Skip to main content

Help us improve the Digital Marketplace - send your feedback

  1. Digital Marketplace
  2. Lot 2: Cloud software
  3. Automation Anywhere - FortressIQ
Softcat Limited

Automation Anywhere - FortressIQ

Automation 360 product is used for Robotic Process Automation (RPA). Automation 360 is a single, integrated platform that transcends front office and back office technology siloes to automate business processes across all systems and applications, including both SaaS and legacy apps.


  • Easy decisions based on current status and future possibilities.


  • The only truly cloud native web-based solution


£6,744.00 a unit

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

5 4 6 1 6 0 6 1 9 6 6 5 4 2 7


Softcat Limited Charles Harrison
Telephone: 01628 403403

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Can be an extension to Windows or web-based application. Platform's purpose is to automate complex business processes that are conducted within one or many of these systems. Certain applications, such as Microsoft Excel, Salesforce, ServiceNow and Workday, we have specific integrations that make Automation 360 an extension of those platforms.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Whilst the Automation 360 Control Room can be accessed from any device supporting a modern web browser, bots can only be run on a Windows (7, 8, 10,11 and Server) machine, therefore the platform can only automate applications that are supported by that operating system. Details of this can be found below:

The Automation 360 solution is available in 3 possible deployment models. Details about the models can be found below:

However, migrating from on-prem to cloud or vice-versa is not available currently. This means that the initial deployment model cannot be changed.
System requirements
Control Room (if deployed on-premise) (N/A if AA Cloud)

User support

Email or online ticketing support
Email or online ticketing
Support response times
The SLA for Average first response time of our Support is 95% of the tickets needs to be replied <=1 or 8 hr. and Average Total Resolution time target is, ticket should be resolved completely in <=96 hrs.

Complete Support SLA Details based on different models available here:
User can manage status and priority of support tickets
Online ticketing support accessibility
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
The chat is available on our portal as soon as the person browses for less than a minute.
Web chat accessibility testing
Onsite support
Yes, at extra cost
Support levels
SLA: Severity 1 Initial Response: 4 hours, 2 hours, 1 hour based on Support Model Selected
SLA: Severity 2 Initial Response: 8 business hours, 4 business hours, 2 business hours based on Support Model Selected
SLA: Severity 3 Initial Response: 16 business hours, 12 business hours, 8 business hours based on Support Model Selected
SLA: Severity 4 Initial Response: 16 business hours

Complete Support SLA Details based on different models available here:
Support available to third parties

Onboarding and offboarding

Getting started
Firstly, we provide a Free Trial or the Community Edition which is our free software solution to try our solution hands-on. Apart from that we have broad free e-learning modules as well as our very own YouTube channel ( and resource page (

We have a complete onboarding service wherein right from product license to usage training and analysis or consultancy for RPA program is provided.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All Data can be extracted in form of Bot Files and other Database Files. As such, Automation 360 only stores Audit Logs, User Role-Based Access Details, Training data for IQBot extraction method and Bot Insight analytics.

Customers can ask for Audit Log and Database files during offboarding process.
End-of-contract process
Automation Anywhere will keep customer data, configs (bots), IQ Bot data, and most logs for 30 days after the customer’s subscription ends. Some logs may be kept for up to 180 days after the customer’s subscription ends. Full details of the Data Processing Addendum and data retention policy can be found here:

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
Yes (for the web-based Control Room)

The Mobile App is a subset of Control Room features to expand the reach of RPA and accelerate the development of the digital-first enterprise.

The Automation Anywhere Mobile App allows users to start, stop, pause or resume bots, monitor the status of bots, and measures the ROI from their digital workforce in real-time.
Service interface
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Automation 360 has an API (Application Programming Interface) that allows users to deploy bots, manage files, administrate users and more. This is accessible through the REST protocol and allows full programatic access of the platform.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We have undergone the "Voluntary Product Accessibility Template" Test for our product/service conforms with Section 508 of the Rehabilitation Act of 1973
What users can and can't do using the API
The Automation Anywhere Control Room provides various APIs that allow you to customize the way that you (and your bots) interact with Automation Anywhere. Users can perform tasks such as manage bot deployments, create and manage credentials in the Credential Vault, create and manage user accounts and roles, and create and manage queues.

More detailed information:
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available


Independence of resources
We have a performance check in place as well as we guarantee 99.9% uptime with extremely low 0.001 milisec latency. Our Cloud Ops team constantly monitors and manages the resources. Each User has its own individual Tenant ID and each tenant's performance will not be affected by another.


Service usage metrics
Metrics types
We don't provide service usage matrix as our pricing is not dependent on the hours use. Certain reports can be asked or are shared proactively by CSMs.

We have certain metrics around licensing and associated usage that can be shared by the assigned Customer Success Manager,
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller (no extras)
Organisation whose services are being resold
Automation Anywhere

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
BotFiles, Audit Logs, BotInsights everything can be exported as XML, CSV or PDFs.
Data export formats
  • CSV
  • Other
Other data export formats
XML, PDFs for Reports.
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
Word File, Database Files, HTML, PDFs, Images etc.

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Approach to resilience
All our Services have High-availability and Disaster recovery. Automation Anywhere maintains emergency and contingency plans and has ISO
22301 BCMS certification.
High Availability: Each regional data center presence Is designed with application-level high availability and highly available public cloud services across the region. Automation 360 Cloud follows industry standards best practices with a cloud uptime SLA of 99.9%.
Disaster Recovery: Backups are taken and maintained in an encrypted format to restore the service in the case of a disaster. Backups are taken every 6 hours to another region. If a disaster is declared for the primary region, a secondary
region is instantiated for all tenants using the backup taken every 6 hours. The current objectives for this recovery are:
• RTO (Recovery Time Objective): Time to get a new region up and running with the last backup
data restored = 6 hours.
• RPO (Recovery Point Objective): The maximum duration for data loss during a restore = 6 hours.
Outage reporting
We have a status page where all service statuses are updated in Realtime.

Status Page:

Identity and authentication

User authentication needed
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Access is deny-all and allow by exception based on roles, domains as defined in Role-based Access Control (RBAC). These roles can also be limited to specific groups.
e.g. Only those users who have access to User Management will be able to manage users in system. Authorized users can assign various combinations of these access rights to different sets of users and roles, as the business requires.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Alcumus ISOQAR
ISO/IEC 27001 accreditation date
25 September 2019
What the ISO/IEC 27001 doesn’t cover
Scope of Registration: The Information Security Management System at Automation Anywhere encompasses all information assets and processes utilized for deployment, maintenance and management of cloud infrastructure required to support the product stack for the customers and provision of IT infrastructure
management services provided by Information Technology, Information Technology Cloud Solutions and Cloud Operations team.
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Automation Anywhere Inc.'s Global Information Security Policy (GISP) and procedures identifies responsibilities and establishes the goals for consistent and appropriate protection of the organization’s Information Assets. Implementing this policy reduces the risk of accidental or intentional disclosure, modification, destruction, delay, or misuse of Information Assets. This policy enables the Information Security (IS) Office to provide direction for implementing, maintaining and improving the security of Information Assets.

Please see the security overview document as attachment.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All teams at Automation Anywhere follow Agile methodology for delivery and can respond swiftly and effectively to any change that the business demands. A change request works its way from various sources (customers, stakeholders, product vision etc.) to the product backlog as user stories from where the team can pick them up as a part of iterations. Hence, Agile allows changes to happen on a regular basis– not as any special change event. The regular show and tell of the ongoing work keeps the stakeholders well informed and helps to make any course correction as & when required.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Cloud infrastructure is configured based on industry and vendor-specific security best practices to ensure that misconfigured resources do not result in data exposure. All cloud infrastructure is continuously monitored to meet these best practices and any deviation is remediated based on risk to customer data assets. In addition to security configuration, all cloud resources including virtual machines, 3rd party software components, and applications are regularly scanned for security vulnerability and then prioritized and remediated in accordance with defined SLAs. Network access to infrastructure and cloud application is limited to approved TCP/IP ports and VPN connected devices.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Visibility into activity in cloud environments is critical for monitoring and identifying security events and incidents. All resources in Automation Anywhere cloud are configured to log security events and send them to a centralized SIEM solution. SIEM is used to build a usage baseline of cloud activity to detect deviation, monitor changes to security posture, and correlate threat data which is then investigated by the security team.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
"Security Incident Management policy and process shall apply to all incidents resulting from violation of Information Security policies or processes / standards.
These include but are not limited to:
• attempts (either failed or successful) to gain unauthorized access to a system or its data
• unwanted disruption or denial of service
• the unauthorized use of a system for the processing or storage of data
• changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Please contact
Covid-19 recovery

Covid-19 recovery

Please contact
Tackling economic inequality

Tackling economic inequality

Please contact
Equal opportunity

Equal opportunity

Please contact


Please contact


£6,744.00 a unit
Discount for educational organisations
Free trial available
Description of free trial
There is no limited features in free version. We provide the complete Automation 360 solution with its full features.
• Automation 360 has you covered:
• End-to-end automation with a cloud-native platform
• Automatic process discovery
• Real-time RPA analytics
• AI-powered document extraction
Link to free trial
Free Trial:

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.