Liberty RPA - Robotic Process Automation

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: Netcall Liberty Cloud offers a complete suite of customer engagement software, Liberty Converse can be used as standalone or as an add-on to following Netcall applications: Liberty Create low-code platform including Citizen and Tenant Hub Accelerators; Patient Hub; Liberty Connect multimedia conversational messaging gateway, and virtual Chat Assistant; Liberty RPA
Cloud deployment model: Public cloud
Service constraints: The service is subject to planned maintenance which will be notified in advance.
System requirements: Internet Connectivity

User support

Email or online ticketing support: Email or online ticketing
Support response times: "Target response times are subject to the contracted level of Netcall SolutionCare:
Standard - Target 90 minutes initial response
Comprehensive - Target 90 minutes initial response"
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: "We will provide a Standard level of support which will be included within the cost. This includes access to the Support Online Portal, and contact by telephone or email to the remote support teams during contracted hours.

Standard Support hours are 9am-5.30pm (UK), Monday to Friday (excluding UK bank holidays).

A technical account manager will be provided.

Comprehensive Support (365 days 24 hours) can be added as a percentage uplift of the minimum monthly licence."
Support available to third parties: Yes

Onboarding and offboarding

Getting started: "Netcall will provide project management, engineering, and training support for the initial configuration of the Liberty Converse.

In addition onsite or online training will be provided to enable the customer to self-manage the service. User Training includes access to extensive e-Learning content via the Netcall Online Community.

Documentation regarding implementation and configuration of Liberty Converse will also be provided. This includes Online Help which is provided within the Liberty User Interface and Netcall Online Community."
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: " Liberty RPA does not store any customer data, it remains on the users systems. Liberty RPA job flow reporting can be exported in a text file format."
End-of-contract process: At the end of the contract Netcall will cease the service which will prevent the bots from running. All data stored including backups will be securely deleted using industry standard best practise methods.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge
Application to install: Yes
Compatible operating systems: Windows
Designed for use on mobile devices: No
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: Liberty RPA provides a browser based service interface. This interface has been design to be intuitive and simple to use, whilst enabling full access to the user and administrative features provided by the RPA application. User access to the service interface is secure.
Accessibility standards: None or don’t know
Description of accessibility: As a browser based interface, 3rd party tools deployed on the user's desktop or browser can be used to support user accessibility.
Accessibility testing: Testing for specific 3rd party assistive technology is carried by users and based on the individual needs of their staff.
API: No
Customisation available: Yes
Description of customisation: Liberty RPA bot flows can be fully customised by users with RPA build training and authorised access. Administrative tasks such as bot scheduling and priorities can also be configured.

Scaling

Independence of resources: Deployments of Liberty RPA are provided on dedicated infrastructure for Users based upon the licencing subscription obtained.

Analytics

Service usage metrics: Yes
Metrics types: "Liberty RPA provides a range of system real time and historical reports including:

Real Time Dashboards - Real time graphical display of key metrics including job scheduling, CPU/memory/disk usage. Dashboards are configurable and shared with users, by name or role.

Supervisor Reports - Historical reports covering all metrics of Liberty RPA. Reports including bot performance and job execution are displayed graphically and tailored by a range of filters including date and time. Tailored reports can be saved for instant retrieval.

Historic reports can be manually downloaded in a csv file format. Alternatively an API is available to get Report data."
Reporting types: Real-time dashboards

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Supplier-defined controls
Penetration testing frequency: At least every 6 months
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with another standard
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: "Liberty RPA process flows (.rpa files) are XML based, jobs information is CSV based, both can be exported easily.

If required, reporting data can extracted using the Liberty Converse Reporting API. This REST API gets report data in XML or JSON format from the Interactions Report, Agent Audit Report, or from a Supervisor Saved Report.

Full documentation of Converse API will be provided as part of the deployment project."
Data export formats: CSV
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: LLiberty RPA as part of Create has an agreed Service Availability of 99.5%. Service credits can be discussed as part of your contract.
Approach to resilience: Information regarding the resilience of the data centre is available upon request
Outage reporting: Netcall’s Cloud systems and services are proactively monitored for availability and system health by the event management process. System events and alerts of threshold breaches are detected by Netcall’s system management tools and these alert our Customer Support team of state changes, including service outages in any of Netcall Cloud service offerings. Customer Support are responsible for informing service affecting outages to customers and these are tailored to match the business needs of the customer. The form of the communication can be either email or telephone to the customer’s service desk or preferred service contacts. The alert to the customer contains information on which service has failed, the likely effect it will have on customers IT service along with reference information for follow up. Netcall Customer Support then maintain regular updates to affected customers on the expected service restore time until de-escalation.

Identity and authentication

User authentication needed: Yes
User authentication: Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Dedicated link (for example VPN)

Username or password
Access restrictions in management interfaces and support channels: Create has a range of security controls to ensure the security requirements will be met. These include built in Role management, Security Policy, Login Control, Object permissions and Interface permissions.
Access restriction testing frequency: At least every 6 months
Management access authentication: Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Dedicated link (for example VPN)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: NQA
ISO/IEC 27001 accreditation date: 08/02/2021
What the ISO/IEC 27001 doesn’t cover: Netcall's ISO 27001 is certified around the protection of the Confidentiality Integrity and Availability (CIA) of data assets for all platforms, products, services and suppliers relating to the processing of data. The governance also extends to the premises where the assets are hosted. The Statement of Applicability is a comprehensive scope that takes almost a week of onsite auditing by an external auditor working closely with the critical teams from Operations (including Info Sec) the business and other stakeholders such as the client , data centre managers etc. The Netcall process owners also include the facilities, legal and finance teams. Therefore ISO27001 will only exclude policies, controls and components that are not explicitly defined within the scope of the Statement of Applicability published for Netcall. The priority will always be to protect the CIA of the client data as per the Netcall solution and product design proposed to and contractually accepted by the client. So the actual likelihood of any risks remaining unmanaged/missed through the comprehensive scope of controls in the SOA is low.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: "NHS DSP Toolkit "

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: All Information Security Policies and processes are documented and audited into the ISO27001:2013 Info Sec Statement of Applicability. It lists the Netcall controls, policies and work instructions documented and recorded for the standard. These were reviewed as part of the external Audit in January 2022 and deemed compliant. The SOA in PDF form can be shared on request. All process owners are internally and externally audited for compliance with the policies set out in the SOA and listed below. • Quality Policy. • Security Guiding Principles. • Information Security Policy. • Clear Desk Policy. • Keyholder Policy. • Access Control Policy. • Information Classification Policy. • Data Protection Policy. • Network Access Control Policy. • Information Exchange Policy. • Password Policy. • Cryptographic Policy. • External Parties Access Control Policy. All the policies are reviewed throughout the year and recorded in the Audit Calendar.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Netcall's Change Management processes are audited under the ISO27001:2013 and ISO9001:2015 Info Sec standards. The statement of applicability for the standards can be shared. No change will be permitted unless it has been approved by the relevant authority at Netcall against the relevant tracker ticket.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Netcall's compliance involves running external and internal vulnerability scans as part of our vulnerability management system to support the vulnerability management and internal patching process. Escalations are through our tracker system as part of the Risk Assessment/Vulnerability Management Process. These scans form evidence used to our InfoSec accreditations. The scanning vulnerabilities are prioritised within the reports, fed into the tracked Risk Assessment and resolution Process, reviewed by Netcall’s operations and relevant process/risk owner for resolution. Where necessary threat control and corrections/prevention tickets are raised and linked to the original vulnerability to audit the fix and risk.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Netcall manages and controls compromises to the Confidentiality Integrity and Availability of Information Assets through its Incident Management System, Control and ownership is centralised yet overseen with stakeholders. The process is ISO 27001:2013 compliant linking risks to treatments and SLAs. Compromises are monitored, tracked, recorded in a number of ways: being raised by customer/production support calls, via the account managers, after changes, risk reviews, actual security incidents, picked up via IDS/IPS systems or event identification. The owner is the Information Security Manager working with the respective Process Owners and impacted stakeholders to resolve any compromises and apply preventative actions.
Incident management type: Supplier-defined controls
Incident management approach: Netcall uses native and licensed software to manage risks and is ISO 27001:2013 compliant for Incident Management. It is tracker based linking risks, assessments into corrective and preventative processes. Compromises are recorded after changes, risk reviews, security incidents, event identification or in worst case scenarios invoking the Business Continuity Plan. The owner is the Information Security Manager working with the respective Process Owners and impacted stakeholders to identify, contain and resolve an incident using Tracker to prioritise, tailor and make the risk progress visible to stakeholders.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Fighting climate change: Fighting climate change

"Netcall is committed to working towards ‘Carbon Neutral’ status with an ambition to be carbon neutral by the end of 2026. Our strategy includes reducing our Scope 1 and 2 emissions to zero by 2022, reducing our Scope 3 emissions by 100% by 2026 to ‘NetZero’ / ‘Carbon Neutral’, and then removing more carbon than we emit, in effect being ‘Carbon Negative’. Netcall’s strategy expands beyond its internal business operations by ensuring the changes implemented flow into our product strategies. In this way, the organisations and communities in which Netcall operates will also benefit. For example, today, Netcall customers benefit from solutions:
• that reduce resource requirements and associated office and transportation costs, such as contact centre agents working from home
• such as electronic communications replacing printed and posted materials
• utilising technologies such as Automatic Speech Recognition (ASR), Optical Character Recognition (OCR), and Computer Vision to improve efficiency and lower the carbon intensity of operations
• that are cloud-based and leverage cloud operators’ large-scale efficiency innovations combined with their ongoing carbon reduction strategies. "
Covid-19 recovery: Covid-19 recovery

N/A
Tackling economic inequality: Tackling economic inequality

N/A
Equal opportunity: Equal opportunity

N/A
Wellbeing: Wellbeing

N/A

Pricing

Price: £55,000 a licence a year
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: Netcall offers trial versions of the Create software either as blank instances with builder support or with accelerator content already included. We term this service 'Try Create' and it provides e-learning for prototyping and proof of concept services. Please ask us for more information.

Liberty RPA - Robotic Process Automation

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Liberty RPA - Robotic Process Automation

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents