HITACHI DIGITAL SERVICES UK LIMITED

Process Automation Services (powered by Luminai)

Hitachi Digital Services' and Luminai's Large Action Model (LAM) is a new AI model that can interact and take action on any type of user interface, on any system and application, just like a human does, to automate complex mission critical processes across the healthcare enterprise.

Features

• cutting-edge AI technology, known as a Large Action Model (LAM)
• trained to interact, take action automate complex processes across enterprises
• LAM understands business intent/objective
• already trained on how to interact with systems and applications
• platform reads and interprets the business intent creating action steps
• LAM does not use integrations (APIs/HL7s/FHIR/X12s/etc.)
• Overlays on existing systems and works with existing systems

Benefits

• technology can read and understand business intent behind text/SOPs
• Create clear steps for AI to perform, without coding/integrations
• simple/easy way to train the model on bespoke workflows
• extremely fast to deploy—a matter of days for automation

£530,000 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at HCUK.BidTeam@hitachivantara.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

670337903526447

Contact

Public Sector Team
07707585971
HCUK.BidTeam@hitachivantara.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Can be extended to a variety of service offerings as an extension to automate workflows
• Cloud deployment model: Private cloud
• Service constraints: Intended to be used across any web-based application that be accessed via a browser. It may have limitations when used for natively installed, desktop applications.
• System requirements:
  • Requires user authentication and credentials to access the systems
  • In which processes are performed by humans today

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Per agreed SLAs
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via browswer
• Web chat accessibility testing: Upon request
• Onsite support: Yes, at extra cost
• Support levels: Hitachi DS to respond
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide an overarching SDLC approach including discovery, design, development, implementation and support for Large Action Models. ; ; We scope and understand the current state operations of the desired process(es) to automate. We work with the buyer on understanding automation opportunities and establishing business case and prioritisation of opportunities. We build, test, deploy, support, and maintain bespoke automations for your organisation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Solution does not store or retain any customer data
• End-of-contract process: Will assist customer with a post-termination transition at request for no more than 360 calendar days chargeable per rate card.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Authorised resources can customise

Scaling

• Independence of resources: We have 2 types of services that we provide. Server side and Local on customer machine through our extension. On server side we have auto scaling enabled, that makes sure all requests are accepted and worked on. The local service, as the name suggests runs locally on the a customer agent's machine, with the fist initial call for authorization/authentication. The service used in this case is also auto scaled depending on the traffic. Example customer references and samples available upon request.

Analytics

• Service usage metrics: Yes
• Metrics types: To be described within call-off SOW. However, aligned to industry standards for Automations (e.g. usage data, success rate, etc.).
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Luminai

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: We use Render, which encrypts all sensitive data, both at rest and in transit. The underlying services automatically use industry standard AES-256 encryption for storage. All endpoints support TLS 1.2 and above for encryption in transit with an A+ grade from SSL Labs.
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: We do not extract, use, store or retain any customer data.
• Data export formats: Other
• Other data export formats: Standard format
• Data import formats: Other
• Other data import formats: We do not import clients data

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Services will, subject to the exceptions provided within Enterprise agreement be available 99% of the time during any full calendar month (“Scheduled Availability”). Full SLA agreement available upon request.
• Approach to resilience: We have multiple checks in place to make our system resilient. We have authentication and authorization at every step.; We use Render as our cloud provider, that provides encryption at transit and rest.; ; Our Large Action Model (LAM) continuously learns and improves performance once live. The more the LAM runs, the more it adapts to changes in systems, and the better it performs. Leveraging machine learning, LAM is able to understand if the system has changed. In the event of system changes and functionality still supports achieving business intent, LAM can adapt and take that action. If the systems have changed dramatically, where business intent is no longer possible, LAM can detect the change, pause the workflow and ask for help.; ; Automations will not break when a website, application or system upgrades and changes -- LAM will adjust and self-sustain.
• Outage reporting: Outages are communicated over email or Slack. Customer's also have access to a reporting dashboard to view automation activity where outages would be displayed.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: We have firebase authentication checks both at client and server side.; We have logs to make sure unwanted foreign entities do not access our systems.
• Access restrictions in management interfaces and support channels: Only authorized administrators are permitted to create new user IDs, and may only do so upon receipt of a documented request from authorized parties. User provisioning requests must include approval from data owners or DigitalBrain Inc. management authorized to grant system access. Prior to account creation, administrators verify that the account does not violate any DigitalBrain Inc. security or system access control policies such as segregation of duties, fraud prevention measures, or access rights restrictions.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 14/04/2021
• What the ISO/IEC 27001 doesn’t cover: NA
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC2 Type 2
  • HIPAA Compliant

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: To be confirmed with Luminai
• Information security policies and processes: Luminai use Vanta for security and monitoring purposes. Information Security Policy applies to the use of information, electronic and computing devices, and network resources to conduct Luminai business or interact with internal networks and business systems, whether owned or leased by Luminai, the employee, or a third party. Description of security policies available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to the organization, business processes, information processing facilities, production software and infrastructure, and systems that affect information security in the production environment and financial systems shall be tested, reviewed, and approved prior to production deployment. All significant changes to in-scope systems and networks must be documented.; Change management processes shall include:; Processes for planning and testing of changes, including remediation measures Documented managerial approval and authorization before proceeding with changes that may have a significant impact on information security, operations, or the production platform; Advance communication/warning of changes
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization's exposure to such vulnerabilities shall be evaluated, and appropriate measures taken to address the associated risk. Variety of methods used to obtain information about technical vulnerabilities, including vulnerability scanning, ; Penetration tests, and testing shall be performed following major changes to production systems and software.; The Engineering department shall evaluate the severity of vulnerabilities identified from any source, and if it is determined to be a risk-relevant critical or high-risk vulnerability, a service ticket will be created.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Anti-malware protections are utilized on all endpoints except for those running operating systems. The anti-malware protections utilized are capable of detecting all common forms of malicious threats and performing appropriate mitigation activity. ; ; We scan files upon their introduction to systems, and continually scan files upon access, modification, or download. Anti-malware definition and engine updates are configured to be downloaded and installed automatically whenever new updates are available. ; ; Our production systems are configured to monitor, log, and self-repair and/or alert on suspicious changes to critical system files where feasible.; ; Systems are investigated and remediated in accordance with the Incident Response Plan.
• Incident management type: Supplier-defined controls
• Incident management approach: Information security events or incidents, possible incidents, imminent incidents, unauthorized access, policy violation, security weakness, or suspicious activity, then they immediately report the information using one of the following communication channels:; both contacting Hitachi Digital Services and Email help@DigitalBrain Inc..com information or reports about the event or incident reporters should act as a good witness and behave as if they are reporting a crime. Reports should include specific details about what has been observed or discovered. A defined and documented process is available upon request.; Incident response plan available upon request.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Tackling economic inequality

  Tackling economic inequality

  Hitachi has actively addressed workforce inequality, appointing Lorena Dellagiovanna as our first Chief Diversity Officer and board member in April 2021, alongside Claire Thomas as CDIO. Resulting Success: 1. Inclusive Recruitment and further Development Practices: We prioritise fair treatment and equal opportunities for contract workers, incorporating CV blind interviewing. Our self-directed DEI training platform including subjects of inclusive leadership, creating an inclusive culture, how to overcome bias and many other topics has boosted female and non-Japanese executives at Hitachi by 10%. Now Focusing on emerging talent, we sponsor the 'Festival of the Girl' in London. 2. Investment in Physical and Mental Health: We offer Financial Advice, Career Advice, and anonymous mental health support both internally, through our Mental Health First Aiders, and externally via Optum/MyHeathWebb. We have an Employee Assistance program that ensures employees, and their dependents have access to professional counselling should they require it. More widely, we implemented the Mental Health at Work commitment standards, tailored to the Hitachi workforce. We also have 4 dedicated sessions led by the Equality Institute on how to talk about gender identity, being an ally, using LGBTQ+ identity as a superpower and transgender 101. 3. Environmental Innovator: Hitachi aims to be an innovator, reducing carbon for governments, cities, and customers. The Environmental Vision emphasizes solving environmental issues for a higher quality of life and a sustainable society. Partnering with Rainforest Connection, Hitachi develops data-driven solutions to protect rainforests, combat illegal logging, and preserve biodiversity. As a Principal Partner of COP26, Hitachi contributed to decarbonization and climate action. Committed to a Net Zero society, Hitachi strengthens climate targets across the entire value chain by 2050. We were also key contributors at COP28. In conclusion, By implementing improvements and actively addressing inequality, Hitachi aims to create an inclusive and supportive work environment.

Pricing

• Price: £530,000 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Yes. We offer a 60-day proof of concept and validation period.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at HCUK.BidTeam@hitachivantara.com. Tell them what format you need. It will help if you say what assistive technology you use.