BROADSTONES SOLUTIONS LTD

Workflow Automation & Business Process Management

Broadstones is recognised as a top UK management consultant by the Financial Times. Smart Workflow is enterprise-grade application connection, construction, and workflow, enhancing collaboration and efficiency by utilising secure, cutting-edge technology trusted by government and financial institutions globally. Offering automation without upheaval, serving diverse sectors from healthcare, legal, and insurance.

Features

• Intuitive interface simplifies case tracking and resolution.
• Seamless integration automates tasks, ensures data consistency.
• Centralised hub fosters real-time collaboration, decision-making.
• Dynamic workflow design allows quick modifications, ensures flexibility.
• Powerful analytics tools track performance, drive continuous improvement.
• Robust security measures, compliance checks ensure data safety.
• AI provides recommended actions, summarises case data.
• Platform compliant with multiple industry standards for security.
• Real-time collaboration, automated tasks, dynamic workflow.
• Powerful analytics, robust security, AI integration, compliance assurance.

Benefits

• Modern digital experiences without the need for legacy transformation.
• Open platform working with your technology, connecting teams and data.
• 50% efficiency through automation; RPA, AI, IDP, Business Rules, SmartServices
• Typically 40% business cost reduction.
• 50% lower cost and 10X faster than traditional app development.
• 5X more adaptable to change, simple route-to-live, scalable and secure.
• Comprehensive data analytics for informed decision-making and process optimisation.
• Mitigate risks, ensure compliance, streamline case management.
• Enhance customer satisfaction with streamlined processes and clean interfaces.
• Foster collaboration and enable data analytics and data science.

£302.50 to £2,420 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@broadstones.tech. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

700270081983806

Contact

Gary Henn
07730822197
sales@broadstones.tech

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Licensing is on an annual basis
• System requirements: Web based application does not require specific system requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: This can be tailored to the requirements of the buying organisation
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: This can be tailored to the needs of buying organisation, we can provide midels for onsite support, remote support
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Smart Workflow is built with users, for users. We involve your team throughout built, ensuring they become confident in operation from day 1. Our comprehensive approach includes a variety of resources and training options tailored to accommodate diverse learning preferences and requirements:; ; • User-friendly documentation serves as a valuable reference guide for users. Documentation covers key features, functionalities, best practices, troubleshooting tips, and frequently asked questions, ensuring users have access to the information they need at their fingertips.; ; • We offer online training sessions conducted by experienced trainers who guide users through the setup, configuration, and usage of our services. These interactive sessions enable users to learn at their own pace, ask questions, and receive expert guidance in real-time.; ; • We also offer onsite training sessions tailored to their specific needs and objectives. Our trainers visit clients' premises to deliver hands-on training, demonstrations, and workshops, allowing users to gain practical experience and insights in their own environment.; ; • Ongoing support through various channels; email, phone, and ticket-based systems, ensuring users have access to assistance.; ; Our goal is to empower users with the knowledge, skills, and resources necessary to leverage our services effectively, driving success and satisfaction across the board.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We understand the importance of data portability and compliance with data protection regulations, and we have established procedures to facilitate the secure transfer of data back to users.; ; We provide documentation and guidance to users on best practices for data extraction, ensuring compliance with relevant data protection regulations and industry standards. Users have several options for extracting their data:; ; • Self-service tools within our platform that enable users to export their data in standard formats such as CSV, JSON, or XML. These tools are intuitive and user-friendly, allowing users to select data they wish to export and initiate the extraction process with ease.; ; • Assistance and support from our dedicated data migration team for users who require more complex or extensive data extraction. Our team works closely with users to understand their specific needs, develop a tailored migration plan, and execute the data transfer securely and efficiently.; ; Throughout the extraction process, we prioritise data security and integrity, employing encryption, secure protocols, and other measures to safeguard sensitive information. ; ; Ultimately, our goal is to empower users with full control over their data, enabling them to seamlessly transition to alternative solutions or environments while preserving the integrity and confidentiality of their information.
• End-of-contract process: At the conclusion of the contract term, we ensure a smooth transition for both parties involved. We conduct a comprehensive review with the client to assess the completion of contracted services and any outstanding deliverables and establish a transition plan. ; ; Included in the price of the contract are core services outlined in the initial agreement, such as access to the cloud platform, ongoing technical support during specified hours, regular software updates and maintenance, and basic data backup services. Additionally, standard security measures and compliance with relevant regulations are encompassed within the base contract price.; ; Certain features may be considered additional costs, depending on the client's specific engagement requirements, such as premium technical support with extended, customisations or integrations beyond the scope of the standard offering, as well as additional storage or computing resources beyond the agreed-upon limits, may also incur supplementary charges.; ; Throughout the contract period, we maintain transparent communication with the client regarding any potential additional costs, ensuring clarity and alignment on pricing expectations. As the contract term approaches its conclusion we facilitate the transition of services, data, and any other assets in accordance with contractual obligations.

Using the service

• Web browser interface: Yes
• Supported browsers: Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile experience has been optimised for mobile users
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: The software provided is based on a low code platform, part of which allows API's to be designed and built bespoke to the needs of the buying organisation. API's to common products are prebuilt and available.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Broadstones offering is a low code product that can be customised by Broadstones or by members of the organisations team who are trained in the product to make changes and customisations through the Low code front end.; ; Citizen developers will typically be trained as part of an engagement to allow them to make straightforward configurations.; ; standard users are also able to make and customise dashboards to help them with their own personal Workflow and task management.

Scaling

• Independence of resources: Smart Workflow uses the Appian platform. Appian is built upon AWS Cloud and is dynamically and automatically scalable. Existing clients are using the platform for in excess of 9 million transactions hourly with zero performance or availability constraints experienced by users.

Analytics

• Service usage metrics: Yes
• Metrics types: An Appian application offers comprehensive service metrics, including real-time performance indicators, user activity tracking, and process efficiency analytics. Users can monitor key metrics like response times, throughput, and error rates to gauge system health and identify areas for improvement. Appian also provides insights into user engagement, task completion rates, and workflow bottlenecks, empowering informed decision-making and continuous optimisation. With customisable dashboards and reporting capabilities, users gain actionable insights into their application's performance, enabling them to enhance productivity, streamline processes, and deliver exceptional user experiences.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Appian

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users have several options for extracting their data, depending on their preferences and requirements. Firstly, we provide self-service tools within our platform that enable users to export their data in standard formats such as CSV, JSON, or XML. These tools are intuitive and user-friendly, allowing users to select the data they wish to export and initiate the extraction process with ease.; ; Ultimately, our goal is to empower users with full control over their data, enabling them to seamlessly transition to alternative solutions or environments while preserving the integrity and confidentiality of their information.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: High Availability means that the Cloud Offering will be provided simultaneously through three Availability Zones without a single point of failure. ; Standard Availability provides service through a single Availability Zone only. ; As a part of the High Availability Offering, Appian will provide Subscriber with:; • Recovery Point Objective (RPO) of 1 minute.; • Recovery Time Objective (RTO) of 15 minutes. ; ; Any failure by Appian to meet the RTO or RPO in a month will be Subscriber’s right to a 100% Service Credit against the Premier Support (including High Availability for Production) fees payable for that month.
• Approach to resilience: Appian provides robust availability and performance for its cloud services. High Availability means that the Cloud Offering will be provided simultaneously through three Availability Zones without a single point of failure. ; ; Appian Cloud is designed to operate in demanding enterprise environments.; Key resilience features include:; ; • Load balancing between instances.; • Data kept in the same geographic region.; • Disaster Recovery:; • Appian follows a comprehensive disaster recovery plan:; • Risk analysis: Critical infrastructure components and supporting systems are reviewed to determine their functions and dependencies.; • Backup strategy: Regular full and incremental backups minimise the recovery point objective.; • Testing and training: Procedures for data recovery, backup data integrity, and communication are tested and documented.
• Outage reporting: Appian cloud status is published in real time on a publicly available dashboard.; ; Monitoring and alerting can be configured as required for the customer.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: TBC
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: Appian employs a full-time Information Security Officer and team responsible for defining and adhering to best practices-based information security policies and processes. This team works closely with our Appian Cloud team and Appian senior management to monitor the security and performance of our service, as well as coordinate periodic tests and reviews and work with third-party organisations that evaluate and certify the security and controls of our service.; ; Appian Cloud has a comprehensive security and compliance program that meets numerous industry standards. Appian undergoes frequent third-party audits to validate that controls are operating effectively to protect customer data.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We use our software for the systematic proposal, review, justification, and implementation of cloud infrastructure changes. All changes are tracked using the Appian application and reviewed by a cloud architect/senior engineer. Appian pays special attention to the security and stability implications of the proposed change. Depending on the change, the reviewer may request development environment testing. All requests are stored for audit purposes. Our plan and process are reviewed at least annually and documented as part of our security program review. Appian's hosting provider manages hardware changes. Sound practices are covered as part of the Service Organisation Controls (SOC) audit.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Appian performs regular vulnerability scanning against all Appian Cloud assets. Appian performs risk assessments for identified security items and handles them in accordance with their overall impact. Appian makes our third-party penetration test report available to customers under nondisclosure agreement (NDA).
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Appian performs daily reviews of event/incident alerts at the infrastructure level. Unusual or suspicious activity is investigated and escalated as necessary. Customers have access to application and application server logs including security logs, which can be reviewed or downloaded via the web interface.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Appian uses an online form for incident reporting (available through Appian Forum) and the Appian platform for managing incidents, and we use Forum for customer communication. The steps we follow in addressing any reported incident are: 1) verifying the source; 2) verifying the incident; 3) notifying other parties as appropriate; 4) form incident response team; 5) gather evidence; and 6) contain, eradicate, and recover from the incident. Appian’s Information Security Officer is responsible for monitoring security incident status until it has been resolved and normal business operations have been safely restored. The response required depends on the type of incident.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Broadstones has funded the planting of 2,769 trees and creation of 41 sustainability projects this year (as of May 2024 via Ecologi).

Pricing

• Price: £302.50 to £2,420 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@broadstones.tech. Tell them what format you need. It will help if you say what assistive technology you use.