OUTSOURCE AUTOMATION SOLUTIONS LIMITED

Outsource Automated Solutions - Blue Prism Cloud Hosting

Secure cloud hosting of SS&C Blue Prism Digital Workers
SS&C Blue Prism Cloud software emulates how humans use existing applications and systems to automate a wide range of operational and business processes through Robotic Process Automation (RPA) and other Intelligent Automation (IA) capabilities.

Features

• Frictionless Automation of IT & Business Process
• On Demand Hosted Robotic Process Automation (RPA)
• Infrastructure, Application and Process Agnostic
• Scalable and Secure Cloud Platform
• Integrated Intelligent Orchestration, Scheduling and Management
• Complete Intelligent Robotic Process Automation for Hyper Automation

Benefits

• Reduces operating costs
• Increased efficiency
• Decreased technical requirements
• No hardware / infrastructure requirement
• Improved ease of maintenance
• Security, auditory and regulatory compliance (ISO27001 Accredited)
• Instantly Scalable Resource on Demand

£8,886 to £27,353 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jason.burrage@globaloas.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

777145309439288

Contact

Jason Burrage
07956299258
jason.burrage@globaloas.com

Service scope

• Service constraints: Consumption of the SS&C Blue Prism Cloud Service requires site to site VPN establishment
• System requirements: Site to Site VPN

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1; Response within one hour. We will use Continuous Effort, within Service Hours, to resolve the Fault within 12 Service Hours.; Priority 2; Response within three hours. Fault resolved by the end of the following three Business Days.; Priority 3; Response within one Business Day. Bug fix scheduled for the next available release.; Priority 4; We shall consider such issues or requests in the light of other Customer requirements and will advise what action will be taken to address the issue.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard Platform Support Mon - Fri 9am - 5pm is included within the Cloud hosting option for no additional fee; Additional levels of support are detailed in our Pricing Document and can be tailored to a customers needs to cover knowledge support, automation support and enhanced levels of platform support.; Each customer has a dedicated point of contact within OAS as well as access to the Blue Prism Cloud support services.; All customers have access to a full database of online troubleshooting and training resources and can open cases using the support portal.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: OAS can provide a Proof of Concept, demonstrating how Blue Prism Cloud can meet customer automation requirements. From there, we take you on your RPA journey and help you maximise the benefits of your Blue Prism RPA platform.; We provide variety of methods to help get you started:; PoC/Pilot delivery; Process Discovery workshops and orientation in RPA; Online & Classroom Based Training Options; Mentoring Programme; Delivery of a Robotics Operating Model tailored to customer needs; Remote & Onsite Implementation Teams to accelerate delivery of benefits or help manage your automations; End User Documentation for automations
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Online knowledge base
  • Online customer forum
• End-of-contract data extraction: The SS&C Blue Prism Cloud solution as standard does not store any client specific data formats as data is instead transient for the use of a process. All data used in the RPA (Robotic Process Automation) would be retained by the client in its own data repositories and formats. In the event a contract is not renewed then the RPA platform and all associated systems are deleted. All logs and automations are exportable from the platform prior to deletion.
• End-of-contract process: Cloud platforms are deleted after 90 days, including the AWS or Azure subscription that they align to. Any configuration information of logs requests will be shared at the end of the contract. Access to support services and updates ceases on end of contract.

Using the service

• Web browser interface: Yes
• Using the web interface: The web interfaces allow users to perform certain development activities and monitor production processes.; Web forms can also be developed to allow human interaction with robots.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: User interfaces have been designed along WCAG AA guidelines
• API: Yes
• What users can and can't do using the API: SS&C Blue Prism can expose any object or process via SOAP/REST requests to enable external applications to call automations, and can interact with existing applications and services API in various manners, including a built in REST capability. SS&C Blue Prism digital workers are not limited to interacting with target applications via the GUI, and can also interact via API. The SS&C Blue Prism Digital Exchange (DX) provides an online "marketplace" of prebuilt API integrations; these cover a variety of intelligent automation skills (learning, vision, problem solving, collaboration, planning & sequencing, and knowledge & insight) and enable drag-and-drop integration into ML/AI APIs offered by the likes of Google, Amazon, Microsoft, and even custom-built solutions.
• API automation tools: Other
• Other API automation tools: Any tool able to perform SOAP/REST API requests
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Additional SS&C Blue Prism Digital Workers can be stood up upon request of the customer to meet automation demands
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • Number of active instances
  • Other
• Other metrics:
  • Workforce utilisation & availability
  • Other metrics related to automations
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Blue Prism Cloud

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Digital Worker desktops (VMs) and installed applications
  • Process definitions, schedules and queue data in the SQL database
  • System configuration and environment variables in the SQL database
  • Logs
  • Virtual machines
• Backup controls: Backups are scheduled to ensure Blue Prism Cloud is able to continue to provide services in the event of a disaster.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Blue Prism Cloud Services will be available to Customer for normal use no less than 99.9% of the Scheduled Uptime
• Approach to resilience: Blue Prism Cloud is designed, architected, delivered and managed as an Enterprise class service
• Outage reporting: Service status page as well as proactive service notifications via email to nominated customer contacts.; Web based UI's to allow appropriately permissioned users to monitor, alert and resolve service outages as they occur.; Automations themselves can also be configured to provide any technical or business notifications during operation, via any channel (email, web page, API call, pdf report, etc) to allow bespoke service outage, issue or exception reporting during processing.

Identity and authentication

• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Centrally managed user access control, limiting access to named individuals only.; Role based access according to the principle of least privilege.; Multi-Factor security, such that no individual can make changes without secondary approval.; A complete retrospective audit/changelog of all activity.; Segregation of environments with separate controls governing each.; Infrastructural security.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 12/07/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 19/06/2021
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: N/A
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: SS&C Blue Prism conducts annual risk assessments and maintains disaster recovery/COOP plans to ensure continued functionality in the event of an emergency.; Compliance is tracked a number of ways;; Human Resources tracks employee compliance with required training, IT tracks employee compliance with hardware and software policies, and independent third-party audits are conducted annually to ensure compliance with ISO27001.; OAS ensures all its staff providing professional services for customers are background checked and undergo required training, including customer required training if necessary.; OAS are certified to ISO27001 and Cyber Essentials Plus.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: SS&C Blue Prism includes an integrated Release Manager that applies control to change and release management of automations.; SS&C Blue Prism Cloud operates strict change control on all customer platforms which requires customer approval.; OAS will help customers integrate their own established change management process with the Blue Prism application and Cloud platform.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Every new platform release undergoes penetration testing and vulnerability testing. High and Medium issues are remediated before releasing to customers.; A vulnerability management solution (Qualys) is utilised to feed into the Security, Information and Event Management (SIEM) solution.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: SS&C Blue Prism Cloud operates a comprehensive protective monitoring process across its services and internal operations.
• Incident management type: Supplier-defined controls
• Incident management approach: The ISMS ensures every single security Incident is logged, tracked, managed, and resolved under a documented process. A no-blame policy is operated to ensure all issues are immediately reported and the Incident Management process is initiated at point of reporting.; Security and Vulnerability Assessments are carried out periodically which validate the appropriateness of controls that are in place.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Blue Prism Cloud
• How shared infrastructure is kept separate: Each organisation has its own dedicated cloud platform provided by Blue Prism Cloud.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: MS Azure Controlled.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  OAS is committed to ensuring that the carbon footprint of the company is reduced where possible and that business is sustainable.; ; OAS employees all work remotely. This has benefits for both employees and the environment by substantially reducing the amount of business travel.; ; By doing this, OAS have eliminated the need to maintain an office location. Savings are made on lighting and heating the workplace as well as reducing the amount of paper and supplies.; ; All employees are provided with company laptops rather than desktops, which are more efficient and consume less power.; ; This approach also eliminates the need to physically print documents as all work is carried out online.

  Covid-19 recovery

  Our automation solutions help customers deal with backlogs from Covid-19 or any other excessive workload caused by Covid-19. Our solutions also make organisations more efficient and cost effective, reducing the financial impact of Covid-19.; ; Furthermore, by automating many of the administrative processes in an organisation, we're providing a solution that will be resilient to any future pandemics, allowing staff to focus on more important or critical tasks should another pandemic strike.; ; In addition, with all OAS staff working from home, we're supporting any employees that have a wish to shield or wish to observe social distancing, even though national restrictions have been removed.; ; OAS and its employees always follow the current government COVID-19 guidance on the GOV.UK site.

  Tackling economic inequality

  OAS tackle economic inequality on several fronts:; ; By having all employees work remotely, location is not a factor in whether they can apply for a job, or manage the commute. By removing geographic requirements, we're enabling people from any community to apply and work for OAS. This helps us ensure equal opportunities for all employees or potential employees.; ; OAS commits to eliminating unlawful discrimination and making decisions concerning staff based on merit.; ; Our goal is for each employee to feel respected and able to do their best, irrespective of which sector of society they are from. In providing services, OAS is also committed against unlawful discrimination of clients or the public.; ; OAS commits to ensuring fairness, respect and equality to all our employees, including recruitment, pay and conditions, requests for leave, training, appraisals, promotion, conduct at work, disciplinary and grievance procedures, and termination of employment.; ; OAS commits to creating an enjoyable working environment, free of bullying, harassment, victimisation and unlawful discrimination, promoting respect for all, and where individual differences and the contributions of all staff are recognised and valued.

  Equal opportunity

  OAS employ people based on merit against objective criteria, and no other characteristic that could lead to discrimination.; ; With remote working as standard, people from any community, geographic location or background can apply with confidence, knowing they will not be discriminated against or disadvantaged.; ; OAS also commits to managing and remunerating employees based on merit.

  Wellbeing

  OAS are committed to ensuring and supporting the well-being of their employees.; ; All employees work remotely and are encouraged to maintain a healthy work-life balance.; ; OAS support employees where possible with any specific needs they have to help make their home working safer and more enjoyable. For example, standing desks or other items to assist with physical wellbeing while working.; ; All OAS business is conducted in an honest and ethical manner and we do not allow harassment or bullying of any form. This helps ensure the mental wellbeing of our employees.; ; OAS ensures that all employees have access to a Grievance Procedure to help deal with any grievances relating to their employment in a fair and timely manner, as well as a Whistleblowing Policy to ensure a culture of openness and accountability.

Pricing

• Price: £8,886 to £27,353 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 30-day trial licence of on-premise Blue Prism Enterprise for development/test purposes; Proof of Concept automation utilising a trial licence to demonstrate interaction with customer systems prior to purchase
• Link to free trial: https://www.blueprism.com/free-trial/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jason.burrage@globaloas.com. Tell them what format you need. It will help if you say what assistive technology you use.