BLUE PRISM LIMITED

SS&C Blue Prism Chorus Business Process Management (BPM) & Intelligent Automation (IA)

The SS&C Blue Prism Business Process Management (BPM) platform, known as Chorus, helps business's orchestrate mission-critical processes at enterprise scale, better engage with customers, improve operational efficiencies, cut costs and reduce risk.

Features

• Work orchestration.
• Rules management.
• Multi-experience communication.
• Content management.
• Case management.
• Operational analytics.

Benefits

• Better customer journeys
• Accelerate processing
• Mitigate operational risk
• Enforce compliance
• Automate work and decisions
• Manage workflows end-to-end
• Integrate applications
• Automatically check quality
• Monitor all work in one place

£45,710.00 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.lockett@sscinc.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

431141498174308

Contact

Mark Lockett
07917 588254
mark.lockett@sscinc.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: None
• System requirements: Web browser-based supporting HTML5 and CSS on Chrome or Edge.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 30 mins
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Service Hours are per client level contracts. ; ; Currently the standard is 00:00 Mon – 23:59 Friday for system operations, regardless of geographical location. ; ; SLAs for system availability are typically 99%. However these can be increased or decreased and are subject to contractual agreement.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Computer-based training on SS&C Blue Prism University is available at no cost.; ; Training through trainers and partners is available at daily/hourly rates.; ; Full documentation is made available online
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: SS&C Blue Prism have tools to extract data from the systems prior to contract end, and the Professional Services team will work with the customer to complete this exercise
• End-of-contract process: The data that is held in Chorus is likely needed long term and is likely to be migrated to another system. ; ; As such SS&C has tools and capabilities to support the migration and End-of-Contract process. This will be subject to further engagement with SS&C for any additional services.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: SS&C Chorus features are securely accessed via Web Browser based application
• Accessibility standards: None or don’t know
• Description of accessibility: Chorus provides the ability to centrally control user access to the various layers of system capability, as follows:; ; -Resource Access Privilege; Users may be given privileges via Security Groups. ; ; -Work Privilege; Control privileges to work, from view only to full update capabilities. ; ; -Image/source level Security ; Security can be administered at the image/source level.; ; -Work routing ; Route specific transactions for additional review. ; ; -Auto and Manual follow ups; ; -Process Design/Development; Assign privileges/access to design studio according to their role allowing for the right people to access the right workspace and the right functionality within the workspace.
• Accessibility testing: The Chorus processor uses keyboard navigation including hot keys to assist with accessibility. Visualizations of data need to be easy to understand, legible which the new Chorus processor workspace, plus work tiles are moveable and enlargeable. Chorus supported browsers can integrate with several screen reader products available in the marketplace:; ; • JAWS from Freedom Scientific; • BRLTTY; • CDesk ; • Eye-Pal; • Dolphin GuideConnect; • System Access from Pneuma Solutions; • ZoomText Magnifier/Reader ; • Accessibility Toolbars: All browsers have an accessibility bar that can be turned on to assist with accessibility.
• API: Yes
• What users can and can't do using the API: Using web services, Chorus can connect to almost any third-party software. Data from third-party systems can be integrated by calling out to that system to bring data into the Chorus process. Chorus’s integration model is through SOAP and REST based services. Chorus provides a full suite of SOAP and REST based interfaces that allow external systems to perform any of the activities available through the Chorus UI for processing activities (search, create, update of instances). In addition, an outside system can update and create objects within Chorus through the REST or SOAP interfaces.; ; Conversely, Chorus processes can access open web services provided by external systems. Other solutions can integrate to Chorus to create process instances or inquire on current states of existing processing items.; ; There are over 400 API methods published that developers can use to connect and interact with the Chorus platform.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Within Chorus, the UX Builder component allows users to extend and accelerate ability to create bespoke UIs. ; ; UX Builder enables business users to rapidly create high-quality customer experiences and internal applications with no-code. ; ; UX Builder unifies the form design capability in Chorus, and brings in elements such as drag-and-drop into multi-page digital experiences, including:; - Data tables; - Charts; - Navigation ; - Multimedia; ; The forms, webpages and applications created in UX Builder will be powered by Services configured in Chorus Design Studio, enabling clients to control interactivity, automation, and system integrations. Clients will be able to add custom data tables for their UX Builder applications to store and retrieve records beyond work objects, providing substantial flexibility in solving for different types of use cases.

Scaling

• Independence of resources: The AWS Infrastructure is deployed as a high availability implementation deployed in an active/active configuration across at minimum of two datacentres with automated failover of any failed infrastructure between datacentres. This includes the database, network, all servers and storage. This configuration will incur zero RTO/RPO in a typical DR event.

Analytics

• Service usage metrics: Yes
• Metrics types: The solution tracks all processes that have been completed, by whom, & where/when. This information is available in a data warehouse which can be reported against or exported
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Access to data within side the solution is controlled by user privileges. ; Certain aspects of the data can be downloaded into a .CSV format, whereas other parts of the data can be pushed into a data lake where appropriate.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: BPMN

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Based on contractual terms; 97-99.9%
• Approach to resilience: The AWS Infrastructure is deployed either:; - As a high availability implementation deployed in an active/active configuration across at minimum of two datacentres with automated failover of any failed infrastructure between datacentres. This includes the database, network, all servers and storage. This configuration will incur zero RTO/RPO in a typical DR event.; - As a low cost, low resilience configuration deployed across multiple datacenters in the exact same architecture as a high availability configuration, but with only single node cluster sizes. With this configuration in the event of a machine failure the system will auto replace the failed server in either available datacenter by instantiating a new (e.g. cold) virtual server. This configuration will typically incur a 15 minute outage in a DR event being the time to detect a failure and deploy a new server. For SS&C Ops the BCP is tested this includes remote working days for key staff.; The high resilience configuration has a RTO/RPO objective of 120 seconds or less for both metrics.; The low resilience configuration has an RTO objective of 15 minutes or less with an RPO objective of 120 second or less.
• Outage reporting: All Chorus Public Cloud infrastructure, application stack and network traffic is monitored with IDS, Endpoint Security, activity logging, vulnerability scanning etc. This includes 24x7 SOC and automated alerting.; - The service is monitored by AWS, Lacework, Sophos and Qualys security tools/stacks.; - Systems are in place but only visible to vendor; ; A health check dashboard is available with email and text alerting support

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Chorus central control user access to the various layers of system capability:; - Resource Access Privilege Users given privileges or limitations to resources via Security Groups. ; -Work Privilege Users/roles given privileges or limitations to work, from view only to full update capabilities.; -Image Security Can be administered at the image/source level. ; -Work routing provides the ability to establish parameters to route specific transactions for additional review.; -Auto/Manual follow ups The system allows for auto/manual follow ups removing the need for a manual management of these as part of the process. ; -Process Design/Development: access to design studio according to role
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 21/01/2010
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: From a hosting perspective, both public and private cloud options provide hosting in securely maintained facilities—all audited to SOC 3 standards.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: SS&C follow an ITIL methodology.; ; SS&C's formal Change Management process requires that all change requests be logged, tested, reviewed, and approved prior to implementation. ; ; Weekly change review meetings are held to discuss the all proposed changes. ; ; Once items are approved, they are released into production by the specified Implementer, and then post-implementation verification is performed by the specified Verifier. ; ; All change tickets contain rollback instructions
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our Information Security Program’s vulnerability management is multi-faceted/layered, and takes a risk based approach. ; ; We perform network, O/S, application, and database scans on our internal and external computing environments. ; ; Utilizing tier one vulnerability management solutions to perform vulnerability verification, remediation recommendations and verification of resolved issues. ; ; Scans on internal and external IPs on our network on a weekly basis by Qualys Vulnerability Scanner. ; ; Application assessments are performed continuously by an independent third party as well as internal scanning resources. ; ; We contract with a third-party security vendor, at least an annual basis, to complete enterprise penetration testing against our global network.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The SS&C Chorus environment is monitored real-time using a number of open source and custom tools that provide real-time statistics, evaluation of processing, throughput and predictive analysis of the environments. Tools used for monitoring the SS&C managed environments include Splunk, BigIP, Veracode Dynamic Scanning, and Qualys. ; ; All systems are monitored continuously 24/7 using commercial and self-developed monitoring tools. This includes operating systems, networking, database, application and associated components. ; ; SS&C provide SLA based information on a regularly scheduled basis. Up time, throughput, and performance metrics are available.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Under Blue Prism's ISO/IEC 27001:2013 compliant ISMS, every single security Incident is logged, tracked, managed, and resolved under a documented process. Blue Prism operates a no-blame policy ensuring that all issues are immediately reported and the Incident Management process is initiated at point of reporting. Blue Prism has a comprehensive IS strategy and documented policies across a number of areas such as employee vetting, etc. Security and Vulnerability Assessments are carried out periodically which validate the appropriateness of controls which are in place and these include input validation and sanitisation; authentication and access control; audit; and management of sensitive information.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  SS&C Blue Prism University is offered cost free to everyone, anywhere, anytime. You will receive world-class intelligent automation training and learn how to apply cutting-edge AI capabilities to automation. You'll also gain highly desirable RPA skills and the confidence to successfully deliver them. We are proud to offer free-to-access training for everyone to acquire digital skills which will help people improve their confidence to use technology for work, learning and daily life. Raising digital skills will help the UK move towards a high skill, high wage economy, benefitting individuals as well as the UK more widely, helping to tackle economic inequality.

  Equal opportunity

  SS&C Blue Prism University is offered cost free to everyone, anywhere, anytime, giving everyone the equal opportunity to gain digital skills. You will receive world-class intelligent automation training and learn how to apply cutting-edge AI capabilities to automation. You'll also gain highly desirable RPA skills and the confidence to successfully deliver them. We are proud to offer free-to-access training for everyone to acquire digital skills which will help people improve their confidence to use technology for work, learning and daily life.

  Wellbeing

  SS&C Blue Prism believes that understanding what affects our overall wellbeing as individuals, families, communities, and a nation is increasingly important for managing our social, environmental and economic value, and our overall impact as an organisation. SS&C Blue Prism software is designed with the future of work in mind and is intended to remove the monotonous and tedious tasks in people’s everyday work lives, enabling individuals to focus on higher value tasks, making their roles more rewarding and interesting and giving them back time to prioritise self-care and wellbeing.

Pricing

• Price: £45,710.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.lockett@sscinc.com. Tell them what format you need. It will help if you say what assistive technology you use.