WM Promus

Automation 360 (Automation Anywhere)

Automation 360 Pure Cloud Suite is a cloud-based software platform developed by Automation Anywhere. It's designed to automate business processes using robotic process automation (RPA) and other intelligent automation tools.

Features

• Universal Recorder
• Coding capabilities
• Pre-built components and integrations
• AI and ML
• Natural Language Processing
• Control Room
• Performance analytics
• Secure platform
• Scalability

Benefits

• Increased Efficiency
• Enhanced Productivity
• Improved Accuracy
• Reduced Costs
• Faster ROI
• Scalability
• Improved Employee Morale
• Data-driven insights

£823.26 to £20,581.56 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ewong@wmpromus.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

839845805202651

Contact

Emma Wong
44 (0) 203 946 6226
ewong@wmpromus.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Extension to any Windows or web-based application. The platform's purpose is to automate complex business processes that are conducted within one or many of these systems. For certain applications, such as Microsoft Excel, Salesforce, ServiceNow and Workday, we have specific integrations that make Automation 360 an extension of those platforms.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Whilst the Automation 360 Control Room can be accessed from any device supporting a modern web browser, bots can only be run on a Windows (7, 8, 10,11 and Server) machine, therefore the platform can only automate applications that are supported by that operating system. Details of this can be found below:; https://docs.automationanywhere.com/bundle/enterprise-v2019/page/enterprise-cloud/topics/deployment-planning/on-prem-install/cloud-bot-agent-compatibility.html; ; The Automation 360 solution is available in 3 possible deployment models. Details about the models can be found below:; https://docs.automationanywhere.com/bundle/enterprise-v2019/page/enterprise-cloud/topics/migration/choose-deployment-model.html; ; However, migrating from on-premise to cloud or vice-versa is not available currently. This means that the initial deployment model cannot be readily changed.
• System requirements:
  • Virtual or physical client/desktop machines for running automation
  • Virtual or physical servers for hosting A360 (if on-premise deployment)
  • Bot Creator / Runner licenses for executing and build automation
  • 5Mbps (20Mbps or greater preferred) Internet connection
  • 1Gbps or greater IPV4/IPV6 LAN
  • Windows Operating systems (W10+, WS2012+) for running automation
  • Minimum 4 Core 2.5Ghz CPU and 8GB+ memory for clients
  • Minimum 8 Core 2.5Ghz CPU and 16GB+ memory for servers

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: The software is supported by the vendor - Automation Anywhere. Please visit: https://www.automationanywhere.com/customer-support
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding Process:; ; Initial Setup: We provides an onboarding process to help new customers set up their Automation 360 accounts and configure the basic functionalities.; ; Training Options:; ; Online Training: Automation Anywhere offers a library of online training resources, including:; ; >Documentation: User guides, tutorials, and API references are likely available online to guide users through the platform's functionalities.; >Video Tutorials: Automation Anywhere might provide step-by-step video tutorials demonstrating core concepts, building automations, and using various features.; >Certification Courses: Automation Anywhere potentially offers online certification courses for users who want to develop deeper expertise in using Automation 360.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video Tutorials
• End-of-contract data extraction: All Data can be extracted in form of Bot Files and other Database Files. As such, Automation 360 only stores Audit Logs, User Role-Based Access Details, Training data for IQBot extraction method and Bot Insight analytics.; ; Customers can ask for Audit Log and Database files during offboarding process.
• End-of-contract process: Automation Anywhere will keep customer data, configs (bots), IQ Bot data, and most logs for 30 days after the customer’s subscription ends. Some logs may be kept for up to 180 days after the customer’s subscription ends. Full details of the Data Processing Addendum and data retention policy can be found here:; automationanywhere.com/support/DPA.pdf

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Automation Anywhere Mobile App allows users to start, stop, pause or resume bots, monitor the status of bots, and measures the ROI from their digital workforce in real-time.; The app is currently available from the Apple App store and Android Play store. Automation Anywhere Mobile expands the reach of RPA by empowering business users to:; • Gain unprecedented level of control over their digital workforce - Start, pause and stop bots anytime anywhere.; • Make on-demand decisions - Access ROI and business performance in real-time.; • Keep track of their bots on the go
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Automation 360 has an API (Application Programming Interface) that allows users to deploy bots, manage files, administrate users and more. This is accessible through the REST protocol and allows full programmatic access to the platform.; > Manage and deploy bots, including scheduling, monitoring performance, and troubleshooting.; > Access pre-built components and integrations with other applications .; > Analyse bot performance and gain insights through dashboards and reports
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Automation Anywhere have undergone the "Voluntary Product Accessibility Template" Test for our product/service conforms with Section 508 of the Rehabilitation Act of 1973
• API: Yes
• What users can and can't do using the API: The Automation Anywhere Control Room provides various APIs that allow you to customize the way that you (and your bots) interact with Automation Anywhere. Users can perform tasks such as manage bot deployments, create and manage credentials in the Credential Vault, create and manage user accounts and roles, and create and manage queues.; ; More detailed information: https://docs.automationanywhere.com/bundle/enterprise-v2019/page/enterprise-cloud/topics/control-room/control-room-api/cloud-control-room-apis.html; > Manage Files: Upload, download, and manage files associated with automations (scripts, configurations).; > Access Data: Retrieve data from Automation 360, such as bot execution logs or performance metrics .; > Integrations: The API can potentially be used to integrate Automation 360 with other systems and applications for data exchange or triggering actions .
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users cannot customize the solution i.e. source code wise. However, through the AARI platform, end users can see customized forms when interacting with attended automation.

Scaling

• Independence of resources: Automation Anywhere have a performance check in place and we guarantee a 99.9% uptime. Automation Anywhere currently have extremely low 0.001 milisec latency. The Cloud Ops team constantly monitors and manages the resources. Each User has its own individual Tenant ID and each tenant's performance will not be affected by another.

Analytics

• Service usage metrics: Yes
• Metrics types: Automation Anywhere maintains a Cloud status website available at status.automationanywhere.digital for its users.; We do not provide service usage matrix as a function of pricing, as our pricing is not dependent on the hours use. Certain reports can be asked or are shared proactively by Customer Success Managers
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Automation Anywhere

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Data is protected during transmissions between a customer's network and the cloud service, including through Transport Layer Encryption (TLS) leveraging at least 2048-bit RSA server certificates and 128-bit symmetric encryption keys at a minimum. Additionally, all data, including Customer Data, is transmitted between data centers for replication purposes across a dedicated, encrypted link utilizing AES-256 encryption. Customer data is protected at rest across all data storage facilities using asymmetric encryption with AES-256 bit keys.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: BotFiles, Audit Logs, Bot Insights data can be exported as XML, CSV or PDFs.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • XML
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Word
  • Database Files
  • HTML
  • PDFs
  • Images

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Automation Anywhere practices layered approach to network segregation with controls at each layer. Public subnet(s) shields the internal private subnet(s) from direct internet access. Sensitive data and/or other information assets are deployed on the internal private subnets only, where there is no direct access to the internet. The only access to those assets is from select authorized hosts, restricted by network layer access control lists (ACLs), virtual private cloud (VPC) routing, and firewall rules as relevant. Within the private subnet, lateral propagation is also restricted based on business needs.; We control access to our sensitive networks on a need-basis only.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Cloud infrastructure is configured based on industry and vendor-specific security best practices to ensure that misconfigured resources do not result in data exposure. In addition to security configuration, all cloud resources including virtual machines, 3rd party software components, and applications are regularly scanned for security vulnerability and prioritized/remediated in accordance with defined SLAs. Network access to infrastructure and cloud application is limited to approved TCP/IP ports and VPN connected devices. To detect security threats, Intrusion Detections, and Prevention Systems (IPS) are deployed across all cloud environments. DDoS protection is deployed to protected Automation Anywhere cloud services against the availability attack.

Availability and resilience

• Guaranteed availability: Automation Anywhere offer Availability Service Level Credits for failure to meet 99.90% Service Availability as per our availability service level terms here: https://www.automationanywhere.com/uptime-availability-SLA
• Approach to resilience: All the Services have High-availability and Disaster recovery. Automation Anywhere maintains emergency and contingency plans and has ISO; 22301 BCMS certification.; High Availability: Each regional data centre presence Is designed with application-level high availability and highly available public cloud services across the region. Automation 360 Cloud follows industry standards best practices with a cloud uptime SLA of 99.9%.; Disaster Recovery: Backups are taken and maintained in an encrypted format to restore the service in the case of a disaster. Backups are taken every 6 hours to another location. If a disaster is declared for the primary location, a secondary; location is instantiated for all tenants using the backup taken every 6 hours. The current objectives for this recovery are:; • RTO (Recovery Time Objective): Time to get a new location up and running with the last backup; data restored = 6 hours.; • RPO (Recovery Point Objective): The maximum duration for data loss during a restore = 6 hours.
• Outage reporting: A status page where all service statuses are updated in Realtime.; ; Status Page: https://status.automationanywhere.digital/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: The Control Room implements Separation of Duties through a configurable Role-Based Access Control (RBAC) capability, addressing NIST AC 2, 3, 5 and 6. Default Admin role is available. The role-based accessibility model ensures each User has console-access, to view information or data that is relevant to the role assigned by the Control Room Administrator. User Roles and relevant privileges are assigned from the Security Console. One can create as many different roles as required and we also publish a permission matrix on documentation portal to enable you to create a combination of roles and permissions that suit your organizational requirements.
• Access restrictions in management interfaces and support channels: Access is deny-all and allow by exception based on roles, domains as defined in Role-based Access Control (RBAC). These roles can also be limited to specific groups.; e.g. Only those users who have access to User Management will be able to manage users in system. Authorized users can assign various combinations of these access rights to different sets of users and roles, as the business requires.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Key security areas to protect cloud data include identity and access management (IAM), logging and monitoring, infrastructure security, application security, data protection, and incident response.; Identity is the cornerstone of cloud security, defining what access is required for each cloud entity. Automation Anywhere implements access controls based on the principle of least privilege, applying fine-grained permissions to all cloud entities. All cloud entities that access the underlying infrastructure have specifically defined roles ensuring that the attack surface of the cloud environment is minimized.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 07/09/2020
• What the ISO/IEC 27001 doesn’t cover: Scope of Registration: The Information Security Management System at Automation Anywhere encompasses all information assets and processes utilized for deployment, maintenance and management of cloud infrastructure required to support the product stack for the customers and provision of IT infrastructure; management services provided by Information Technology, Information Technology Cloud Solutions and Cloud Operations team.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 25/03/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: This is for all Automation Anywhere product suite as well as cloud service. i.e. Software as a service.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • All Certifications can be viewed at: https://www.automationanywhere.com/compliance-portal
  • SOC 1 & SOC 2 compliance
  • FISMA moderate controls
  • PCI-DSS
  • SOX
  • HIPAA
  • ISO 22301:2019
  • ISO 27001:2013
  • Veracode Verified
  • HITRUST

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Automation Anywhere cloud services are protected based on industry standards and frameworks like NIST Cybersecurity Framework, Cloud Security Aligns (CSA) Controls AWS Cloud Adaption Framework, Center for Information Security (CIS) baselines, ISO 27001, ISO22301:2019, SOC 2 Type 1+2 and others.
• Information security policies and processes: Automation Anywhere cloud services are protected based on industry standards and frameworks like NIST Cybersecurity Framework, Cloud Security Aligns (CSA) Controls AWS Cloud Adaption Framework, Center for Information Security (CIS) baselines, ISO 27001, SOC 2 Type 1+2 and others.; ; Automation Anywhere is a security- and privacy-focused enterprise. This is reflected in the Automation 360 platform. This continued endeavour has resulted in achieving multiple security, business continuity, and data privacy-related certifications.; ; As part of the cloud security framework, there are a few key security areas required to protect the cloud service. They include:; • Security program management; • Asset management; • Access management; • Physical and environmental security (access control, availability control); • Application and development; • Secure operations; • Incident management; • Vendor management; • Business continuity and disaster recovery; ; Also see the security whitepaper here: https://www.automationanywhere.com/assets/automation-360-cloud-security.pdf

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All teams at Automation Anywhere follow Agile methodology for delivery and can respond swiftly and effectively to any change that the business demands. A change request works its way from various sources (customers, stakeholders, product vision etc.) to the product backlog as user stories from where the team can pick them up as a part of iterations. Hence, Agile allows changes to happen on a regular basis– not as any special change event. The regular show and tell of the ongoing work keeps the stakeholders well informed and helps to make any course correction as & when required.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Cloud infrastructure is configured on industry and vendor-specific security best-practice to ensure misconfigured resources do not result in data exposure. Cloud infrastructure is continuously monitored to meet best practices and any deviation is remediated based on risk to customer data. All cloud resources including virtual machines, 3rd party software, applications are regularly scanned for security vulnerability and then prioritized and remediated in accordance with defined SLAs. Network access to infrastructure and cloud application limited to approved TCP/IP ports and VPN connected devices. To detect security threats, Intrusion Detections, and Prevention Systems (IPS) are deployed across all cloud environments.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Visibility into activity in cloud environments is critical for monitoring and identifying security events and incidents. All resources in Automation Anywhere cloud are configured to log security events and send them to a centralized SIEM solution. SIEM is used to build a usage baseline of cloud activity to detect deviation, monitor changes to security posture, and correlate threat data which is then investigated by the security team.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Security Incident Management policy and process apply to all incidents resulting from violation of Information Security policies.; These include but are not limited to:; • attempts to gain unauthorized access to a system or its data; • unwanted disruption or denial of service; • the unauthorized use of a system for the processing or storage of data; ; Policy and process includes responsibilities and procedures, reporting of security incidents, reporting of weakness & threats, assessment of and decision on information security events, Response to information Security incidents, Priority and Severity Categorization of security breach, Collection of evidence, resolution, learning from incidents

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Automation 360 is part of a Digital transformation mindset, which will improve business processes and offerings through leveraging new technologies and forms a vital part of the way we cut emissions and reduce waste. In terms of climate change, many of our Automation 360 solutions and services are delivered in conjunction with a move to cloud technology with a cloud-based model being a more energy efficient approach than traditional on premise. All Automation 360 services include a discovery phase. As part of this, we assess client data requirements. We encourage clients to actively consider minimising storage; redundant, obsolete or trivial data incurs energy costs and is counter-productive in terms of delivering on a commitment to climate change. Not only does the discovery phase focus on planning what to automate, it looks at making configuration management, development and the collaboration between employees more efficient – including energy efficient; reducing carbon footprints though unnecessary print jobs, underutilised resources and poor configuration.

  Covid-19 recovery

  Our Automation 360 solutions and services were instrumental in supporting clients since the impact of Covid-19 hit UK businesses in early 2020. Through our Automation 360 solutions and services, we continue to enable new ways of working and strengthened service resilience by automating processes that proved challenging due to a reduced workforce because of COVID-19. For some clients, our Automation 360 solutions are critical where the increased demand on personnel cannot be met by the current workforce.

  Tackling economic inequality

  Our commercial approach creates opportunities for entrepreneurship, public sector and SMEs. We do not believe in a one tool fits all model and work with both licensed and open source tools. This we help level the playing field for organisations with leaner budgets compared to bigger organisations who have more capital to invest in expensive automation tools. In addition, our services are delivered in a myriad of ways that supports organisations of all sizes and budgets. As an SME, WM Promus firmly believes tackling economic inequality in this way delivers social value.

  Equal opportunity

  WM Promus are an equal opportunity employer. On all client engagements, we promote fairness and respect; showing zero tolerance for discrimination of any kind. We are keen to discuss with you how your specific project addresses the social value criteria you may have and how we can help you deliver on your social responsibilities and commitments.

  Wellbeing

  A major benefit to our Automation 360 solutions and services, is employee wellbeing. By freeing up employees’ time and liberating employees from the stress of poor collaboration, repetitive manual configuration tasks, inconsistent environments and complex change releases, there is a positive outcome for employee satisfaction and happiness. The support provided to over-burdened employees though automating some of their workload drives clear improvements to employee wellbeing.

Pricing

• Price: £823.26 to £20,581.56 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Time limited trials are available. Assistance with use of the service during the trial is available.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ewong@wmpromus.com. Tell them what format you need. It will help if you say what assistive technology you use.