ENTERPRISE RPA LIMITED

Robotic Process Automation SaaS Services

Robotic Process Automation (RPA) uses software robots to emulate what a human can do, processing mundane, high volume, repetitive tasks that frees up humans for more cognitive added value tasks. RPA is applicable to any industry in any department where these characteristics apply.

Features

• Clear and easy benefits case justification
• Extremely high accuracy levels and lower rework
• Productivity gains of up to tenfold improvements can be achieved
• The robot can work for multiple departments
• Can run completely unattended 24/7
• Universal Credit Verification (UCV) Automation for Housing sector
• Can interface via GUI API SQL - very flexible interfaces
• Highly accurate data handling, manipulation and transfer capability
• The same robot can handle multiple processes throughout the day
• Process knowledge is retained in the organisation

Benefits

• Improves the speed and accuracy of data entry
• Reduces error and rework rates
• Data integrity issue focus to fix root causes of errors
• Drives the focus on exception management and eradication
• Frees up staff time for more added value activities
• Enables out of hours working through unattended automations
• Creates additional processing capacity
• Enables businesses to do more with the same resources
• Creates opportunities to enhance and re-engineer processes

£495 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steve.bolton@enterpriserpa.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

682082188934829

Contact

Steve Bolton
07850964225
steve.bolton@enterpriserpa.co.uk

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Our software services act as an extension to existing software applications without the need for complex system integrations.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Standard support is 9am-5pm UK time, Monday to Friday, with out of hours support being agreed separately
• System requirements:
  • Dedicated user account for portal access
  • FTP file transfer provision (client or can be provided)
  • Source of lookup data

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: ERPA help desk is available from 9:00am to 5:30pm, weekends and bank holidays excluded. (out of hours support may be requested and agreed in advance). Support requests may be logged 24 hours a day and 7 days a week via support@erpa.raisaticket.com . The response time will start from the start of the next working day. The first response time will be no longer than four hours and often much quicker.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support is provided via remote access to investigate and resolve issues, that are predominantly environmental changes affecting the software robot. Support is billed in pre-bought tokens, which are an hour each at £150 per token, mininum spend applies, and drawn down in 15 minute increments. The support is usually, but not exclusively, carried out by the software developer who built the solution on a client's behalf.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We describe the service, interfaces, data exchanges and work with a nominated SME over a 2-3 week set up and UAT process.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Any data held on ERPA company servers or devices for the purposes of reporting, testing and development will be returned and removed from company servers & devices. There are routine housekeeping methods in place to remove data on an agreed schedule.
• End-of-contract process: The contract will comprise annual licence costs, solution development costs for the automation and optional support costs, as agreed, for continued support post go live sign off. The end of contract data extraction & removal actions apply.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: We can use web hooks for APIs for example to interface with Orchestrator, populate dashboards with performance updates. There is embedded capability in the UiPath platform to work with APIs.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We have a configuration panel to map onto a client's organisation structure and processing needs

Scaling

• Independence of resources: We have the ability to scale the service in line with customer demand and schedule jobs to load balance.

Analytics

• Service usage metrics: Yes
• Metrics types: We measure successful transactions, business exceptions based on client based rules and application system exceptions based on client environment. We provide overall and transaction level processing times.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: UiPath, Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: UiPath encrypts customer data in transit and at rest. All customer data stored within UiPath cloud products and services is encrypted in transit over public networks using Transport Layer Security (TLS) 1.2+ to protect it from unauthorized disclosure or modification.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We connect to an agreed source dataset and transfer by an agreed means (FTP, API or SQL). Data is encrypted in transit and at rest.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • API
  • SQL
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • API
  • SQL

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: UiPath: 99.9% uptime guarantee, SOC 2 Type 2, ISO 9001, ISO/IEC 27001, and Veracode Verified™
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Permission levels are managed and granted by Enterprise RPA Limited
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Less than 1 month
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Less than 1 month
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • UiPath SOC 2 AICPA
  • UiPath ISO 27001
  • UiPath Veracode Continuous Certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ERPA has policies that cover Infomation Security, Data Sharing, Internet Usage, GDPR, Network Access & Passwords, Information Security Incidents and AI Data Security. These are reviewed annually and circulated to all employees to confirm that they have read them. We have NDA's as an integral part of our employment contracts, and new employees are required to review all policies within one week of starting employment. We do not currently use third party contractors, but if we do in future they will be governed and contracted to our standards. The policies are controlled and updated by the Operations Director.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: UiPath statement: "UiPath adopts a cadence of two Enterprise Platform updates every year. The timing of these releases target April and October of each year. The April release of each year will be a Fast Track Support (FTS) and the October release will be a Long Term Support (LTS) release. This allows you to select the model that best supports your business requirements. SOC 2® attestation for additional services and HIPAA attestation provides confidence to adopt Automation Cloud if you’re operating in a regulated environment." ERPA has a Software Delivery Lifecycle structured approach.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Enterprise RPA (“ERPA”) is entrusted with the responsibility to provide professional managed technical services to clients who provide us with confidential information. Inherent in this responsibility is an obligation to provide appropriate protection against theft of data and malware threats, such as viruses and spyware applications. The purpose of ERPA's policy is to establish standards for the base configuration of equipment that is owned and/or operated by ERPA or equipment that accesses ERPA’s internal systems. Effective implementation of this policy will minimize unauthorized access to ERPA proprietary information and technology and protect confidential client information.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: UiPath statement: "In the event of a breach, we use security response plans to minimize data leakage, loss, or corruption. We provide transparency to our customers throughout the incident. Our 24x7 SRE and Security team is always on hand to rapidly identify the issue and engage the necessary development team resources to contain the impact of the incident. Once the team has contained an issue, our security incident management process continues as we identify the root cause and track the necessary changes to ensure we prevent similar issues in the future."
• Incident management type: Supplier-defined controls
• Incident management approach: ERPA policy: ERPA shall ensure that Incidents are detected as soon as possible and properly reported, and that they are: handled by appropriate authorized personnel with ‘skilled’ backup as required; are properly recorded and documented, with all evidence gathered, recorded and maintained in a way that will withstand internal and external scrutiny. Incidents are dealt with in a timely manner and service(s) restored asap. Any weaknesses in procedures or policies are identified and addressed. The risk to ERPA and its clients’ reputation through negative exposure is minimized. All incidents shall be analyzed and reported to the designated officer(s).

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Our automation services reduce monotony and stress by removing high volume, low vale added tasks, freeing up productive hours for more cognitive tasks.

Pricing

• Price: £495 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steve.bolton@enterpriserpa.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.