data. All cloud resources including virtual machines, 3rd party software, and applications are regularly scanned for security vulnerability and then prioritized and remediated in accordance with defined SLAs. Network access to infrastructure and cloud application limited to approved TCP/IP ports and VPN connected devices. To detect security threats, Intrusion Detections, and Prevention Systems (IPS) are deployed across all cloud environments.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Visibility into activity in cloud environments is critical for monitoring and identifying security events and incidents. All resources in Automation Anywhere cloud are configured to log security events and send them to a centralized SIEM solution. SIEM is used to build a usage baseline of cloud activity to detect deviation, monitor changes to security posture, and correlate threat data which is then investigated by the security team.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Security Incident Management policy and process apply to all incidents resulting from violation of Information Security policies. These include but are not limited to: • attempts to gain unauthorized access to a system or its data • unwanted disruption or denial of service • the unauthorized use of a system for the processing or storage of data Policy and process includes responsibilities and procedures, reporting of security incidents, reporting of weakness & threats, assessment of and decision on information security events, Response to information Security incidents, Priority and Severity Categorization of security breach, Collection of evidence, resolution, learning from incidents

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Softcat are dedicated to reducing our environmental impact and actively promoting sustainability. Our commitment to sustainability is a core aspect of our business strategy, driving us to innovate and lead in the creation of a more sustainable future for our company and the communities we serve. This commitment is embedded in our policies, operating procedures, and training programs.; ; We are proud to be the first FTSE 250 company to be awarded 5-star status in relation to the United Nations Sustainable Development Goals. ; ; We aim to achieve a Carbon Net-Zero Value Circle by 2040 by prioritising renewable energy, reducing natural resource use, minimising waste, and safeguarding biodiversity in compliance with environmental legislation.; ; At Softcat, we have taken significant steps towards securing renewable energy across our organisation, reducing our scope 1 & 2 emissions. We had the target of using 100% Renewable Energy across all our locations by 2024. We successfully delivered against this target ~2 years early.; ; In May 2023 we took delivery of 15 electric vehicles, replacing all existing fossil-fuelled company cars used by employees for business means. The implementation of the EV pool fleet will see a saving of over 80 tons of CO2e per year. A huge impact on our Net Zero targets.

  Tackling economic inequality

  As a value-add reseller, Softcat outsources the products, services, and solutions through our extensive network of partners, to best suit the needs of our broad client base. We always consider and promote SMEs and local providers where appropriate, particularly for the products and services we offer via the G Cloud framework.; ; We remain dedicated to improving employability and educational awareness across schools, colleges, and universities to help break down the barriers to joining technology organisations.; ; We work collaboratively with many schools that are close in proximity to our offices, to ensure we are actively supporting the community as well as schools from lower socio-economic backgrounds. ; ; We visit the schools to talk about the IT sector and the roles in our organisation, as well as promoting work-experience opportunities during the summer. In particular, we actively encourage students from diverse backgrounds to engage in work experience to appreciate the roles available in our sector.; ; For ambitious school and college leavers, a Softcat Apprenticeship is a great first step into the world of work, with 94% of our apprentices offered a permanent position at Softcat post apprenticeships, which goes to show the amazing opportunity available with us.; ; We were ranked 1st in IT & Consultancy, and 10th overall in by RateMyApprenticeship.com - Best 100 Apprenticeship Employers 2023-2024 list.; ; Softcat now also offer 12 month paid internships to University students looking to complete a year in industry as part of their undergraduate studies.

  Equal opportunity

  Our approach to diversity and inclusion is introduced first during our induction training, as part of our Softcat values, outlining responsibility to uphold our principles. This message is reinforced by our process and policies, networks, Allyship Training and Inclusion Awareness campaigns.; ; Softcat supports diversity and inclusion through various networks including:; - Supporting Women in Business (SWIB); - The Ethnic and Cultural Network; - The Pride Network; - The Family Network; - The Empowering Disability and Neurodiversity Network (EDN); - The Faith at Work Network; - Armed Forces & Veterans Network; These networks aim to create a supportive and inclusive work environment for all employees, regardless of gender, ethnicity, sexual orientation, disability, or family commitments.; ; Our allyship programme, Stronger Together, is a mixture of event and workshop-based training available to all staff. Programme topics include, bias, power, privilege, and being a greater ally. ; ; Inclusion Awareness campaigns include race, disability, sexual orientation, gender, faith, and caring responsibilities. These sessions highlight and celebrate minority groups, through panel sessions, Q&A sessions and training, providing an opportunity to discuss and understand ways to be more inclusive. ; ; Our efforts to improve diversity and inclusion have been incredibly successful. Since 2020, the number of female employees below management level has increased to 35%, and the number of ethnic minority employees rose to 17%.

  Wellbeing

  At Softcat, all employees are provided with access to our multidimensional wellbeing programme which includes flexible work arrangements, free nutritious breakfast, mental health support, employee benefits scheme, health and wellbeing week activities, and online workshops.; ; Giving back to the community is an innate part of who we are as a company. All Softcat employees are therefore given two volunteer days per year to support a charitable or community cause. ; ; Each of our 10 regional offices also support local charities through fundraising, donations and events. For example, our Manchester office has raised over £30,000 for the WeLoveMCR charity. This funding has supported young, disadvantaged Manchester citizens in gaining qualifications to broaden their work opportunities and supporting local groups in delivering indispensable services that enable community cohesion.

Pricing

• Price: £600 to £8,000 a unit a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: With Community Edition, students and developers enjoy the benefits of our Automation Anywhere cloud platform for free Leverage the cloud to access state-of-the art enterprise-class technology Instant-on ease of use with drag-and-drop simplicity Build bots at any skill level Step-by-step in-product learning
• Link to free trial: https://www.automationanywhere.com/products/enterprise/community-edition

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at psitq@softcat.com. Tell them what format you need. It will help if you say what assistive technology you use.