Acorn Recruitment Ltd

Cloud Software

Our Service is a cutting-edge solution framework that integrates automation and artificial intelligence to revolutionise document and data operational processing. Solutions use Intelligent Automation and Artificial Intelligence (IA/AI) utilising REAVA™ (Retrieve, Extract, Analysis, Valid, Action) framework, customised to meet operational challenges.

Features

• Retrieve: Automation retrieves information from systems, source data and repositories.
• Extract: Utilises AI tools to accurately retrieve structured/unstructured data.
• Analysis: IA/AI performs analysis for minimal retrieval dataset
• Validate: Ensuring data accuracy, amending content including human interface
• Action: Decisioning to deliver business outcomes, triggers or application updates
• Real-Time Reporting: Services provides operational reports in real time
• Custom Workflows: Tailor workflows for each business process
• Scalability and Elasticity: Dynamically scales resources based on demand.
• Security and Compliance: Robust security measures protect sensitive data.
• User-Friendly Interface: Enables business exception interaction with automation

Benefits

• Operational Efficiency: Significantly reduces manual effort, increased productivity
• Accuracy and Consistency: Reduced Errors and output conformity
• Consistent Results: Predefined rules & decision making ensuring uniform outcomes.
• Improved Customer Experience: Faster process completion with completed structured outputs
• Custom Workflows: Tailor workflows for specific business needs.
• Personalisation: Delivers tailor services & communications for wide operational use.
• Cost Savings: Resource Optimisation and removal delivering enhanced cost savings.
• Efficient Resource Allocation: Reduced operational budgets as less user activities.
• Enhanced Decision-Making: Prebuild business rules for objective, consistent outcomes.
• Compliance and Security: Ensures Data Protection, Audit Trails, Diagnostics

£20.00 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Stephen.newman@acornpeople.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

439630489782604

Contact

Stephen Newman
+447810798186
Stephen.newman@acornpeople.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: ERP, CRM, Operational Systems, RPA Tools, Automation tools, AI tools, Bespoke systems
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Yes - Constraints might include planned maintenance arrangements or support being limited to specific hardware configurations.; We provide a 99.99% uptime with pre planned periods; We action critical ad-hoc maintenance periods. These are all provided against agreed SLA's with the client to ensure minimal impact to the daily operational activities. We offer up to 24 x 7 support services.
• System requirements:
  • Servers for application and robots
  • VM's
  • Automation licenses
  • Openai api
  • AWS or Azure support infrastructure

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response Times - General questions:; Normal Business Hours 2 Hours.; After hours/Weekends/Public Holidays 4 Hours.; ; Response Times - Service Delivery:; Severity Level Response Time Coverage Target Resolution; Severity Level 1 15 Minutes from notice. 7 days/wk Work continuously on workaround during normal business hours to correct Error.; Severity Level 2 1 Hour from notice. 7 days/wk Target of 3 business days to install a workaround.; Severity Level 3 1 business day from notice. 7 days/wk Target of 5 business days to install a workaround.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We use Zoho Help desk and WhatsApp where assistive testing has already been carried out.
• Onsite support: Onsite support
• Support levels: Response Times:; For general questions, we respond within 2 hours during normal business hours; ; For Service deliver questions, relating to System Service Performance:; Severity Level Response Time Coverage Target Resolution; Severity Level 1 15 Minutes from notice. 7 days/wk Work on a workaround continuously during normal business hours to correct the Error until it is able to implement a workaround.; Severity Level 2 1 Hour from notice. 7 days/wk Target of 3 business days to install a workaround.; Severity Level 3 1 business day from notice. 7 days/wk Target of 5 business days to install a workaround.; ; We provide bespoke service levels which are negotiated for the specific solution we provide, utilising the definitions above. ; ; For all solutions we provide a technical account manager together with access to our development team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The power of the solution is that it is business user centric and as such, is built using CX design methodologies. For each solution, we create a comprehensive document descripting how to use the solution which includes a step by step, diagrammed guide.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Doc
  • Docx
• End-of-contract data extraction: The solution is designed so that personal, department or organisation operational data is not retained. The only information that is held within the system is:; . User login data; . System logs; ; During off boarding, the organisation and individual users will be given the opportunity to have the data retrieved. We will undertake the actions to retrieve and supply the information together with a Certificate of Confirmation that all data has been purged from our systems.
• End-of-contract process: Our FREE structured offboarding process ensures a secure and smooth transition:; ; Assessment and Planning; . Detailed offboarding plan outlining tasks, timelines, responsibilities, communications.; ; Data and Application Extraction; . Identify client data owners and extraction needs. ; . Confirm data format and security during extraction.; . Securely provide client data, confirm receipt and restoration.; . Delete all client data ; . Send confirmation Certificate of Confirmation with deletion logs.; ; Configuration and Customisation Removal; . Archive when requested; . Disable/remove client configurations and integrations.; . Perform deactivation validations; ; Contractual and Financial Closure; . Review contractual obligations.; . Complete financial reconciliation.; . Provide documentation confirming service termination.; ; Communication and Stakeholder Management; . Maintain open and transparent communication throughout offboarding.; . Notify all stakeholders of offboarding plan with timelines.; ; Security and Compliance Measures; . Implement security protocols for client data disposal.; . Conduct assessments to verify regulation compliance.; . Provide compliance evidence to client.; ; Service Decommissioning; . Follow approved decommission ramp down plan.; . Disable user accounts, access permissions, API keys when needed.; . Shut down or deprovision resources and infrastructure when needed.; ; Post-Offboarding Support and Feedback; Offer post-offboarding support to client.; Gather client feedback from the client regarding their experience.; Document lessons learned.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Utilising a web browser or custom applications can be build specifically for the client.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: We provide a service interface to enable seamless integration into a clients retrieval and deliver systems. These are typically via api's for the systems.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We provide a service portal where webchat can be initiated. We also set up a dedicated WhatsApp encrypted message service for our clients.
• API: Yes
• What users can and can't do using the API: Users can only submit text data via the APIs. The APIs are only used to GET and POST submissions from and to a form application. A form is used to submit text data, which passes through our API and translated by an automation. Responses from out automation is then sent back as text via the API to generate a form for the end user to review. There is no additional functionality which the users are able to use as the API is locked down to pass text data from system to system.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can request to create new forms, amend existing forms and the data being passed in between our services and their screens. Users can also customise minor cosmetic elements such as colour and logo but any major template changes cannot be changed. Only the Mobile Cloud team can make these changes as all systems which form part of this service are strictly controlled through roles and permissions. Users only have the ability to submit form data and read form data responses via the screen.

Scaling

• Independence of resources: We ensure user demand is met by:; Scalable Design: Full scalable solution design.; Scalable Infrastructure: Implement dynamic, scalable infrastructure on demand.; Resource Isolation: Solution configuration to ensure individual users are not affected.; Individual Tenants: Design/build autonomous instances for large clients.; Quality of Service (QoS) Controls: Controls prioritise critical tasks through scheduling and resource allocation.; Load Balancing: Our partners offer load balancing as part of the service.; Monitoring/Performance Optimisation: Monitoring system and user activity to identify bottlenecks, optimise resources, proactive maintenance.; Service Level Agreements (SLAs): Define and enforce SLAs that specify performance targets, availability guarantees, and support response times.

Analytics

• Service usage metrics: Yes
• Metrics types: We create custom reporting for each client to meet their requirements for Service usage and management; Throughput volumetrics, volumetrics per user, Infrastructure and/or application metrics such as uptime, utilisation etc and a wide range of other metrics can be set up on request.
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Blue Prism, UiPath, Automation anywhere and Microsoft.

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Username and Password for accessing Physical devices. Public and Private Keys for accessing Virtual devices. Data encryption on devices which store data such as databases.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The solution is designed so that personal, department or organisation operational data is not retained. The only information that is held within the system is:; . User login data; . System logs; ; During off boarding, the organisation and individual users will be given the opportunity to have the data retrieved. We will undertake the actions to retrieve and supply the information together with a Certificate of Confirmation that all data has been purged from our systems.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • PDF
  • JSON
  • DOCX,
  • XLSX
  • Others on request
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • PDF
  • JSON
  • DOCX
  • XLSX
  • Others on request

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: AES-256 AesCryptoService (Automation Data) or HMAC256 (Hub & Interact); HMAC256 (Hub & Interact)

Availability and resilience

• Guaranteed availability: Our service levels are a minimum of 99.99%. Higher levels of SLA uptime are available on request. Service is defined at contract including a structured process for refunding when SLA’s are not met:; ; SLA Agreement: Contractual agreement specifying levels and compensation policy if SLA breached.; Monitoring and Measurement: Performance and system availability using robust monitoring tools and techniques. This allows us to track uptime metrics accurately and identify SLA breaches.; SLA Breach Identification: In the event of an SLA breach, we promptly notify the client. We provide transparent and detailed information about the breach, its impact on their services, and mitigating actions.; Refund Calculation: Compensation calculation based on severity and duration of the breach, as defined in the SLA agreement. This may involve prorating the client's subscription fee for the affected downtime period.; Refund Process: Once calculate, we initiative the compensation prepayment process. Depending on Agreement, refunds are issued as credits towards future services, client payment or mutually agreed arrangements.; Client Communication: Throughout the refund process, we maintain open and transparent communication. We provide regular updates on the status of the refund, acknowledge any concerns or feedback they may have, and ensure that they are satisfied with the resolution.
• Approach to resilience: Our services on Azure or AWS are high resilience, ensuring assets protection. Infrastructure availability is 24/7. We utilised Azure/AWS best practises to ensure correct set up and operational resilience:; ; Cloud Provider Redundancy: Our services leverage Azure/AWS redundancy and high availability features. Services are served from one UK region, multi-location available.; ; Automated Failover and Disaster Recovery: Automated failover mechanisms ensure continuous service availability. Service using built-in features such as Azure Traffic Manager or AWS Route 53, plus redundant instances of critical components.; ; Data Replication and Backup: Our strategy includes data replication and regular backups, utilizing Azure's or AWS's native replication services. Additionally, we implement automated backup solutions enabling quick recovery in case of corruption or deletion.; ; Security Controls and Compliance: Our security controls adhere to industry best practices and regulatory requirements. This includes encryption at rest and in transit , implementing identity and access policies, security audits and compliance assessments.; ; Network and Infrastructure Resilience: Data center setup is resilient utilising redundant networking components, load balancers, and firewalls to ensure connectivity and protection. ; ; Continuous Monitoring and Incident Response: We employ continuous monitoring tools and automated alerting systems to detect anomalies, performance degradation, or security incidents in real-time.
• Outage reporting: We have email alerts which are triggered from within our service, as well as health reports provided by our infrastructure suppliers.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: AWS account credentials, with AWS IAM Identities
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC 1/ISAE 3402, SOC 2, SOC 3; FISMA, DIACAP, and FedRAMP
• Information security policies and processes: Our Information security policy encompasses all aspects of security together with all associated policies and procedures. It focuses on the confidentiality of client and company information, providing guidelines and company procedures. The overarching policies are:; Information Security ; Acceptable Use ; Physical Security ; Network Security ; System/Password ; Anti-virus ; Patch Management; Remote Access ; Vulnerability Management ; Secure Application development ; Testing; Access Control ; Wireless ; ; We have a robust reporting structure to ensure the policies are implemented and maintained:; Executive Management provides strategic direction, allocates resources for information security initiatives. The Head Information Security Officer oversees our Information Security Programme and is the Managing Director.; Our Managed Services Team support the monitoring and responding to security incidents in real-time.; Our Incident Response Team is made up of Key Management, Manage Services and personnel. ; Our reporting channels are:; Internal; External; Vendor; Client; ; Regular reporting ensures all parties remain informed and can react. Reports include metrics on security incidents, compliance status, and effectiveness of security controls. Annually the Management team review the strategy and previous years performance together with future recommendations and a plan of action.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management processes are designed to ensure the highest level of security and efficiency. We primarily use pre-built applications. These applications are locked down and released as a general product following the vendor’s strict security policies.; ; Tracking Components Through Their Lifetime: The components of our services are tracked from the moment they are integrated into our system. Since we use pre-built applications, tracking process is handled by our vendors. They provide us with regular updates and patches as part of their general release product. This ensures that each component is always up-to-date and functioning as expected.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process ensures resilience and security of our services:; ; Identification:; Continuous Vulnerability Scanning: Utilise infrastructure partner tools.; Threat Modelling: Regular threat modelling exercises.; Penetration Testing: Utilise third-party security firms.; ; Deployment of Patches:; Patch Management Workflow: Defined patch management workflow - identification, prioritisation, testing, deployment, verification.; Patch Prioritisation: Prioritised on severity, exploitability, service impact.; Change Management Process: Process includes reviews, approval, controlled scheduled deployment.; Emergency Patching: Zero-day vulnerabilities use an expedited process.; ; Information Sources:; Vendor Notifications: Subscribe - security mailing lists, notifications.; Threat Intelligence Feeds: Review intelligence feeds.; Security Research: Monitor Microsoft/AWS papers, blogs, forums.; Incident Response Collaboration: Initiatives.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We implement protective monitoring processes utilising Azure/AWS tools to detect and respond to security incidents. We use both AWS Guard Rail and Azure tools to monitor, alert and report.; ; Tickets are auto-raised in our Service Desk application. We respond immediately to any issue (See Answer 28 for full details).; ; Monitoring: Cloud providers tools monitor and detect service security.; ; Threat Detection: Cloud provider tools detect suspicious activities, potential real-time security breaches.; ; Security Alerts and Notifications: Cloud provider tools detected threats and security incidents. ; ; Log Analytics Cloud: Tools monitor and analyse logs to allow us to collect, analyse, visualise log data.
• Incident management type: Supplier-defined controls
• Incident management approach: Users raise incident tickets / report incidents via email or call our 24/7 helpline. All incident tickets are logged within our Service Desk application, against customer accounts. Ticket updates are automatically sent directly to our end users (via email) each time the ticket is updated by our team with progress reports.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  A key part of the selection of our selection of datacentre partners Microsoft and AWS was how their service provision would deliver against the Social Value themes outlined in PPN 06/20.. They adhere to the key principles:; Implementing energy-efficient technologies in their data centres; Optimising resource utilisation to minimize energy consumption.; Implement reduced hardware requirements and energy-efficient operations.; Promote the use of renewable energy sources to power our infrastructure; Encourage clients to extend their green energy partnerships and investments in renewable energy projects.

  Covid-19 recovery

  Facilitate remote work and collaboration through cloud-based solutions like Teams; Reduce the need for physical office space, we work mostly virtual now; Minimum commuting or travelling to clients. We have customers across the UK, Ireland and North America where all business is conducted remotely.

  Tackling economic inequality

  Our partners provide affordable and accessible cloud services to organisations of all sizes, including small and medium enterprises (SMEs) and underserved communities, enabling them to leverage advanced IT capabilities without significant upfront investments.; They support economic development and job creation through cloud-based innovation and digital transformation initiatives, particularly in sectors such as renewable energy, sustainable agriculture, and healthcare.

  Equal opportunity

  Microsoft and AWS promote diversity and inclusion in the tech industry through partnerships, initiatives, and programs that support underrepresented groups in accessing and succeeding in cloud computing and related fields.; They offer a wide range of training opportunities to train and educate to any individual irrespective of background, to develop skills in cloud technology and pursue careers in the IT sector.

  Wellbeing

  Our partners are like our own company, we have excellent employee wellbeing programmes and enable remote work, flexible schedules, and work-life balance through cloud-based collaboration tools and virtual work environments.; Our partners support healthcare providers and researchers with secure and scalable cloud solutions for data storage, analysis, and collaboration, facilitating advancements in medical research and improving healthcare outcomes.; Our partners, like us, promote sustainable practices and environmental stewardship through energy-efficient operations, renewable energy investments, and initiatives that raise awareness about the intersection of climate change and human health.

Pricing

• Price: £20.00 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The free trial provides the following:; ; Functionality: Feature subset - basic document/data retrieval, simple data extraction, analysis, validation, output.; Usage Limits: Usage restrictions – maximum transactions/month.; Support/Maintenance: Basis support.; Customisation and Integration: Limited customisation and integrations.; Scalability and Performance: Limited scalability.; Security and Compliance: UK Government standards
• Link to free trial: N/A

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Stephen.newman@acornpeople.com. Tell them what format you need. It will help if you say what assistive technology you use.