Acorn Recruitment Ltd

Cloud hosting

Our Service is a cutting-edge solution framework that integrates automation and artificial intelligence to revolutionise document and data operational processing. Solutions use Intelligent Automation and Artificial Intelligence (IA/AI) utilising REAVA™ (Retrieve, Extract, Analysis, Valid, Action) framework, customised to meet operational challenges.

Features

• Retrieve: Automation retrieves information from systems, source data and repositories.
• Extract: Utilises AI tools to accurately retrieve structured/unstructured data.
• Analysis: IA/AI performs analysis for minimal retrieval dataset
• Validate: Ensuring data accuracy, amending content including human interface
• Action: Decisioning to deliver business outcomes, triggers or application updates
• Real-Time Reporting: Services provides operational reports in real time
• Custom Workflows: Tailor workflows for each business process
• Scalability and Elasticity: Dynamically scales resources based on demand.
• Security and Compliance: Robust security measures protect sensitive data.
• User-Friendly Interface: Enables business exception interaction with automation

Benefits

• Operational Efficiency: Significantly reduces manual effort, increased productivity times.
• Accuracy and Consistency: Reduced Errors and output conformity
• Consistent Results: Predefined rules & decision making ensuring uniform outcomes.
• Improved Customer Experience: Faster process completion with completed structured outputs.
• Custom Workflows: Tailored workflows to meet specific business challenges
• Personalisation: Delivers tailor services & communications for wide operational use.
• Cost Savings: Resource Optimisation and removal delivering enhanced cost savings.
• Efficient Resource Allocation: Reduced operational budgets as less user activities.
• Enhanced Decision-Making: Prebuild business rules for objective, consistent outcomes.
• Compliance and Security: Ensures Data Protection, Audit Trails, Diagnostics

£20.00 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Stephen.newman@acornpeople.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

896092986564840

Contact

Stephen Newman
+447810798186
Stephen.newman@acornpeople.com

Service scope

• Service constraints: Yes - We provide a 99.99% uptime with pre-planned and critical ad-hoc maintenance periods. These are all provided against agreed SLA's with the client to ensure minimal impact to the daily operational activities.
• System requirements:
  • Servers for application and robots
  • VM's
  • Openai api
  • AWS or Azure support infrastructure

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response Times - General questions:; Normal Business Hours 2 Hours.; After hours/Weekends/Public Holidays 4 Hours.; ; Response Times - Service Delivery:; Severity Level Response Time Coverage Target Resolution; Severity Level 1 15 Minutes from notice. 7 days/wk Work continuously on workaround during normal business hours to correct Error.; Severity Level 2 1 Hour from notice. 7 days/wk Target of 3 business days to install a workaround.; Severity Level 3 1 business day from notice. 7 days/wk Target of 5 business days to install a workaround.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We use Zoho Help desk and WhatsApp where assistive testing has already been carried out.
• Onsite support: Yes, at extra cost
• Support levels: Response Times:; For general questions, we respond within 2 hours during normal business hours; ; For Service deliver questions, relating to System Service Performance:; Severity Level, Response Time, Coverage, Target Resolution ; ; Severity Level 1: 15 Minutes from notice, 7 days/wk; Work on a workaround continuously during normal business hours to correct the Error until it is able to implement a workaround.; ; Severity Level 2: 1 Hour from notice, 7 days/wk, ; Target of 3 business days to install a workaround.; ; Severity Level 3: 1 business day from notice, 7 days/wk ; Target of 5 business days to install a workaround.; ; We provide bespoke service levels which are negotiated for the specific solution we provide, utilising the definitions above. ; ; For all solutions we provide a technical account manager together with access to our development team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The power of the solution is that it is business user centric and as such, is built using CX design methodologies. For each solution, we create a comprehensive document descripting how to use the solution which includes a step by step, diagrammed guide.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Doc
  • Docx
• End-of-contract data extraction: During off boarding, the organisation and individual users will be given the opportunity to have the data retrieved. We will undertake the actions to retrieve and supply the information together with a Certificate of Confirmation that all data has been purged from our systems.
• End-of-contract process: Our FREE structured offboarding process ensures a secure and smooth transition:; ; Assessment and Planning; Detailed offboarding plan outlining tasks, timelines, responsibilities, communications.; ; Data and Application Extraction; Identify client data owners and extraction needs. ; Confirm data format and security during extraction.; Securely provide client data, confirm receipt and restoration.; Delete all client data ; Send confirmation Certificate of Confirmation with deletion logs.; ; Configuration and Customisation Removal; Archive when requested; Disable/remove client configurations and integrations.; Perform deactivation validations; ; Contractual and Financial Closure; Review contractual obligations.; Complete financial reconciliation.; Provide documentation confirming service termination.; ; Communication and Stakeholder Management; Maintain open and transparent communication throughout offboarding.; Notify all stakeholders of offboarding plan with timelines.; ; Security and Compliance Measures; Implement security protocols for client data disposal.; Conduct assessments to verify regulation compliance.; Provide compliance evidence to client.; ; Service Decommissioning; Follow approved decommission ramp down plan.; Disable user accounts, access permissions, API keys when needed.; Shut down or deprovision resources and infrastructure when needed.; ; Post-Offboarding Support and Feedback; Offer post-offboarding support to client.; Gather client feedback from the client regarding their experience.; Document lessons learned.

Using the service

• Web browser interface: Yes
• Using the web interface: Manually load files or data: Put ad hoc files or data into the automation for the framework to process.; Retrieve Information Easily: Users can easily retrieve the output files once processed; Action Business Exceptions: Where there are information/data failures on input or validation, then users will be prompted by the solution to access the web interface and remediate the data. This can also be achieved through other actions such as email without the need to log into the web interface.; Trigger Business processes: Trigger business process automations.; Ad hoc AI queries: Upload information for AI analysis utilising the local LLM (Not generative) so no hallucination's ; Access Real-Time Reports: Real-time operational reports are readily available within the interface, enabling users to monitor performance metrics, track trends, and make timely adjustments to operations.; Interact Easily with Automation: The user-friendly interface simplifies interaction with automation processes, allowing users to monitor progress, intervene when necessary, and provide feedback for continuous improvement.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Each client will have a dedicated web interface address which can be accessed using a web browser. This can be provided through standard https protocols or via a dedicated VPN.
• API: Yes
• What users can and can't do using the API: For each solution we deliver, we utilise test protocols that meet UK government guidelines. Key areas include:; Keyboard Accessibility: Ensure web interface interactive elements can be operated using only a keyboard, without mouse reliance. Test tab order, focus states, keyboard shortcuts.; Screen Reader Compatibility: Test web interface with popular screen readers to ensure compatibility and correct interpretation of content, including navigation, form fields, dynamic elements.; Alternative Text for Images: Verify that all images and non-text content have descriptive alternative text (alt text) that conveys purpose and meaning.; Semantic HTML: Ensure use of semantic HTML elements and proper document structure for screen reader navigation and content comprehension.; Accessible Forms: Test web interface forms, ensuring proper labelling, organised, and programmatically associated for easy completion.; Contrast Ratio: Verify web interface text/interactive elements have sufficient colour contrast against their background to ensure readability.; Keyboard Focus Visibility: Ensure keyboard focus is clearly visible on interactive elements, links, and form fields.; Video/Audio Accessibility: Test multimedia content for accessible alternatives such as video captions and transcripts.; Accessible Navigation: Test web interface navigation structure to ensure easily understood and traversed.; Responsive Design Accessibility: Test web interface across devices and screen sizes to ensure responsiveness and usability.
• API automation tools: Other
• Other API automation tools:
  • Blue Prism
  • UiPath
  • Automation Anywhere
  • Microsoft Power Automate
  • ChatGPT
  • Google
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: For the solutions we build, we have digital workers that are dedicated to each solution. Each digital worker has a capacity that is calculated based on the workload it needs to complete. We already know what each digital worker's capacity is prior to adding more users onto the solution. If we need to add users and we are going to exceed the current capacity for the digital worker, then we switch on additional digital workers to increase the capacity and reduce the demand on the digital worker.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: Call to principle nominated people, dependant on criticality.

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics: Metrics On Demand
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Blue Prism, UiPath, Automation Anywhere, Microsoft Power Automate

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Username and Password for accessing Physical devices. Public and Private Keys for accessing Virtual devices. Data encryption on devices which store data such as databases.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • End to end automation process configuration
  • Automation profile
  • AI profile and extraction configuration
  • Other tools configuration
  • Validation rules
  • Human interface business rules and triggers
  • User profiles
  • Automation robot profile
  • Automation operational logs
• Backup controls: As part of the service, we agree with the client to cadence of backups. If users wish to run additional backups, they simply request via our ticket system for us to carry out this Managed Service facility.; If users wish to recover a backup, they simply request via our ticket system for us to carry out this Managed Service facility.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: AES-256 AesCryptoService (Automation Data) or HMAC256 (Hub & Interact); HMAC256 (Hub & Interact)

Availability and resilience

• Guaranteed availability: Our service levels are a minimum of 99.99%. Higher SLA’s are available. Service is contractually defined including a structured process for refunding clients if SLA’s are not met, with associated refunds:; ; SLA Agreement: IT uptime SLA’s are contractually defined at contract. This includes agreed uptime with the compensation or refund policy in case of SLA breaches.; Monitoring and Measurement: We continuously monitor performance and service availability using monitoring tools and techniques. This enables accurate reporting and immediate instances of SLA breaches.; SLA Breach Identification: In the event of an SLA breech, we promptly notify the client with transparent and detailed information, service impact and mitigating actions.; Refund Calculation: Based on contract terms, severity and duration, as defined in the SLA agreement. This may involve prorating the client's downtime subscription fees.; Refund Process: We adhere to the SLA contractual terms to make the refund.; Client Communication: Throughout the refund process, we maintain open and transparent communication with the client. We provide regular updates on the status of the refund, acknowledge any concerns or feedback they may have, and ensure that they are satisfied with the resolution.
• Approach to resilience: Our services on Azure or AWS are high resilience, ensuring assets protection. Infrastructure availability is 27/7. We utilised Azure/AWS best practises to ensure correct set up and operational resilience:; ; Cloud Provider Redundancy: Our services leverage Azure/AWS redundancy and high availability features. Services are served from one UK region, multi-location available.; ; Automated Failover and Disaster Recovery: Automated failover mechanisms ensure continuous service availability. Service using built-in features such as Azure Traffic Manager or AWS Route 53, plus redundant instances of critical components.; ; Data Replication and Backup: Our strategy includes data replication and regular backups, utilizing Azure's or AWS's native replication services. Additionally, we implement automated backup solutions enabling quick recovery in case of corruption or deletion.; ; Security Controls and Compliance: Our security controls adhere to industry best practices and regulatory requirements. This includes encryption at rest and in transit , implementing identity and access policies, security audits and compliance assessments.; ; Network and Infrastructure Resilience: Data center setup is resilient utilising redundant networking components, load balancers, and firewalls to ensure connectivity and protection. ; ; Continuous Monitoring and Incident Response: We employ continuous monitoring tools and automated alerting systems to detect anomalies, performance degradation, or security incidents in real-time.
• Outage reporting: We have email alerts which are triggered from within our service, as well as health reports provided by our infrastructure suppliers.

Identity and authentication

• User authentication: Username or password
• Access restrictions in management interfaces and support channels: AWS account credentials, with AWS IAM Identities
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password
• Devices users manage the service through: Dedicated device over multiple services or networks

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC 1/ISAE 3402, SOC 2, SOC 3
• Information security policies and processes: Our Information security policy encompasses all aspects of security together with all associated policies and procedures. It focuses on the confidentiality of client and company information, providing guidelines and company procedures. The overarching policies are:; Information Security ; Acceptable Use ; Physical Security ; Network Security ; System/Password ; Anti-virus ; Patch Management; Remote Access ; Vulnerability Management ; Secure Application development ; Testing; Access Control ; Wireless ; ; We have a robust reporting structure to ensure the policies are implemented and maintained:; Executive Management provides strategic direction, allocates resources for information security initiatives. The Head Information Security Officer oversees our Information Security Programme and is the Managing Director.; Our Managed Services Team support the monitoring and responding to security incidents in real-time.; Our Incident Response Team is made up of Key Management, Manage Services and personnel. ; Our reporting channels are:; Internal; External; Vendor; Client; ; Regular reporting ensures all parties remain informed and can react. Reports include metrics on security incidents, compliance status, and effectiveness of security controls. Annually the Management team review the strategy and previous years performance together with future recommendations and a plan of action.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management processes are designed to ensure the highest level of security and efficiency. We use pre-built applications purchased from trusted vendors. These applications are locked down and released as a general product following the vendor’s strict security policies.; ; Tracking Components Through Their Lifetime: Service components are tracked from the moment they are integrated into our system. Since we use pre-built applications, the tracking process is largely handled by our vendors. They provide us with regular updates and patches as part of their general release, ensuring each component is always up-to-date and functioning as expected.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process is a fundamental component of service delivery: ; Assessment of Potential Threats:; Continuous Vulnerability Scanning: Utilise Infrastructure providers tools.; Threat Modelling: Threat modelling identify potential threats.; Penetration Testing: Engage third-party security testing firms.; ; Deployment of Patches:; Patch Management Workflow: Includes identification, prioritisation, testing, deployment, verification.; Patch Prioritisation: Based severity, exploitability, service impact.; Change Process: Defined with reviews, approvals, schedules.; Emergency Patching: Controlled expedited deployment for Zero-day vulnerabilities.; ; Information Sources:; Vendor Notifications: Security mailing lists and vendor notifications.; Threat Intelligence Feeds: Reputable sources.; Security Research: Microsoft and AWS reports, blogs and alerts.; Incident Response Collaboration: Information collaboration.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our Managed Services team are trained to use Infrastructure providers tools to detect and respond to security incidents:; ; Monitoring: Continuously monitor service security. This centralised view of security alerts, recommendations, and compliance assessments, allows early threat identification.; ; Threat Detection: Detection tools leverage advanced analytics and machine learning algorithms to alerted anomalous behaviour indicative of security incidents.; ; Security Alerts and Notifications: We detect threats and security incidents with details of the threat, affected resources, remediation actions. Alerts prioritised on severity and relevance. ; ; Log Analytics: All activities are monitored, analysed and logged to analyse and visualise.
• Incident management type: Supplier-defined controls
• Incident management approach: Users raise incident tickets / report incidents via email or call our 24/7 helpline. All incident tickets are logged within our Service Desk application, against customer accounts. Ticket updates are automatically sent directly to our end users (via email) each time the ticket is updated by our team with progress reports.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: Azure Virtual Machines; Microsoft Azure Platform
• How shared infrastructure is kept separate: Through profile-specific logons; Different tenants (for automation)

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: We have adopted Microsoft Azure as our core infrastructure provider and they adhere to the EU Code of Conduct for Energy Efficient datacentres.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  A key part of the selection of our selection of datacentre partners Microsoft and AWS was how their service provision would deliver against the Social Value themes outlined in PPN 06/20. They adhere to the key principles:; Implementing energy-efficient technologies in their data centres; Optimising resource utilisation to minimize energy consumption.; Implement reduced hardware requirements and energy-efficient operations.; Promote the use of renewable energy sources to power our infrastructure; Encourage clients to extend their green energy partnerships and investments in renewable energy projects.

  Covid-19 recovery

  Facilitate remote work and collaboration through cloud-based solutions like Teams.; Reduce the need for physical office space, we work mostly virtual now.; Minimum commuting or travelling to clients. We have customers across the UK, Ireland and North America where all business is conducted remotely.; We utilise services from our partners to ensure we can scalable and flexible IT infrastructure. They offer this to all their customers.; They both offer cost-effective cloud solutions that enable clients to adopt cloud services which allow their customers to rapidly adapt to changing market conditions.

  Tackling economic inequality

  Our partners provide affordable and accessible cloud services to organisations of all sizes, including small and medium enterprises (SMEs) and underserved communities, enabling them to leverage advanced IT capabilities without significant upfront investments.; They support economic development and job creation through cloud-based innovation and digital transformation initiatives, particularly in sectors such as renewable energy, sustainable agriculture, and healthcare.

  Equal opportunity

  Microsoft and AWS promote diversity and inclusion in the tech industry through partnerships, initiatives, and programs that support underrepresented groups in accessing and succeeding in cloud computing and related fields.; They offer a wide range of training opportunities to train and educate to any individual irrespective of background, to develop skills in cloud technology and pursue careers.

  Wellbeing

  Our partners our like our own company, we have excellent employee wellbeing programmes and enable remote work, flexible schedules, and work-life balance through cloud-based collaboration tools and virtual work environments.; Our partners support healthcare providers and researchers with secure and scalable cloud solutions for data storage, analysis, and collaboration, facilitating advancements in medical research and improving healthcare outcomes.; Our partners, like us, promote sustainable practices and environmental stewardship through energy-efficient operations, renewable energy investments, and initiatives that raise awareness about the intersection of climate change and human health.

Pricing

• Price: £20.00 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Guidelines:; Functionality: Feature subset - basic document/data retrieval, simple data extraction, dataset analysis, validation, output.; Usage Limits: Maximum number of processed items per month.; Support and Maintenance: Community-based, basis enquiries.; Customisation and Integration: Predefined templates or basic configurations.; Scalability and Performance: Limited.; Security and Compliance: UK Government regulatory standards
• Link to free trial: N/A

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Stephen.newman@acornpeople.com. Tell them what format you need. It will help if you say what assistive technology you use.