BusinessOptix Ltd

Process Mining

Process Mining / data scenario modelling.

Features

• Capture IT processes via Log files of your system
• Digital Twin of Organisation DTO
• Scenario modelling: Create as-is and to-be states and compare both
• Process Mining : import and convert existing processes Visio..
• Scenario evaluation, assessment and performance
• Dynamic dashboarding based on manual or autodata population

Benefits

• Save 70% when deploying new processes
• Achieve regulatory compliance via live record keeping
• 20 times faster to service for new projects
• Get ready for and deliver transformational projects
• Inbuilt compliance and authorisation mechanisms
• Inter-operable with other systems

£40,000 an instance a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sandra.mcinally@businessoptix.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

763510109287323

Contact

Sandra McInally
+44 207 084 7480
sandra.mcinally@businessoptix.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Workflow management and legacy applications, Business Intelligence services, JIRA, Oracle Process, Flowcentric Processware, Visio, Process Flows, GenPact, DST, others. Requires purchase of core pack.
• Cloud deployment model: Public cloud
• Service constraints: There are no constraints on using the service.
• System requirements:
  • Access to the Internet
  • Browser access via the Internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: BusinessOptix Support shall accept information requests and issue reports via email (to helpme@businessoptix.com) from a Technical Support Contact.; ; BusinessOptix will respond, by email, to any reported issue or request for information within 1 business day. ; ; For Business Critical or Service Restriction issues (see Escalation Procedures below), BusinessOptix Support will attempt to contact the Technical Support Contact directly by telephone.; ; As per the Time-Zones/Region section below the BusinessOptix team is Global and tickets will be triaged and processed by the most appropriate members of the team depending on criticality, location and other factors.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Front line customer administrator support is standard, with direct user support available subject to agreement and scope. We provide a specialist consultant to support the use of the platform for a customer's specific purpose.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We support, for an inclusive cost, the set up of the service and the first few models or notations created. We have an online community with video materials to support the ongoing use of the platform. We can also provide facilitator led training at a further cost either in person or via regular scheduled Webinars.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers can download content from their libraries with simple utilities provided into most file formats. Bulk downloading can be provided in conjunction with the support team.
• End-of-contract process: A termination date is agreed, with accompanying plan for the off-boarding of users and the hand over of content and data. Any outstanding charges are invoiced at the end of the month. Data is retained for a minimum of six weeks in case of service reactivation later.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is enabled for usage via a mobile browser on a mobile device. This is best limited to consumption of created content but caters for all features. The form factor of the device (Smartphone/Tablet) may dictate usability on a user by user basis.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: A Database Schema report is available for each tenant (in the library) as well as documentation for the API's and other structures.
• Accessibility standards: None or don’t know
• Description of accessibility: The UI is designed to be simple and easy to follow as a user (accessed via browser). Visual guidance/tours and information is provided for. ; ; The best practicable levels of accessibility have been provided considering the nature of the platform.
• Accessibility testing: None.
• API: Yes
• What users can and can't do using the API: The RESTful interface allows access to all of the features of the application, and the interchange of data, available by arrangement.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The frameworks/stencils within the library and the outputs can be customised by users. You can also customise via CSS, XML

Scaling

• Independence of resources: The service is hosted by Azure and Azure Gov UK and is constantly managed and monitored for scaling and performance requirements.

Analytics

• Service usage metrics: Yes
• Metrics types: Reports are available in the tool that detail User Activity. These can be accessed by permitted users from within the tool, via the API, via support (as initial training). Custom reports and usage info/reporting, not in line with the standard offering, are available based on an assessment of the effort and cost.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export all content through their own libraries and control panels into a common format under their own control.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • ISO/IEC 19510:201 BPMN Notation
  • Microsoft Visio and office
  • AWD Process model
  • XES
  • Oracle BPA
  • XML
  • Image
  • Native file formats
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • ISO/IEC 19510:201 BPMN Notation
  • Microsoft Visio and office
  • Chorus Process model
  • Bizagi 2.6
  • Nimbus
  • Oracle BPA
  • XML
  • Image
  • SAP Signavio
  • Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: DARE encryption (XTS-AES 256-bit) on the SAN adds additional security to Customer data.

Availability and resilience

• Guaranteed availability: SLA is for 99.5% availability
• Approach to resilience: This information is available on request. Resilience of infrastructure is assured by our hosting provider, Azure.
• Outage reporting: We use email alerts and monitoring technology (reports available to customers) for noticeable operational loss of service.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Support has independent routes to the service for management purposes. Access points are restricted by IP address.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: SSO

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 19/04/2018
• What the ISO/IEC 27001 doesn’t cover: Both the BusinessOptix platform and operations are in scope. SOA available on request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO/IEC 27001:2013 Certified

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our Information Security policies and processes form part of our ISMS and are compliant with ISO 27001.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Software configuration is undertaken in-house and follows good industry practice within an agile methodology. Code changes and new feature provision are assessed for threat as part of the security group. The infrastructure level is a fully managed service on our behalf by Azure under an agreed SLA.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We carry out periodic reviews (and yearly independent penetration tests) of threats to service availability and viability, based on membership of a security community, that constantly monitors known threats and vulnerabilities. Our best defence is in providing well-architected applications and high-grade communications methods. The status, location and configuration of our software and infrastructure components are tracked throughout their lifetime. Changes to the service are assessed for potential security impacts and then managed to resolution where relevant.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We constantly monitor network traffic and access requests across a real-time network that identifies early warnings of high-risk traffic. Our response is real time and immediate to threats to service viability and availability. Additionally, our service effectively monitors misuse and malfunction. Our intention is to give confidence of capturing enough service meta-data to identify the suspicious or inappropriate use of our services, and can take prompt and appropriate action to address any incidents before it becomes user critical.
• Incident management type: Supplier-defined controls
• Incident management approach: We use our own platform to operate a reporting scheme for users and administrators. Where appropriate, we advise customer users and administrators of an incident and if serious notify CESG or Cyber Essentials of an attack. Incident management processes are in place for the service and are actively deployed in response to security incidents pre-defined processes are in place for responding to common types of incident and attack. Our own platform defines the process and contact route for reporting incidents by users and administrators. Where relevant, incidents are reported swiftly to administrators and users by a suitable mechanism.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As part of our ongoing ESG and ISO commitment, we include Social, local enconomic, equal oppertunity and general wellbeing benchmarks and progession analasys. We also continue to rate ourselves against B Corp standards

  Tackling economic inequality

  As part of our ongoing ESG and ISO commitment, we include Social, local enconomic, equal oppertunity and general wellbeing benchmarks and progession analasys. We also continue to rate ourselves against B Corp standards

  Equal opportunity

  As part of our ongoing ESG and ISO commitment, we include Social, local enconomic, equal oppertunity and general wellbeing benchmarks and progession analasys. We also continue to rate ourselves against B Corp standards

  Wellbeing

  As part of our ongoing ESG and ISO commitment, we include Social, local enconomic, equal oppertunity and general wellbeing benchmarks and progession analasys. We also continue to rate ourselves against B Corp standards

Pricing

• Price: £40,000 an instance a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full access to a trial instance of the platform (all features). Open on-boarding sessions and access to our support team. The trial period is typically 30 days but extensions will be considered on request.
• Link to free trial: https://www.businessoptix.com/request-a-demo/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sandra.mcinally@businessoptix.com. Tell them what format you need. It will help if you say what assistive technology you use.