Intelligent Document Understanding - UiPath

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud

Private cloud

Community cloud

Hybrid cloud
Service constraints: Scheduled maintenance and routine updates for the Cloud Platform are communicated through the portal, http://status.uipath.com/. For details on support exclusions, please refer to the 'Support Exclusion' clause in the Support Terms available here: https://www.uipath.com/hubfs/legalspot/UiPath_Support_Terms.pdf
System requirements: Studio: S/w Requirements: https://docs.uipath.com/studio/docs/software-requirements

Robots - H/w Requirements: https://docs.uipath.com/robot/docs/hardware-requirements

Robots - S/w Requirements: https://docs.uipath.com/robot/docs/software-requirements

Orchestrator (Cloud Platform) https://docs.uipath.com/cloudplatform/docs/software-requirements

Studio: H/w Requirements: https://docs.uipath.com/studio/docs/hardware-requirements

User support

Email or online ticketing support: Email or online ticketing
Support response times: Our standard support response times vary from 1 to 8 hours, depending on incident categorization and prioritization as outlined in a customized service level agreement (SLA) for each service. The tailored SLA also specifies the agreed-upon hours of support available, ranging from 24x7 to weekdays between 09:00 to 17:00 GMT.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
Phone support: No
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: We offer three support levels:

40 hours of support - £3,600 per quarter
80 hours of support - £7,200 per quarter
Managed service - 1 FTE per quarter - £12,000 per quarter. This includes the provision of both a technical account manager and cloud support engineer
Support available to third parties: Yes

Onboarding and offboarding

Getting started: UiPath's Learning Culture stands out as a key differentiator, underscored by substantial global investments in personnel, partnerships, customers, and academia. The company offers a complimentary E-Learning platform (academy.uipath.com), expediting the learning curve and proficiency development. Training modules for development, management, and reporting are structured into three tiers: Foundation, Orchestrator, and Advanced courses, all available online at no cost through the UiPath Academy. Additionally, Advanced courses can be delivered in classroom settings by UiPath Official Training Partners or directly by UiPath. With 18 training partners globally covering all regions, role-based training is accessible and customizable to meet customer needs. Supplementary online resources, including documentation, videos, knowledge bases, and FAQs, can be accessed at: https://www.uipath.com/developers/guides-and-resources
Service documentation: Yes
Documentation formats: HTML
End-of-contract data extraction: UiPath, regarded as a data processor under GDPR regulations, upholds all obligations associated with this role by affording customers complete control over their data in alignment with product architecture and implementation. The company facilitates data export upon request and ensures data deletion from its systems within the mandated 30-day soft-delete period following account closure or data deletion requests. Customers are encouraged to assess their Cloud Platform usage's compliance with privacy obligations. For comprehensive details on UiPath's data processing practices and GDPR commitments, refer to the Privacy Policy: https://www.uipath.com/legal/privacy-policy
End-of-contract process: End-of-contract procedures are detailed in user agreements. Upon contract termination, all data is exported to the customer upon request, adhering to GDPR guidelines. UiPath's cloud platform follows data destruction protocols consistent with Microsoft Azure, the underlying storage platform, as outlined in Microsoft Azure's documentation: https://docs.microsoft.com/en-us/azure/security/fundamentals/protection-customer-data

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome
Application to install: Yes
Compatible operating systems: Windows
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: The Orchestrator Mobile App by UiPath is accessible through the Apple App Store and Google Play Store. It offers a condensed view of the customer's Orchestrator instances and enables actions such as monitoring Robots and Queues, searching assets, and initiating, pausing, or terminating jobs. Additionally, users can mark processes and jobs as 'Favorite' and receive Push notifications for monitoring purposes. These functionalities are exclusive to the mobile app and not available in the Orchestrator service itself.
Service interface: Yes
User support accessibility: WCAG 2.1 AA or EN 301 549
Description of service interface: UiPath's Cloud Platform encompasses various independent services like Orchestrator, Tenant Management, Licensing Service, and others. These services are abstracted from end-users through the UiPath Cloud Portal, ensuring a unified experience. The entire suite, including the Cloud Portal, operates under a software-as-a-service (SaaS) model hosted on Microsoft Azure. Core Azure services, including compute, storage, networking, SQL database, and identity and access management, support these services.
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: Accessibility is integrated into UiPath's design, development, and quality assurance processes for its products. Compliance with accessibility standards is assessed through automated testing, manual validation with assistive technologies, and third-party feedback.
API: Yes
What users can and can't do using the API: In terms of integration, UiPath's Cloud Platform or Cloud Deployment can seamlessly integrate with applications through APIs. The Orchestrator's REST API allows for programmatically controlling various server-side operations such as managing robots, processes, assets, queues, and scheduling tasks. This API facilitates integration with external BPM or workflow tools, ERP, CRM, and other applications. The Orchestrator REST API provides 22 Custom API methods for accessing and controlling 29 logical resources within Orchestrator. For instance, external applications like chatbots can easily trigger robots to perform tasks based on input. More information on these APIs is available here: https://orchestrator.uipath.com/reference
API documentation: Yes
API documentation formats: Open API (also known as Swagger)

HTML
API sandbox or test environment: Yes
Customisation available: No

Scaling

Independence of resources: The UiPath Cloud Platform is designed to accommodate growth, with additional capacity strategically allocated to accommodate anticipated customer expansion. We proactively monitor capacity based on engineering insights to uphold our commitments to customers. Our engineering team, experienced in scaling some of the largest cloud platforms globally, ensures the scalability and reliability of our cloud environments.

Analytics

Service usage metrics: Yes
Metrics types: Customers have access to the service availability and incident history via the portal: http://status.uipath.com. Monitoring of usage and performance metrics such as response time and transaction volume is conducted exclusively by UiPath's Site Reliability Engineers. This oversight aims to drive ongoing service enhancements and improvements.
Reporting types: Real-time dashboards

Resellers

Supplier type: Reseller providing extra features and support
Organisation whose services are being resold: UiPath

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)

Other locations
User control over data storage and processing locations: Yes
Datacentre security standards: Managed by a third party
Penetration testing frequency: Less than once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Encryption of all physical media

Other
Other data at rest protection approach: Each customer is allocated a dedicated vault to securely store certificates, keys, and other credentials used across services. Furthermore, all user and application accounts are associated with a customer identity, establishing a distinct domain. Database storage employs AES CBC 256 or 128 encryption, prioritizing 256 where available. Logical segregation is achieved through encryption and individual accounts for each customer across services.
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: All data is accessible to customers via the UI of the Cloud Platform. In case customer wants to export data, the request for data export must be placed with UiPath who will perform the database export.
Data export formats: Other
Other data export formats: Other
Data import formats: Other
Other data import formats: Data cannot be imported but created in the Cloud Platform.

Manual steps for migration from on-prem to cloud-platform are available.

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: UiPath strives to maintain a 99.5% uptime for each service in each region. Service availability updates are provided on the https://status.uipath.com/ webpage or through appropriate channels, as outlined in the user agreement.
Approach to resilience: UiPath Cloud platform utilizes Azure resiliency features across all components, with current replication limited to datacenters within the same geographic region (either within the US or within the EU). Expansion of replication can be considered based on customer needs. More details can be found at: https://azure.microsoft.com/en-in/features/resiliency/
Outage reporting: Information regarding service availability and any incidents/outages is accessible to customers via the https://status.uipath.com/ webpage. Customers can subscribe to notifications and alerts through various communication methods such as email, text, ATOM, or RSS feed on the status.uipath.com portal.

Identity and authentication

User authentication needed: Yes
User authentication: Identity federation with existing provider (for example Google Apps)

Username or password

Other
Other user authentication: Integration with common Identity providers like Azure AD, LinkedIn, and Google enables bulk provisioning of users. UiPath's cloud platform supports Single Sign-On from existing cloud identity platforms such as Azure Active Directory and Google Suite. Customers using additional services like Okta can leverage an Azure Active Directory Tenant supporting SAML v2 federation to Okta for seamless single sign-on to the UiPath cloud platform. If the integrated identity provider mandates two-factor authentication, it applies to logging into the UiPath Cloud Platform as well.
Access restrictions in management interfaces and support channels: Rigorous access control measures are in place to safeguard our production environment and customer data. UiPath employs a dedicated team of Site Reliability Engineers (SREs) who monitor and manage the production environment round the clock, year-round. Access to the production environment is strictly limited to maintenance and support scenarios, with UiPath support adhering to the principle of least privilege. Any access to the environment by UiPath support requires prior approval from the customer. Access to production services is provided on "just in time" basis and revoked promptly upon issue resolution. All access requests and approvals are meticulously tracked for accountability.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Dedicated link (for example VPN)

Username or password

Other
Description of management access authentication: All employees at VE3 are mandated to utilize VPN services sanctioned by the organization. Access is granted based on the principle of least privilege, requiring thorough justifications that are verified before approval. In cases where team members require access for urgent issue resolution or configuration deployment, they must request "just in time" access to the production service. Access is promptly revoked once the situation is resolved. All access requests and approvals are meticulously tracked for accountability. Additionally, two-factor authentication is enforced for all accesses to production systems.

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: EGAC
ISO/IEC 27001 accreditation date: 06/01/2024
What the ISO/IEC 27001 doesn’t cover: NA
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: ISO 22301

ISO 20000-1

ISO 14000-1

ISO 9000-1

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: UiPath has established an internal Cyber Security Policy aimed at safeguarding the confidentiality, integrity, and availability of the company's information assets. This policy, aligned with business objectives and applicable regulations, is governed by the following principles:

Security of critical information and systems is a collective responsibility.
The Global Cyber Security Policy is endorsed by UiPath management, disseminated to all relevant stakeholders (employees, contractors, vendors, etc.).
Regular monitoring and continuous enhancement of the policy are ensured, with annual reviews and adjustments made in response to significant changes.
Data handled by UiPath is treated with the appropriate level of confidentiality, adhering to relevant regulatory and contractual obligations.
Clear roles and responsibilities regarding cyber security are outlined and communicated across the organization.
Employees receive training on this policy and related guidelines, with violations subject to disciplinary measures, including termination if necessar

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: For routine configuration adjustments to the service and regular cloud platform maintenance, occurring approximately every two weeks, updates are executed in Deployment rings. Customers are notified through the portal: https://status.uipath.com/. Significant updates are also detailed in release notes. Regarding infrastructure modifications, UiPath Cloud Platform operates within Azure Data Centers. Any alterations in storage location or infrastructure are treated as infrastructure incidents, triggering customer notifications. UiPath collaborates closely with Microsoft and the Azure team to promptly address proposed changes.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: External vulnerability testing is conducted using Veracode VAPT services. UiPath Robots, UiPath Studio, and our standalone Orchestrator undergo continuous certification by Veracode. For the Cloud Platform, we maintain Veracode certification, ISO 27001 compliance, and are progressing towards SOC 2 report completion. We actively monitor vulnerabilities introduced via third-party libraries, minimizing dependencies and associated exposure. Additionally, we participate in the HackerOne Bounty Program to identify vulnerabilities in our RPA Platform and surrounding ecosystem. Azure's PaaS, utilized by UiPath Cloud Services, automatically delivers regular updates to address known security vulnerabilities in the infrastructure.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: UiPath employs a dedicated 24/7 Site Reliability Team to monitor security alerts and incidents. Access management, application, system, and network traffic are continuously monitored at the perimeter and within the environment to detect and prevent malicious activities, while also tracking availability and performance. In the event of a breach, we implement security response plans to mitigate data leakage, loss, or corruption. We maintain transparency with our customers throughout the incident via the https://status.uipath.com portal. Post-incident containment, our security incident management process proceeds to identify root causes and implement necessary changes to prevent recurrence.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Customers can submit tickets through our online ticketing portal or utilize phone-in support based on their support model. In the event of a breach, our 24x7 SRE and Security team engage development resources to contain the incident's impact. Following containment, our security incident management process identifies root causes and tracks changes to prevent similar incidents in the future. Infrastructure incident management is overseen by Azure.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

Our G-Cloud service provision is deeply committed to fighting climate change, recognizing the urgent need for collective action to address environmental challenges. Here's how our services deliver against this social value theme:

Environmental Sustainability in Operations:

We prioritize running efficient operations to reduce emissions and minimize environmental impacts. This includes implementing energy-efficient practices, optimizing resource usage, and adopting renewable energy sources wherever possible within our data centers and infrastructure.

Promoting Sustainable Practices:

VE3 actively engages with our suppliers and clients to promote sustainable business practices. Through our services, we advocate for the adoption of environmentally friendly technologies, responsible sourcing, and waste reduction strategies, thereby reducing carbon footprints across the supply chain.

Responsible by Design Framework:

Our G-Cloud services adhere to a 'Responsible by Design' framework, ensuring that environmental considerations are integrated into the development and deployment of digital solutions. By prioritizing environmental protection and minimizing negative impacts, we strive to deliver sustainable outcomes for our clients.

Training and Education:

VE3 invests in training and education programs focused on environmental sustainability. Through initiatives like the Sustainability Quotient (SQ) training, we equip our teams with the knowledge and skills to adopt climate-smart behaviors and implement environmentally conscious practices in their work.

Community Engagement:

We actively engage with communities to support environmental objectives and promote climate action. By partnering with local organizations and stakeholders, we contribute to initiatives aimed at addressing climate change, such as tree planting programs, clean energy projects, and environmental education campaigns.

Covid-19 recovery

Our G-Cloud service provision plays a crucial role in supporting the COVID-19 recovery effort by facilitating resilience, adaptation, and innovation in the face of unprecedented challenges. Here's how our services contribute to the recovery process:

Remote Work Enablement:

VE3's digital solutions empower organizations to transition to remote work seamlessly. By providing secure and reliable cloud-based infrastructure, collaboration tools, and remote access solutions, we enable businesses to maintain productivity while ensuring the safety and well-being of their employees.

Business Continuity Planning:

We assist organizations in developing and implementing robust business continuity plans to mitigate disruptions caused by the pandemic. Our services include data backup and recovery solutions, disaster recovery planning, and resilience testing to ensure operational continuity in the face of unforeseen events.

Digital Transformation Acceleration:

VE3 accelerates digital transformation initiatives to help organizations adapt to the new normal. By modernizing legacy systems, implementing cloud-based technologies, and digitizing processes, we enable businesses to optimize efficiency, improve agility, and remain competitive in a rapidly evolving landscape.

Healthcare Support Solutions:

We provide specialized healthcare support solutions to assist frontline workers and healthcare organizations in responding to the COVID-19 crisis. This includes telemedicine platforms, patient management systems, and data analytics tools to enhance patient care, streamline operations, and support decision-making processes.

Economic Stimulus through Innovation:

VE3 fosters innovation and entrepreneurship to stimulate economic recovery in the aftermath of the pandemic. Through our G-Cloud services, we support startups, small businesses, and enterprises in developing and deploying innovative solutions that address emerging challenges, create new opportunities, and drive economic growth.

Tackling economic inequality

We recognize the importance of tackling economic inequality and are committed to leveraging our G-Cloud service provision to address this pressing social issue. Here's how our services contribute to tackling economic inequality:

Access to Affordable Technology:

We strive to make cutting-edge technology accessible and affordable to all, regardless of economic status. By offering scalable and cost-effective cloud-based solutions, we enable organizations, including small and medium-sized enterprises (SMEs) and underserved communities, to access the tools and resources they need to compete in the digital economy.

Skills Development and Training:

VE3 invests in skills development and training programs to empower individuals with the knowledge and expertise needed to thrive in the digital age. Through initiatives like online courses, certifications, and workshops, we equip people from diverse backgrounds with the skills required for high-demand roles in technology and innovation, thereby enhancing their employability and economic prospects.

Support for Minority-Owned Businesses:

We actively support minority-owned businesses and entrepreneurs by providing access to mentorship, networking opportunities, and resources to help them grow and succeed. Through initiatives like supplier diversity programs and partnerships with minority business organizations, we promote inclusion and diversity in the technology sector and contribute to creating more equitable economic opportunities.

Digital Inclusion Initiatives:

VE3 is committed to promoting digital inclusion and bridging the digital divide by ensuring that everyone has access to essential digital services and technologies. We collaborate with governments, nonprofits, and community organizations to implement initiatives such as digital literacy programs, affordable internet access schemes, and community technology centers, thereby empowering underserved populations and promoting economic equity.

Fair and Transparent Procurement Practices:

We adhere to fair and transparent procurement practices to create opportunities for businesses of all sizes and backgrounds to participate in government contracts and procurement processes.

Equal opportunity

We recognize the importance of tackling economic inequality and are committed to leveraging our G-Cloud service provision to address this pressing social issue. Here's how our services contribute to tackling economic inequality:

Access to Affordable Technology:

We strive to make cutting-edge technology accessible and affordable to all, regardless of economic status. By offering scalable and cost-effective cloud-based solutions, we enable organizations, including small and medium-sized enterprises (SMEs) and underserved communities, to access the tools and resources they need to compete in the digital economy.

Skills Development and Training:

VE3 invests in skills development and training programs to empower individuals with the knowledge and expertise needed to thrive in the digital age. Through initiatives like online courses, certifications, and workshops, we equip people from diverse backgrounds with the skills required for high-demand roles in technology and innovation, thereby enhancing their employability and economic prospects.

Support for Minority-Owned Businesses:

We actively support minority-owned businesses and entrepreneurs by providing access to mentorship, networking opportunities, and resources to help them grow and succeed. Through initiatives like supplier diversity programs and partnerships with minority business organizations, we promote inclusion and diversity in the technology sector and contribute to creating more equitable economic opportunities.

Digital Inclusion Initiatives:

VE3 is committed to promoting digital inclusion and bridging the digital divide by ensuring that everyone has access to essential digital services and technologies. We collaborate with governments, nonprofits, and community organizations to implement initiatives such as digital literacy programs, affordable internet access schemes, and community technology centers, thereby empowering underserved populations and promoting economic equity.

Fair and Transparent Procurement Practices:

We adhere to fair and transparent procurement practices to create opportunities for businesses of all sizes and backgrounds to participate in government contracts and procurement processes.

Wellbeing

Environmental Sustainability:

We are committed to environmental sustainability as a core component of wellbeing. By prioritizing eco-friendly practices, resource conservation, and carbon reduction efforts in our operations and services, we contribute to creating a healthier and more sustainable environment. We prioritize the wellbeing of individuals and communities in all aspects of our G-Cloud service provision. Here's how our services contribute to enhancing wellbeing:

User-Centric Design:

VE3 designs our G-Cloud services with a user-centric approach, prioritizing usability, accessibility, and intuitive design. By focusing on the needs and preferences of users, we create digital experiences that enhance overall wellbeing by reducing frustration, stress, and cognitive load.

Health and Safety Protocols:

We implement robust health and safety protocols to protect the wellbeing of employees, clients, and partners. This includes adherence to strict security standards, data privacy regulations, and compliance with industry best practices to ensure the safety and integrity of our digital infrastructure and services.

Promotion of Work-Life Balance:

VE3 recognizes the importance of work-life balance in maintaining overall wellbeing. Through our G-Cloud services, we enable remote work, flexible scheduling, and collaboration tools that empower individuals to achieve a healthy balance between their professional and personal lives, leading to greater job satisfaction and wellbeing.

Mental Health Support:

We prioritize mental health support for our employees and clients by offering resources, programs, and initiatives aimed at promoting mental wellbeing. This includes access to counseling services, mindfulness training, stress management workshops, and employee assistance programs designed to support individuals in times of need.

Community Engagement and Social Impact:

VE3 actively engages with communities to address social determinants of health and promote holistic wellbeing. Through partnerships, philanthropic initiatives, and volunteer efforts, we support local organizations and projects focused on improving access to healthcare, education, housing, and other essential services that contribute to overall community wellbeing.

Pricing

Price: £175 to £850 a unit
Discount for educational organisations: Yes
Free trial available: No

Intelligent Document Understanding - UiPath

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Intelligent Document Understanding - UiPath

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents