Core

Workflow Automation and AI Software Solutions - CoreGov

Our AI-driven workflow automation platform streamlines digital service creation and integration. Its intuitive interface empowers users to build applications, using low-code for rapid development. Key features include a comprehensive view of data and processes, pre-built templates for quick adaptation, and user-friendly tooling enhancing accessibility and effectiveness in the public sector.

Features

• AI-powered rapid development of digital workflow automation services
• Citizen / Tenant Hub pre-built case-management and CRM foundation apps
• DevOps tools for seamless integration, delivery, test automation, and monitoring
• An adaptable framework for crafting accessible experiences for any device
• Portal for information security and governance, control and audit.
• Design once, it adapts across interfaces, brand as required
• Integration with enterprise systems via JSON, REST, and web services.
• Scalable, secure and resilient UK Cloud hosting
• Tools to manage and optimise data storage, queries, and security
• Rapid onboarding with training course and mentoring

Benefits

• Cost-effective transition to digital channels with fewer resources
• Upskill and grow multidisciplinary teams – increase capacity for digitisation
• Upgrade enterprise systems and build the flexibility to adapt
• Improve customer journey and maximise productivity with engaging digital experiences.
• Manage shadow IT and ensure compliance for security and accessibility.
• Build robust solutions to handle sensitive workloads in secure environments
• Access to pre-built accelerators.
• Foster greater collaboration between business users and developers
• Achieve security and governance without compromise
• Design once and reuse, shorten delivery time, reduce repetition

£395 to £1,695 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at webenquiry@core.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

998378037240255

Contact

Paul Saer
+44 (0) 207 626 0516
webenquiry@core.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Within the automation landscape, our Workflow Automation solutions benefit from a range of accompanying extensions: Intelligent task automation: Automate repetitive tasks to enhance productivity with Robotic Process Automation (RPA) assistance. Customer experience enhancement: Contact centre solutions redefine customer engagement Intelligent automation AI: Incorporate AI capabilities, providing tools to accelerate automation.
• Cloud deployment model: Public cloud
• Service constraints: The service is subject to planned maintenance which will be notified in advance.
• System requirements:
  • Internet Connectivity
  • Internet Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Target - 90 minutes initial response.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We will provide a Standard level of support based on which will be included within the service licence cost. This includes access by telephone or email to the remote support teams during contracted hours. A technical account manager will be provided.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide comprehensive assistance throughout the Workflow Automation implementation journey. This includes project management, engineering, and training support. Our Training Academy offers accredited remote training with trainer-supported eLearning. Additionally, we provide learning resources and expert mentoring for users. Full user documentation is also provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data extraction is easily done through API integration with external systems or via file exports, with simple configuration options available for both methods.
• End-of-contract process: Once written notice to terminate the service (in line with the agreement) has been received, service will be scheduled for closure on the agreed date. We will work with you to ensure your data is extracted in an agreed format. All data stored, including backups, will be securely deleted using industry standard best practise methods.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The workflow automation platform seamlessly functions on both desktop and mobile devices. Although applications are developed on desktops, most user interface components are compatible across all devices. Certain features optimise for desktop's larger screens, while others leverage mobile's native functionalities, available exclusively on mobile. Applications operate through web interfaces or native apps, including offline functionality.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Our Workflow Automation software service provides a browser-based service interface. This interface is designed to be intuitive and simple to use, whilst enabling full access to the user and administrative features provided by the low-code automation application. User access to the service interface is secure.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: The browser-based interface supports user accessibility through third-party tools like Dragon, Jaws, and screen readers. These tools can be deployed on users' desktops or within the browser, enhancing accessibility for all users.
• API: Yes
• What users can and can't do using the API: The platform features a generic REST adaptor, enabling configuration for connections to various REST-based resources. Additionally, specific adaptors cater to distinct solutions. API endpoints can be exposed via REST or SOAP, facilitating data retrieval, push, and event triggering for third parties.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The platform can be fully customised by users with platform configuration training and authorised access.

Scaling

• Independence of resources: Platform instances operate on specialised virtual instances hosted on either Azure or AWS cloud platforms. Each customer receives personalised dedicated service. Users are equipped with server monitoring tools to oversee and manage their allocated resources effectively.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics are customisable based on implemented applications, commonly including: - Active instances count - Pages processed per minute - User login frequency - Records created per minute All historical reports are available for manual download in Excel format.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Netcall, Nintex, Mendix, UiPath

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data to Excel (CSV) or using the REST API.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • JSON
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Agreed service availability of up to 99.9%, 24/7 Service level agreements can be discussed as part of your contract.
• Approach to resilience: Information regarding the resilience of the data centre is available upon request.
• Outage reporting: The event management process diligently oversees the cloud systems and services of our RPA platform for availability and system health. Our system management tools promptly detect events and notify our Customer Support team of any threshold breaches or service outages. Our Customer Support team takes immediate action to inform customers of any service disruptions, customised to their specific business requirements. Communication channels include email or telephone, reaching out to the customer's service desk or designated contacts. Customers receive detailed alerts specifying the affected service, potential impact on their IT operations, and reference information for further inquiry. Our Customer Support team maintains continuous communication, providing regular updates on the expected service restoration time until resolution.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Our service has a range of security controls to ensure the security requirements will be met. These include built in Role management, Security Policy, Login Control, Object permissions and Interface permissions.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyds Register
• ISO/IEC 27001 accreditation date: 15/04/2020
• What the ISO/IEC 27001 doesn’t cover: Not Applicable
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: It is also accredited to the NHS DSP Toolkit and CyberEssentials+
• Information security policies and processes: All Information Security Policies and procedures adhere to the ISO27001:2013 standard, documented within the Information Security Statement of Applicability (SOA). Process owners undergo both internal and external audits to ensure adherence to the policies delineated in the SOA, including but not limited to: - Quality Policy - Security Guiding Principles - Information Security Policy - Clear Desk Policy - Keyholder Policy - Access Control Policy - Information Classification Policy - Data Protection Policy - Network Access Control Policy - Information Exchange Policy - Password Policy - Cryptographic Policy - External Parties Access Control Policy These policies undergo regular review throughout the year, with updates and revisions documented in the Audit Calendar.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Service Change Management procedures undergo audits in accordance with the ISO27001:2013 and ISO9001:2015 Information Security standards. The Statement of Applicability for these standards is available upon request. Any proposed changes must obtain approval from the appropriate authority at our organisation, validated against the corresponding tracker ticket, before implementation.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our compliance approach involves conducting both external and internal vulnerability scans to bolster our vulnerability management system and streamline internal patching. Identified vulnerabilities are escalated through our tracker system, integrated into our Risk Assessment and Vulnerability Management Process, supporting our ISO accreditations. Prioritised vulnerabilities from scans are melded into our Risk Assessment and resolution process. Our operations team and relevant process owners review these findings to prompt resolution. If needed, threat control measures and corrective actions are taken, with tickets linked to the original vulnerability for audit, ensuring robust risk mitigation and resolution.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We effectively manage and mitigate compromises to confidentiality, integrity, and availability of information assets through our Incident Management System. While control and ownership are centralised, they are overseen collaboratively with stakeholders. This process adheres to ISO 27001:2013, linking risks to treatments and SLAs. Incidents are monitored /recorded through various channels: - Customer or production support calls - Account managers' reports - Post-change assessments - Routine risk reviews - Actual security incidents - Identification via Intrusion Detection Systems or Intrusion Prevention Systems Information Security Manager (collaboration with process owners and relevant stakeholders) takes ownership of resolving compromises and implementing preventative measures.
• Incident management type: Supplier-defined controls
• Incident management approach: We employ both native and licensed software solutions to effectively manage risks, ensuring compliance with ISO27001:2013 standards for Incident Management. Our approach integrates tracking mechanisms, linking risks and assessments to corrective and preventative actions. Incidents are logged following changes, risk reviews, security breaches, event identification, or, in extreme cases, activation of the Business Continuity Plan. The Information Security Manager takes ownership of incidents, collaborating with process owners and affected stakeholders to swiftly identify, contain, and resolve issues. Our Tracker system plays a pivotal role in prioritising, customising, and providing transparent progress updates on risk management to stakeholders.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  All Core solutions are hosted in the Microsoft Cloud platform, which is currently 79-93% more energy efficient than a traditional on premise datacentre. All Core staff are also issued with modern Energy Star rated laptop devices which typically consume 2/3 less electrical power than desktop computers.; ; Core runs no on premises IT infrastructure and all internal services are cloud-based, ensuring that all service compute is done using high efficiency hardware and powered by renewable energy. It reduces the demand for mined precious materials, manufacturing and road transportation impacts associated with acquiring and receiving private infrastructure, as well as overall energy consumption inefficiencies of running infrastructure that may not be being optimally utilised.; ; Core advocates and supports the adoption of Remote and Hybrid Working to reduce unnecessary travel and associated emissions, reduce our corporate office footprint and support flexible working practices for our teams. ; ; In early 2022, we completed an audit of all end user devices in use across the company and calculated the carbon footprint generated as they are used to deliver our business outcomes, and we are currently developing a program to not only offset this in a properly accredited scheme, but to provide offerings to support our customers and partners to be able to easily do the same. We use Greenly as our carbon management reporting platform to calculate and monitor our scope 1,2, and 3 emissions, and build custom action plans to work towards reduction. In the recent years, we have also contracted Oblong Trees to plant a tree for any existing employee and new starter.; ; Microsoft, with their commitment to reaching net zero emissions by 2030, will enable Core to become a net zero emissions organisation in the same timeframe.

  Covid-19 recovery

  Core changed our operational policies to protect our staff during the Covid 19 pandemic, and to help our customers to continue to build and develop services to support a hybrid workforce.; ; We provide solutions to help customers make the most of remote working, including the ability to support and manage services without having to travel to specific office locations. However, these solutions also seamlessly enable users to work in the office environment too.; ; This includes full collaboration and communication solutions and employee wellbeing platforms to ensure that staff are supported and included, regardless of their location.; ; Our solutions will help customers to continue to work with no impact on user productivity in the event of a future wave of Covid-19 causing health concerns or impacting travel or office attendance capability, such as lockdown or if a member of staff tests positive for Covid-19.

  Tackling economic inequality

  Core is a London Living Wage accredited employer, ensuring that our staff members are able to live and thrive in their life outside of work (Decent work and Economic Growth).; We are an inclusive employer, hiring people based on their talents and capabilities, regardless of any other factors (Gender Equality and Reduced Inequalities).; Core hires new entrants to the employee marketplace where possible, such as graduates, then trains and develops them to start their IT career journey with Core, building skills and experience (Decent work and Economic Growth).; Core’s hybrid working policy enables people who may have personal responsibilities such as care for children or other dependants who may not be suited to an environment where they have to attend an office on a daily basis (Gender Equality and Reduced Inequalities).; Core is continually hiring staff as our business grows and develops. We currently have open roles in both London and Gdansk, and every new contract, such as this one, secures existing employment and presents opportunities for us to continue to grow our team. (Decent work and Economic Growth); Core funds training and development of all staff and encourages involvement in programmes that enable us to continuously develop our technical acumen. (Decent work and Economic Growth); Every employee at Core has a vested stake in our business success, all qualifying post probationary employees participate in an Enterprise Management Incentive where they have an equity stake in the Core business (Decent work and Economic Growth).; Core’s employee benefits package includes Life Assurance and Private Healthcare coverage for the employee and the option of their immediate families at no cost to the staff member, other than the income tax liability (Good Health and Wellbeing).; Every member of permanent staff is enrolled in the company’s Pension Scheme (Decent work and Economic Growth).

  Equal opportunity

  We are an inclusive employer, hiring people based on their talents and capabilities, regardless of any other factors (Gender Equality and Reduced Inequalities).; Core hires new entrants to the employee marketplace where possible, such as graduates, then trains and develops them to start their IT career journey with Core, building skills and experience (Decent work and Economic Growth).; Core’s hybrid working policy enables people who may have personal responsibilities such as care for children or other dependants who may not be suited to an environment where they have to attend an office on a daily basis (Gender Equality and Reduced Inequalities).; Core funds training and development of all staff and encourages involvement in programmes that enable us to continuously develop our technical acumen. (Decent work and Economic Growth).; Every employee at Core has a vested stake in our business success, all qualifying post probationary employees participate in an Enterprise Management Incentive where they have an equity stake in the Core business (Decent work and Economic Growth).; Core’s employee benefits package includes Life Assurance and Private Healthcare coverage for the employee and the option of their immediate families at no cost to the staff member, other than the income tax liability (Good Health and Wellbeing).; Every member of permanent staff is enrolled in the company’s Pension Scheme (Decent work and Economic Growth).

  Wellbeing

  All Core permanent staff are entitled to 25 days annual leave per year, plus Public Holidays.; Core’s hybrid working policy enables people who may have personal responsibilities such as care for children or other dependants who may not be suited to an environment where they have to attend an office on a daily basis (Gender Equality and Reduced Inequalities).; Core’s employee benefits package includes Life Assurance and Private Healthcare coverage for the employee and the option of their immediate families at no cost to the staff member, other than the income tax liability (Good Health and Wellbeing).; Core conducts frequent Employee surveys, collecting feedback from our team on how the business can adapt or improve, internally or externally. We get good engagement from this process and all employee feedback is reviewed, discussed and implemented where appropriate. (Good health and Wellbeing)

Pricing

• Price: £395 to £1,695 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at webenquiry@core.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.