Nintex and K2 - Process Automation and Workflow Software

The most complete platform for process management and automation
Accelerate digital transformation with the easy-to-use and powerful Nintex Process Platform.

Incorporating products such as NWC, Nintex K2, Promapp, Drawloop and more, Nintex provides an end to end process automation suite.


  • No code development
  • Workflow
  • Approvals and Tasking
  • Data processing
  • Process mapping
  • Enterprise Workflow. Visual, intuitive process and rules designers
  • Citizen developer focused wizards, templates & design approach
  • Microsoft Native interoperability across SharePoint, O365, CRM etc
  • Reports & Analytics to identify issues & drive optimisation
  • Point-and-click integration with virtually any line-of-business system


  • Turn complex procedure documents into clean, simple, accessible process maps
  • Develop Applications quickly, 78% reduction vs. traditional development
  • Quickly develop simple to design powerful workflows
  • Build complex forms with an easy drag and drop designer
  • Communicate between business systems
  • Low Code. Decreased reliance on developers with citizen design model
  • A rich UX interface, complete tasks in one place
  • Reduce systems catalogue. One platform to build and manage applications
  • Service compliance and optimisation with process monitoring and reporting
  • Automate simple processes quickly


£2.53 a user

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@jaamautomation.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

7 3 6 0 5 1 4 2 0 4 9 7 3 2 7


Telephone: +447711772589
Email: info@jaamautomation.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Any services or software that can be surfaced via API using our powerful Extensions system, We can also connect to on-premise platforms via a secure gateway
Cloud deployment model
Public cloud
Service constraints
There are no service constraints
System requirements
  • Microsoft Internet Explorer on Windows (IE 11)
  • Google Chrome (Latest Version)
  • Mozilla Firefox (latest version)
  • Apple Safari (latest version)
  • Microsoft Edge on Windows (Latest Version)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard support times: 6:00 - 5:00 Monday to Friday Depending on the severity:

S1 – 8 Hours S2 – 1 Business day S3 – 2 Business day S4 – Best effort

Enterprise support times 10 pm Sunday - 1 am Saturday (extra costs see pricing)

Depending on the severity: S1 – 4 Hours S2 – 8 Hours S3 – 1 Business day S4 – 2 Business days Select Support 24x7 (extra cost see prices)

Depending on the severity: S1 – 2 Hours S2 – 4 Hours S3 – 8 Hours S4 – 1 Business day
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Standard Support: 8/5, Break-fix - included in cost Enterprise Support: 24/5 Break-fix, Phone support - Additional cost Select Support: 27/7, Break-fix, Phone support, Advisory/How-to Support - Additional cost Customer success manager provided for critical account. Select support benefits: • Basic set up and configuration guidance • Action/control configuration • Nintex Workflow/Forms design issues when something isn’t working properly
Support available to third parties

Onboarding and offboarding

Getting started
Nintex provide virtual classroom training options globally. This is provided via the Nintex University browser-based application which allows for self-paced, on-demand training courses. Nintex K2 Cloud training is available for different user personas e.g. Power User, IT Developer, Administrator etc. and for different skill levels e.g. Practitioner, Expert, Master etc. Comprehensive online product documentation is also available via the help.nintex.com website. Additionally, the Nintex Community web site provides user forums, blogs, Knowledge Base articles, “How To” guidance etc.
Service documentation
Documentation formats
End-of-contract data extraction
Customers can request a backup of their database from the Nintex Cloud Services team at the end of the contract
End-of-contract process
End-of-contract process For 35 days after the termination or expiration of the Service, Nintex will keep available customer production data – if any – for retrieval by the customer. After such 35 days, Nintex will have no obligation to retain the customer data, and Nintex shall delete any customer data from the Service. A customer can request immediate deletion of any customer data from Service upon termination as well. Upon request, Nintex will issue the customer with a certificate validating the deletion of data. Within the 35-day post-termination period, a customer may request production environment data retrieval through Technical Support. Nintex will provide assistance to allow the customer to retrieve or export such data from the customer’s production Service Nintex Cloud database. Data will not be made recoverable for customer non-production environments.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
All forms are responsive and mobile enabled by default, We also provide a mobile application and app designer for specific requirements.
Service interface
User support accessibility
None or don’t know
Description of service interface
Web platform
Accessibility standards
None or don’t know
Description of accessibility
Nintex Workflow Cloud form & UX design is highly configurable and some accesibility considerations can be built in.
Accessibility testing
Nintex Workflow Cloud form & UX design is highly configurable and some accesibility considerations can be built in.
What users can and can't do using the API
Nintex K2 Cloud provides a standard set of REST services that allow for standard interactions with a workflow process such as process initiation, task actioning etc. The K2 workflow API (REST) allows applications to: • Start workflow processes • Retrieve a user’s worklist • Action a worklist item • Retrieve details about a process instance • Delegate or redirect a worklist item The K2 SmartObjects OData API allows: • Integration with BI tools such as PowerBI, Tableau or even Excel • Access any Smartobject data via OData endpoints The JSSP (JavaScript Service Provider) broker allows for the development of custom data connectors. In addition: • Line-of-business integration with virtually any system using K2’s SmartObjects • Out-of-the-box integration with Microsoft SharePoint & O365, Microsoft CRM, Salesforce.com, SQL Server, Oracle, Exchange, Azure Active Directory, Microsoft Teams, DocuSign
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Nintex K2 Cloud is a software development platform which allows both technical and non-technical users, to quickly and easily build workflow centric applications using a low-code, drag-and-drop designer. These applications would typically consist of browser-based forms, workflow processes, line-of-business system integration and analytics/reporting. The browser-based drag-and-drop K2 Designer, allows for the complete customisation of workflows and their associated user forms and any line-of-business integrations. Component reusability ensure that applications are created in a consistent way and that new applications can be delivered faster than the one before. Any business user could create, edit and manage K2 applications


Independence of resources
The Nintex K2 Cloud runs on a service that can be scaled based upon either short-term, forecasted demand OR more permanently due to growth usage and adoption. K2 is currently deployed as a multi-tenant model; where customer compute and data is segmented from other customers. Customers are isolated in both the compute and data storage tiers.

We employ industry leading load balance and performance management capabilities with our workflow engine, in extreme scenarios some workflows may be slowed or queued to ensure fair use of the platform.


Service usage metrics
Metrics types
A web-based service report will show the real-time status for the Nintex Cloud service and other dependent ancillary services like O365, Azure AD etc. This includes a status history of all Nintex Cloud service maintenance
Reporting types
Real-time dashboards


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Standard TDE Azure SQL, full database encryption. Optional database column encryption based on database engine (i.e. AES 256 on SQL Azure)
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported in several ways. K2 smartobjects can be exposed as OData endpoints, which can then be used to export data directly into applications like Microsoft Excel or used directly by Business Intelligence tools like PowerBI or Tableau. K2 Smartforms provide a capability to directly export a list of results to Microsoft Excel. A K2 form with its displayed data can be exported in PDF format
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Nintex uses a range of automated tools to monitor service availability and responsiveness. In the event a service is operating outside of expected threshold/s alerts are triggered and sent to the relevant teams for investigation. Nintex does not commit to financially backed SLA but aims to provide an availability of 99.99% across the Platform capabilities
Approach to resilience
Nintex K2 Cloud makes use of SQL Azure as data store. SQL Azure creates automatic geo-redundant database backups. Full database backups happen weekly, differential database backups generally happen every few hours, and transaction log backups generally happen every 5 - 10 minutes. The backup storage geo-replication occurs based on the Azure Storage replication schedule – handled by Microsoft. The retention period for the database is 30 days. The above means that we can do any point-in-time restore of the data with a 10-minute accuracy within the last 30 days. High availability (HA) is provided by default in the Production instance. Native Microsoft Azure capability is utilized in testing disaster failover (DR). More details available in the Service Policies document available on request.

The Nintex Process Platform capabilities are built using a scalable cloud architecture. Nintex continually monitors overall platform performance and when required, scales based on need. Where applicable, we leverage auto-scaling and manual provisioning tailored to the requirements of each Nintex capability. Nintex has an overarching Business Continuity Management (BCM) Plan for internal operations, and a Disaster Recovery Plan (DRP) for its cloud-based Platform capabilities.
Outage reporting
Nintex K2 Cloud is hosted on Azure data-centres. Azure status, planned maintenance and outages are reported via the website: https://azure.microsoft.com/en-gb/status. An RSS feed is available. Communications channels to customers are via the Nintex K2 Cloud status page (status.onk2.com) as well as direct email notifications to subscription administrators.

Nintex provides an externally facing status page to customers: http://status.nintex.com. This site provides details on scheduled maintenance activities and service interruptions. Customers can subscribe to email notifications from this page to be notified of changes to the Nintex Process Platform operational status.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access restrictions in management interfaces and support channels The K2 Management site allows you to manage your Nintex K2 Cloud environment and components such as workflows, worklist items, SmartObjects, users and security. These are administrative tasks that are performed by the K2 administrator. The Server Rights node is used to add, edit, remove and refresh Workflow server permissions for users or groups. These rights will determine which users and groups can administer a K2 workflow server, export new workflows or impersonate a user
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
27001 Schellman & Company, LLC
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The only control not covered was outsourcing as we do not outsource, so it wasn't relevant. All other controls were included.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
SOC 2 type II attestation report

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Security is an important part of our reputation, how we earn customer trust, how we do business and how we deliver our product. Our company must provide secure products and services for our customers. We are committed to maintaining a secure environment and improving our information security management system and security program. Nintex have a Security Committee who are responsible for providing support for the business by assuring the confidentiality, integrity, and availability of company information assets. The Security Committee discusses security topics, reviews key security metrics, and approves security policies. The Information Security Management Systems (ISMS) Manager is responsible for implementing and maintaining the ISMS. Security Administrators include systems administrators, database administrators, network administrators, and other application administrators. These functional teams maintain the responsibility for the management of security controls and configurations within the information systems they support. They implement security mechanisms and maintain the requisite technical expertise to support them. They ensure systems and services comply with all approved corporate information security policies, standards, and procedures.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Changes to the Nintex K2 Cloud environment are tracked, approved, tested, and implemented in accordance with ISO27001 specification are are independently audited annually against SSAE 16 SOC2 standards for 12 previous months prior to the audit. Changes by customers within the Nintex K2 Cloud Platform will be configured and operated by either customers or 3rd party suppliers
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Nintex performs annual vulnerability testing internally and externally, as well as contracts out to a third party to perform an annual penetration test of the product and standard environment. These are conducted in accordance with ISO27001 specifications and are independently audited annually against SSAE 16 standards for 12 previous months prior to the audit and reflected within a SOC2 Type II report.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Monitoring is conducted within Azure and consolidated within Elasticsearch for analysis. Monitoring activities are handled in accordance with ISO27001 specifications and are independently audited annually against SSAE 16 standards for 12 previous months prior to the audit and reflected within a SOC2 Type II report.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Customers can reach out to Nintex support via web, phone or email to raise incidents. Incidents will be handled via Nintex's internal incident management policies and conducted in accordance with ISO27001 specifications. The processes are independently audited annually against SSAE 16 standards for the 12 previous months prior to the audit and reflected within a SOC2 Type II report

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Not supplied
Covid-19 recovery

Covid-19 recovery

Create employment, re-training and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high growth sectors
Tackling economic inequality

Tackling economic inequality

This product operates in a fast moving technology sector and can facilitate the creation of new skills, employment and training opportunities, specifically for people in industries with known skills shortages or in high growth industries
Equal opportunity

Equal opportunity

Not supplied


Not supplied


£2.53 a user
Discount for educational organisations
Free trial available
Description of free trial
Free trials can be requested here https://www.nintex.com/trial/#nwc and last for 30 days as standard. These can be extended in agreement with Nintex. This is a full feature trial.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@jaamautomation.com. Tell them what format you need. It will help if you say what assistive technology you use.