NINTEX UK LIMITED

Nintex RPA

The Nintex RPA cloud platform (formerly known as Kryon RPA) sets the standard for secure, scalable, and cost-efficient robotic process automation management and optimisation. It’s also among the most business-user-friendly RPA tools on the market.

Features

• Attended, Unattended and Hybrid Automation
• Low code implementation for Citizen Developers
• Advanced commands, scripts and APIs supported for experienced Developers
• Integration with Process Discovery to import processes to for automation
• Computer Vision to support legacy applications and remote sessions

Benefits

• Single platform to create attended and unattended automations
• Rapid deployment, especially when used in conjunction with Process Discovery
• Ease of development and management
• Automation focus on business processes to shorten time to value
• No direct integration required to automate applications
• Attended automations interact with users to facilitate their daily tasks
• Automate repetitive tasks to free up resources for other activities

£150 to £5,000 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.blackwell@nintex.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

426409398800175

Contact

Paul Blackwell
07793294774
paul.blackwell@nintex.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: NA
• System requirements:
  • Ports need to be open between client ad server
  • License need to be installed on the Server
  • Local Admin right is require for installation
  • Winserver2016 and above to run the Nintex Admin software
  • Win 7 and above require to run the client software

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard SLA 9:00-17:00 5 days a week ; Premuim SLA 24/7
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Two support level ; standard 5 days a week from 9:00-17:00 and premium 24/7(with extra cost)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We offer the following:; online training via our trainer ; online training via our academy; onsite training
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Customers have full access to the platform and can export any automations created to local files. Please note this is an automation platform which orchestrates actions on remote endpoints, as such customer data is not stored within Kryon RPA server.
• End-of-contract process: Upon termination of the Contract, Customer must, as of the date of such termination, immediately cease accessing or otherwise utilizing the Service and Nintex Confidential Information.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Console based on web interface ; Studio- Application-based ; Nintex RPA Admin - Application-based ; Nintex Robot - Application-based
• Accessibility standards: None or don’t know
• Description of accessibility: Web Console Interface - provides visibility of on-going, scheduled and past automation tasks.; The locally installed applications are for the development and design of the automated processes.; The Nintex Robot is what executes the automated processes on the endpoint.
• Accessibility testing: None or don't know
• API: Yes
• What users can and can't do using the API: The user can send a trigger from 3rd party in o rder to trigger robot to execute task ; in the Studio you have the option to use\Call API
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The customer has the option to select what type of package he would like to start with for example Number of the robots, number of Studio number of consoles.; when needed he can customise is package reduce or add as needed

Scaling

• Independence of resources: Cloud customers are provisioned dedicated instances and so other user demands are isolated to their own instances and allocated resources.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics include but not limited to, Tasks currently running, in queue, status and historical activities success/failures. Status of Robots, ie, running, stopped, disconnected, idle and paused.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export the automation wizards as files to exchange with other developers outside the organisation. Within the organisation this isn't necessary as the automation wizards are centrally managed.; ; The contents/structure of the automation wizards can also be exported to a Word or PowerPoint for documentation (and all screenshots can be exported as individual images too).
• Data export formats: Other
• Other data export formats:
  • DOCX
  • PPTX
  • JPEG
  • LWIZ
• Data import formats: Other
• Other data import formats: Nintex Process Discovery Export .PD file

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Nintex will make reasonable efforts to provide an Uptime for the Software of no less than 99.6% in any given calendar year. Measurement of Uptime shall be determined solely by Nintex in accordance with its systems. "Uptime” means the Software is up and available for access, excluding: (a) downtime caused by Licensee’s or Additional Permitted Users’ non-compliance with this Agreement, the Documentation or any Nintex requirements notified to Licensee, including downtime caused by Licensee’s configurations, software, hardware, API, web services or other technologies used by the Licensee; (b) scheduled downtime for maintenance or support; (c) use of the Software that is not in accordance with its documentation or the terms of this Agreement; (d) downtime resulting from denial of service attacks, virus attacks, hacking attempts; (e) any other circumstances that are not within the reasonable control of Nintex, including failure of a third party telecommunications or electricity provider; (f) any failure of Licensee's own hardware, software, system or network connection; (g) Licensee’s bandwidth restrictions; and/or (h) non-availability of certain features or functions of the Software that do not materially impair its use. Nintex shall provide reports regarding Uptime upon reasonable request by Licensee.
• Approach to resilience: Available on request
• Outage reporting: Email Alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: SSO and LDAP integration is also supported
• Access restrictions in management interfaces and support channels: Role based access is controlled by the administrators of the platform. They can control the access level (of each account) and manage which teams they access to.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: SSO and LDAP integration is also supported

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The Standards Institute of Israel
• ISO/IEC 27001 accreditation date: 29/11/2018
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001
  • SOC 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Nintex is committed to the information security program. The management will provide the necessary resources to sustain the program including people, tools, processes, procedures, and education. This program includes the Cyber Security and Privacy requirements. Nintex will maintain an inventory of all its information assets, regardless of its physical and geographical location. All assets will be classified, to ensure that all information receives an appropriate level of protection, including encryption and hardening when required. Nintex's Information Security plan will be driven by an ongoing assessment of the risks posting its information assets and to ensure: - Employees, contractors, partners, and vendors understand their security responsibilities. - Only authorized users will have access to its information assets and services. - Information security will be designed and implemented within the whole development lifecycle. - It will review on a regular basis the existing of cyber security and privacy program in the organization, learn and apply it. - Every employee works to prevent information security incidents from occurring. Should an incident take place, we will swiftly implement appropriate actions, including those preventing recurrence. - Its partners, suppliers, and contractors will maintain adequate security measurements to secure of Nintex and its customer's information.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change management process is instigated by raising a request typically by the IT or the business owner. · The change request should be provided following a business requirement and specify the associated systems. · The Security Team should identify the systems which should support the request and addresses the change request. · Implementation details might be added to the request. · Each planned change request should be evaluated to assess its risk, compliance, and business justification. · People from different disciplines might be involved in the process (dependent on the risk). · The CTO should approve all high risks requests.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Threats and vulnerabilities are identified using the catalogs included in the Risk Assessment Table. We have a structured process utilizing Snyk and WhiteSource vulnerability identification solutions to continuously scan our installation packages, binaries, 3rd party components, and run-time environments. We are sharing an aggregated report once a month that summarizes the scan results. When a vulnerability is identified, we evaluate its severity based on the common industry measures CVE – if the vulnerability is set as high we alert within 48 hours from identification and issue a patch within 7 working days.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: In addition third-party independent annual penetration testing we follow OWASP protocols to identify any risk of compromise and prevent it accordingly. For any potential compromise, we will follow our Incident Management procedure to investigate and resolve.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The person who discovers or suspects the security/privacy incident will e-mail company CISO, or whoever is on call in his place, with “INCIDENT REPORT” in the Subject line. The incident is then classified: 2.3.1 Information Security: Information lost / stolen / encrypted 2.3.2 Information Security: Privacy or Security Breach 2.3.3 Information Security: Risk Notification/Non Compliance 2.3.4 Information Security: Suspicious Activity A “short incident report (SIR)” is created and is the basis for escalation or for documentation purposes in the case that the incident turns out to be a false positive.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  As a technology, RPA excels in automating repetitive, rule-based tasks, which not only increases operational efficiency but also minimises errors and waste. In the context of environmental sustainability, RPA can be applied to optimise energy management systems, reducing energy consumption in offices and production facilities. A robot consumes less than a human doing the same task.

Pricing

• Price: £150 to £5,000 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.blackwell@nintex.com. Tell them what format you need. It will help if you say what assistive technology you use.