NINTEX UK LIMITED

Nintex K2 Cloud

The Nintex K2 Cloud process automation platform helps you rapidly build, execute, and maintain business process applications without writing any code. This makes it possible to deliver integrated, mission-critical process automation and case management at scale, as well as lightweight departmental workflows.

Features

• Enterprise Workflow. Visual, intuitive process and rules designers
• Forms. Visually design user experiences mobile-ready leveraging data and workflows
• Business Rules. Across workflow, forms and data
• Integration. Point-and-click integration with virtually any line-of-business system
• Low-Code. Citizen developer focused wizards, templates & design approach
• Component model. Re-usable artefacts to scale & change readiness
• Mobile. Responsive user experience on major devices, online or offline
• Security & Governance. Comprehensive, role-based management provide security & governance
• Analytics. Reports & Analytics to identify issues & drive optimisation
• Microsoft. Native interoperability across SharePoint, O365, CRM etc.

Benefits

• Develop Applications quickly. 78% reduction vs. traditional development
• Reduce systems catalogue. One platform to build and manage applications
• Rapid ROI. Forrester validate 466% over 3 years
• Change. Component model and governance deliver rapid, controlled change
• Digital by default. Connects citizen-facing services and department transformation
• Low Code. Decreased reliance on developers with citizen design model
• Channel. Significantly reduced transactional costs across multi-channels
• Insight. Service compliance and optimisation with process monitoring and reporting
• Data. Integration model leverages LOB systems data reducing data silo
• Experience. A rich UX interface, complete tasks in one place

£2.70 to £25.73 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.blackwell@nintex.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

930790707742689

Contact

Paul Blackwell
07793294774
paul.blackwell@nintex.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No service constraints are known at this time
• System requirements:
  • Azure Active Directory: Can use AAD as Identity Provider (IdP)
  • Google: Can use Google as Identity Provider (IdP)
  • Okta: Can use Okta as an Identity Provider (IdP)
  • For supported browsers: see Compatibility Matrix at help.nintex.com

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard support times: 6:00 - 5:00 Monday to Friday; Depending on the severity: ; S1 – 8 Hours; S2 – 1 Business day; S3 – 2 Business day; S4 – Best effort; ; Enterprise support times 10 pm Sunday - 1 am Saturday (extra costs see pricing); Depending on the severity: ; S1 – 4 Hours; S2 – 8 Hours; S3 – 1 Business day; S4 – 2 Business days; ; Select Support 24x7 (extra cost see prices) ; Depending on the severity: ; S1 – 2 Hours; S2 – 4 Hours; S3 – 8 Hours; S4 – 1 Business day
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: See previous answers for details of response times. Software Assurance package details can be found at https://www.nintex.com/legal/software-support-policy/ which provide:; ; Standard Support - included in subscription; Premium Support - additional 10% of subscription fee; Platinum Support - additional 30% of subscription fee; ; A customer success manager is assigned to all customers over a threshold anual subscription fee. The customer success manager's role is to help our customers get the most out of their investment in Nintex through activities such as personal mentoring, ticket support and sign posting suitable resources and services.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Nintex provide virtual classroom training options globally. This is provided via the Nintex University browser-based application which allows for self-paced, on-demand training courses. Nintex K2 Cloud training is available for different user personas e.g. Power User, IT Developer, Administrator etc. and for different skill levels e.g. Practitioner, Expert, Master etc.; ; Comprehensive online product documentation is also available via the help.nintex.com website. Additionally, the Nintex Community web site provides user forums, blogs, Knowledge Base articles, “How To” guidance etc.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Customers can request a backup of their database from the Nintex K2 Cloud Services team at the end of the contract.
• End-of-contract process: For 35 days after the termination or expiration of the Service, Nintex will keep available customer production data – if any – for retrieval by the customer. After such 35 days, Nintex will have no obligation to retain the customer data, and Nintex shall delete any customer data from the Service. A customer can request immediate deletion of any customer data from Service upon termination as well. Upon request, Nintex will issue the customer with a certificate validating the deletion of data. ; ; Within the 35-day post-termination period, a customer may request production environment data retrieval through Technical Support. Nintex will provide assistance to allow the customer to retrieve or export such data from the customer’s production Service Nintex K2 Cloud database. Data will not be made recoverable for customer non-production environments.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Nintex K2 Mobile service provides some additional functionality that is not available to the desktop service. This functionality includes capabilities like geo-location, access to the mobile devices camera for image and video capture, image annotation, bar-code and QR reading. Additionally K2 forms can be configured to allow for offline access when accessed via the Nintex K2 Mobile service.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The K2 Designer is a browser-based design environment, providing a drag-and-drop, configuration-based editor for designing and building Workflows, Electronic forms & Integrations.; ; The K2 Management is a browser-based administration application, allowing administrators to configure and administer the K2 platform. This includes setting security and access controls, managing roles, permissions and workflow instances and reporting.; ; The K2 Workspace is a browser-based application allowing users to view workflow metrics and reports, access assigned tasks and any applications built on the K2 platform.; ; The K2 Mobile app allows users to access their assigned work and access applications built on the K2 platform.
• Accessibility standards: None or don’t know
• Description of accessibility: Nintex K2 Cloud form & UX design is highly configurable and some accesibility considerations can be built in. Although WCAG standards are not formally supported they can be applied through extensions and working with partners such as Discover Technologies https://discovertechnologies.com/solutions/
• Accessibility testing: Nintex K2 Cloud form & UX design is highly configurable and some accesibility considerations can be built in. Although WCAG standards are not formally supported they can be applied through extensions and working with partners such as Discover Technologies https://discovertechnologies.com/solutions/
• API: Yes
• What users can and can't do using the API: Nintex K2 Cloud provides a standard set of REST services that allow for standard interactions with a workflow process such as process initiation, task actioning etc.; ; The K2 workflow API (REST) allows applications to:; • Start workflow processes; • Retrieve a user’s worklist; • Action a worklist item; • Retrieve details about a process instance; • Delegate or redirect a worklist item; ; The K2 SmartObjects OData API allows:; • Integration with BI tools such as PowerBI, Tableau or even Excel; • Access any Smartobject data via OData endpoints; ; The JSSP (JavaScript Service Provider) broker allows for the development of custom data connectors.; ; In addition:; • Line-of-business integration with virtually any system using K2’s SmartObjects; • Out-of-the-box integration with Microsoft SharePoint & O365, Microsoft CRM, Salesforce.com, SQL Server, Oracle, Exchange, Azure Active Directory, Microsoft Teams, DocuSign & Nintex Workflow Cloud; • Build composite SmartObjects that connect with multiple line-of-business systems to provide a single view of business data; • Inline Functions provide a built-in set of functions to provide complex logic and calculations
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Nintex K2 Cloud is a software development platform which allows both technical and non-technical users, to quickly and easily build workflow centric applications using a low-code, drag-and-drop designer. These applications would typically consist of browser-based forms, workflow processes, line-of-business system integration and analytics/reporting.; ; The browser-based drag-and-drop K2 Designer, allows for the complete customisation of workflows and their associated user forms and any line-of-business integrations. Component reusability ensure that applications are created in a consistent way and that new applications can be delivered faster than the one before.; ; Any business user could create, edit and manage K2 applications, since no code knowledge or experience is required, however more complex applications typically would utilise technical

Scaling

• Independence of resources: The Nintex K2 Cloud runs on a service that can be scaled based upon either short-term, forecasted demand OR more permanently due to growth usage and adoption. K2 is currently deployed as a multi-tenant model; where customer compute and data is segmented from other customers. Customers are isolated in both the compute and data storage tiers.

Analytics

• Service usage metrics: Yes
• Metrics types: A web-based service report will show the real-time status for the Nintex K2 Cloud service and other dependent ancillary services like O365, Azure AD etc. This includes a status history of all Nintex K2 Cloud service maintenance.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Standard TDE Azure SQL, full database encryption.; Optional database column encryption based on database engine (i.e. AES 256 on SQL Azure)
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported in several ways. K2 smartobjects can be exposed as OData endpoints, which can then be used to export data directly into applications like Microsoft Excel or used directly by Business Intelligence tools like PowerBI or Tableau. K2 Smartforms provide a capability to directly export a list of results to Microsoft Excel. A K2 form with its displayed data can be exported in PDF format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel and CSV (via extensions)
  • JSON format via OData endpoint
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel and CSV (via extensions)

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: The Nintex K2 Cloud service provides customers with an Availability SLA of 99.9% within their production tenant. Availability is defined as the ability for a customer to be able to access the production service environment irrespective of network connection or other intermediary issues outside of the control of Nintex. A Service Credit is available to customers should the Nintex K2 Cloud SLA not be met.
• Approach to resilience: Nintex K2 Cloud makes use of SQL Azure as data store. SQL Azure creates automatic geo-redundant database backups. Full database backups happen weekly, differential database backups generally happen every few hours, and transaction log backups generally happen every 5 - 10 minutes. The backup storage geo-replication occurs based on the Azure Storage replication schedule – handled by Microsoft. The retention period for the database is 30 days. The above means that we can do any point-in-time restore of the data with a 10-minute accuracy within the last 30 days.; High availability (HA) is provided by default in the Production instance. Native Microsoft Azure capability is utilized in testing disaster failover (DR).; ; More details available in the Service Policies document available on request.
• Outage reporting: Nintex K2 Cloud is hosted on Azure data-centres. Azure status, planned maintenance and outages are reported via the website: https://azure.microsoft.com/en-gb/status. An RSS feed is available.; Communications channels to customers are via the Nintex K2 Cloud status page (status.onk2.com) as well as direct email notifications to subscription administrators.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: The K2 Management site allows you to manage your Nintex K2 Cloud environment and components such as workflows, worklist items, SmartObjects, users and security. These are administrative tasks that are performed by the K2 administrator. The Server Rights node is used to add, edit, remove and refresh Workflow server permissions for users or groups. These rights will determine which users and groups can administer a K2 workflow server, export new workflows or impersonate a user.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: 27001 Schellman & Company, LLC
• ISO/IEC 27001 accreditation date: 18/04/2018
• What the ISO/IEC 27001 doesn’t cover: The only control not covered was outsourcing as we do not outsource, so it wasn't relevant. All other controls were included.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC 2 type II attestation report

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Security is an important part of our reputation, how we earn customer trust, how we do business and how we deliver our product. Our company must provide secure products and services for our customers. We are committed to maintaining a secure environment and improving our information security management system and security program.; ; Nintex have a Security Committee who are responsible for providing support for the business by assuring the confidentiality, integrity, and availability of company information assets. The Security Committee discusses security topics, reviews key security metrics, and approves security policies.; ; The Information Security Management Systems (ISMS) Manager is; responsible for implementing and maintaining the ISMS.; ; Security Administrators include systems administrators, database; administrators, network administrators, and other application; administrators. These functional teams maintain the responsibility for the; management of security controls and configurations within the; information systems they support. They implement security mechanisms; and maintain the requisite technical expertise to support them. They; ensure systems and services comply with all approved corporate; information security policies, standards, and procedures.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes to the Nintex K2 Cloud environment are tracked, approved, tested, and implemented in accordance with ISO27001 specification are are independently audited annually against SSAE 16 SOC2 standards for 12 previous months prior to the audit.; ; Changes by customers within the Nintex K2 Cloud Platform will be configured and operated by either customers or 3rd party suppliers.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Nintex performs annual vulnerability testing internally and externally, as well as contracts out to a third party to perform an annual penetration test of the product and standard environment. These are conducted in accordance with ISO27001 specifications and are independently audited annually against SSAE 16 standards for 12 previous months prior to the audit and reflected within a SOC2 Type II report.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Monitoring is conducted within Azure and consolidated within Elasticsearch for analysis.; ; Monitoring activities are handled in accordance with ISO27001 specifications and are independently audited annually against SSAE 16 standards for 12 previous months prior to the audit and reflected within a SOC2 Type II report.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Customers can reach out to Nintex support via web, phone or email to raise incidents. Incidents will be handled via Nintex's internal incident management policies and conducted in accordance with ISO27001 specifications. The processes are independently audited annually against SSAE 16 standards for the 12 previous months prior to the audit and reflected within a SOC2 Type II report.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Reduce our environmental footprint & increase sustainability through:; ; Sustainable Sourcing; Waste Reduction and Recycling; Reducing our Carbon Footprint; Going Green
• Covid-19 recovery:

  Covid-19 recovery

  We continued to operate throughout Covid with established home working practices and technology allowing the business to operate effectively all through the pandemic.; ; We have a managed return to work policy in 3 phases clearly communicated to the company with appropriate booking systems and alerting as we return back to a business as usual hybrid approach.; ; Customers also used our software and services to continue delivering their services through the lockdowns and into BAU as digitising operations became critical . Some of these services are available on G-Cloud
• Tackling economic inequality:

  Tackling economic inequality

  Nintex provides services to any and all customers who are not subject to sanctions, regardless of organisation size or industry.; Comprehensive self lead training is accessible to all free of charge to all.; Discounts on products can be provided to Educational and None for profit organisations.
• Equal opportunity:

  Equal opportunity

  Diversity – we strive to be an organization that has the presence of different identities, to include but are not limited to race, color, religion, sex, national origin, age, and disability. ; ; Equity – we make a commitment to have equitable practices, programs and policies, to ensure that all team members have an equal opportunity to grow, contribute and develop at Nintex. ; ; Inclusion – welcomes, respects and leverages diversity within Nintex.; ; DE&I – diversity is a competitive advantage and​ smart business decision; our diversity efforts will only be successful when matched with equitable and inclusive practices.
• Wellbeing:

  Wellbeing

  Nintex have a comprehensive wellbeing program with tools, policies and employee offerings. One of our 3 core tenets is operate with respect and consideration and this is embodied in the people we recurit and the way we enage with our customers, suppliers and partners.; ; Staff wellbeing is constantly checked in through pulse surveys delivered through a system called OfficeVibe and management feedback and HR monitoring is part of our regular business operations.; ; We have a package of employee benefits including free headspace app, gym membership, dental cover, private health, life assurance, cycle to work, eye care and others.

Pricing

• Price: £2.70 to £25.73 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free trials can be requested here https://www.nintex.com/trial/#nwc and last for 30 days as standard. These can be extended in agreement with Nintex.; ; This is a full feature trial.
• Link to free trial: https://www.nintex.com/trial/#nwc

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.blackwell@nintex.com. Tell them what format you need. It will help if you say what assistive technology you use.