Bizagi Limited

Bizagi Modeler Services

Bizagi Modeler and Modeler Services provide Cloud-based services to model, document, manage, publish, collaborate on and govern process models.
Modeler Services allow users to create, optimize and publish operational processes to increase efficiency and governance, transforming Bizagi Modeler into a global portal for process governance and compliance.


  • Business process modelling (online and offline) and simulation
  • Business process documentation and publishing: DOCX, PDF, Web, SharePoint
  • Business process sharing: centralized process repository, dedicated Cloud portal
  • Collaboration (incl. comments/messaging with real-time notifications)
  • Process compliance tracking
  • Value chain diagrams
  • Cloud storage (diagrams, models, attachments) on Microsoft Azure
  • Single-tenant Cloud service with custom sub-domain URL
  • Integrated identity provider and Single Sign-On
  • Advanced search and activity stream


  • Model, optimise and publish operational business processes
  • Define roles (RACI matrix), risks, business rules and KPIs
  • Simulate processes to identify bottlenecks and opportunities for optimisation
  • Track all the changes performed on the business processes
  • Version business processes to create snapshots and achieve better control
  • Create/export process documentation in a variety of formats
  • Provide employees with a view of their individual processes
  • Track and ensure process governance and compliance
  • Model the entire process landscape through value chain diagrams
  • Increase efficiency and governance across the entire workforce


£15,000 an instance

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

2 2 0 1 5 2 7 0 1 6 3 3 0 3 6


Bizagi Limited Tim Weatherall
Telephone: +44 (0) 1753 379270

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
No constraints
System requirements
  • Windows 10/8.1/7, Server 2016/2012 R2
  • Microsoft .NET framework 4.6.1
  • Microsoft Edge, IE 10/11, Chrome 24, Firefox 19

User support

Email or online ticketing support
Email or online ticketing
Support response times
Typical response times, depending on severity reported, are as below (hrs are working hours): Premium Service - Gold response time between 1 to 8 hrs (24x7). Premium Service - Silver response time between 2 to 16 hrs (8x5). Premium Service - Bronze response time between 3 to 24 hrs (8x5). Bizagi Basic Support service is not subjected to SLAs on response times.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Support levels
Bizagi offers two support levels (please refer to 'Ongoing Support' question): A) Basic Support Service (with no response time SLAs). The cost of the Basic Support is embedded in the Cloud licenses agreement. B) Premium Support Service (with response time SLAs) which you may purchase separately according to your requirements. Our Premium Support service is offered in three modalities - Gold, Silver and Bronze depending on the service level requirements you may have. Our support service provides you with remote assistance for problems with specific symptoms encountered while using Bizagi process automation suite. All interaction with our Support Centre should be done via our ticketing system which is accessed through our secure support site. If a Customer subscribes to either the Premium Gold or Silver support service tier, Bizagi provides the services of a dedicated UK-based Service Delivery Manager and the availability of a telephone number to facilitate the communication of support severity 1 incidences.
Support available to third parties

Onboarding and offboarding

Getting started
Bizagi provides onsite & online training and user documentation to support getting started with Bizagi Modeler Services. Additionally, our Professional Services team are willing to support your users to start to use Modeler Services and become proficient in as short a time as possible.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Upon the expiry of the Term, at Customer’s request, and for a period of up to sixty (60) days after the effective date of termination, Bizagi will make available Customer’s Data To be retrieved by the Customer.

At the end of such 60 days’ period, Bizagi will thereafter delete or destroy all copies of Customer’s Data in Bizagi Modeler Services or otherwise in Bizagi possession or control, unless legally prohibited for doing so. Bizagi will confirm such deletion and/or destruction in writing within ten (10) days of the Customer’s request for such confirmation.
End-of-contract process
Upon the expiry of the Term, Customer shall not access or use the Bizagi Modeler Services, including the Documentation; however, at Customer’s request, and for a period of up to sixty (60) days after the effective date of termination, Bizagi will make available Customer’s Data To be retrieved by the Customer.

At the end of such 60 days’ period, Bizagi will thereafter delete or destroy all copies of Customer’s Data in Bizagi Modeler Services or otherwise in Bizagi possession or control, unless legally prohibited for doing so. Bizagi will confirm such deletion and/or destruction in writing within ten (10) days of the Customer’s request for such confirmation.

Bizagi Modeler Services rely on a Storage subsystem that makes customer data unavailable upon termination of the contract. All copies of the deleted data item are then garbage collected and the physical bits are overwritten when the associated storage block is reused for storing other data, as is typical with standard computer hard drives.

In addition, Bizagi enforces a Safe disk erase policy, which covers the steps required to safely destroy the information contained in physical disks drives using DBAN software.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Compatible operating systems
Designed for use on mobile devices
Differences between the mobile and desktop service
Users accessing the Modeler Services portal from a mobile device, through one of the supported Internet browsers, have access to the full set of features available to desktop users, with no difference or restriction in functionality.
Please refer to the "service interface" section for further details.
Service interface
Description of service interface
Modeler Services provides a browser-based portal, accessible with Single Sign-on.

Features available to users (depending on their role) include:
- Browsing/navigating the entire process landscape: models, folders/layers, value chain diagrams, processes/sub-processes, activities
- Browsing individual elements/shapes and their associated documentation: description, basic/extended attributes (KPIs/metrics, RACI matrix, tables), embedded/linked documents
- Process sharing and collaboration (comments and notifications)
- Advanced search.

Navigation is possible in every direction (vertically and horizontally) and is aided by a "breadcrumbs" feature, which displays a hierarchical and clickable path of the current element (model, folder, process/sub-process) at the top of each page.
Accessibility standards
None or don’t know
Description of accessibility
Both Bizagi Modeler and the Modeler Services portal are designed following guidelines that include usability aspects. Features that can be used to improve the usability of the system are:
- IntelliSense (auto complete) when dragging & dropping diagram shapes
- Definition of default/ad-hoc sizes/fonts for BPMN shapes
- Definition of detailed shape layout, such as outline/border and background colour
- Spell checker
- Grid with smart alignment
- Definition of ad hoc artefacts: Bizagi provides the ability to expand the palette of symbols via custom artefacts, which users can create, as well as manage (edit/remove) directly from the tool.
Accessibility testing
The Modeler Sevices portal is designed by following guidelines that include usability aspects. Currently, there is no conformance level to the WCAG guidelines, however most aspects that make the portal operable and understandable are implemented.

Bizagi Modeler is fully drag-and-drop. The Modeler’s IntelliSense coupled with its unique look and feel allows users to quickly and easily map and document business processes.

With IntelliSense (auto-complete), each time a shape in dropped onto the canvas, the user is presented with the selection of shapes allowed at that point (from a BPMN point of view), thereby guaranteeing the semantic integrity of the process model.
Customisation available
Description of customisation
Bizagi Modeler and Modeler Services users can customise:
1) Branding, look and feel of the Modeler Services collaboration portal
2) Language of the Modeler and the Modeler Services portal
3) Definition of default or ad-hoc sizes/fonts for BPMN shapes
4) Definition of detailed shape layout, such as outline/border and background colour
5) Definition of ad hoc artefacts to expand the palette of symbols via custom artefacts
6) Choice of document template (.DOT) and structure to use when publishing documentation
7) Choice of diagrams and their shapes to publish for sharing purposes
8) Access control for individual users and groups of users, to individual process models and each folder, process/sub-process and value chain diagram
9) Roles and RACI matrix for individual tasks and whole processes
10) KPIs for individual tasks and whole processes
11) Process hierarchy as folders and sub-folders
12) Job titles/roles for individual users
13) Definition of user groups for the purpose of process or tasks ownership (RACI)
14) Look and feel of notification emails for users invited to collaborate and/or approve/review changes to process diagrams (compliance)
15) Timing, cost and resources allocated to tasks, for simulation purposes.


Independence of resources
Each customer relies on a dedicated instance with private storage and a personalised URL. These environments are entirely independent of each other. Additionally, each one of them is set up to handle the number of users acquired with the subscription. Their requirements are specifically tailored to optimise their load.


Service usage metrics
Metrics types
Real-time dashboards are generated, for the selected/configured time range, on any of the following metrics:

Total portal visits, Unique portal visits, Total diagram visits, Unique diagram visits, Total element visits, Unique element visits, Comments, Comment replies.

They can be filtered on any combination of the following user properties: Job title, Location, Device used.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export data via the following options:
1) Export/save the process model(s) and its/their diagrams(s)
2) Publish the process model(s)/diagrams(s) and all the documentation/data, in a generated document (DOCX, PDF) or onto a server (HTML, Wiki, SharePoint)
3) Export attributes/KPIs (XML).

See next category for further details.
Please see "Data export formats" for further details on any of the options above and supported formats.
Data export formats
Other data export formats
  • MS Word (DOCX), Excel (XLSX), Visio (VSDX)
  • Adobe PDF
  • HTML (generic Web or Wiki), SharePoint
  • XPDL
  • BPMN 2.0 XML
  • Bizagi Modeler (BPM)
  • XML (for extended attributes/KPIs)
Data import formats
  • CSV
  • Other
Other data import formats
  • MS Visio (VSDX)
  • BPMN 2.0 XML
  • XPDL
  • Bizagi Modeler (BPM)

Data-in-transit protection

Data protection between buyer and supplier networks
Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Bizagi provides a Monthly Up-time Percentage of 99,9% to the customer.

Expected service availability does not include planned downtime.

If Bizagi does not achieve the SLA Commitment in any given month, you are eligible to receive Service Credits towards a portion of the monthly service fees, as described below:
Monthly Uptime Percentage < 99.9%, Service credit = 10%
Monthly Uptime Percentage < 99%, Service credit = 25%
Regarding Service Credits:
•The parties acknowledge that each Service Credit is a genuine pre-estimate of the loss likely to be suffered by you and not a penalty.
•The provision of a Service Credit set forth herein represents a Customer’s sole and exclusive remedy if Bizagi does not achieve the SLA Commitment. Customers cannot unilaterally offset their Service Fees for any availability issues.
•Service Credits shall be shown as a deduction from the amount due from the Customer to the Supplier in the next invoice due to be issued under the Main Agreement. The Supplier shall not in any circumstances be obliged to pay any money or make any refund to the Customer.
Approach to resilience
Bizagi is committed to delivering 99.9% SLA uptime. To do so, Bizagi keeps backups of databases and servers to protect against hardware failures and increase system reliability. Bizagi conducts 24x7 monitoring on the services and underlying technology and has five data centres around the world ( North Europe, West Europe, Southeast Asia, SoutCentral US, and East US) to provide higher performance and meet data location requirements.​ Bizagi relies on Microsoft Azure as its IaaS. Microsoft is a tier 1 datacentre.
Outage reporting
Bizagi Modeler Services lies in Azure security Controls, so in case of a service failure, Bizagi's support team will alert via email about the incident.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access to any Bizagi information asset involved in Cloud Operations Services is authenticated using:
▪ Unique identifiers (to insure individual accountability and auditability);
▪ Together with passwords (of approved complexity) or tokens (collectively known as credentials), before it can be accessed.
Authentication methods are appropriate to the classification of the information and/or functionality being accessed.

Available options for user authentication are:
1) SAML authentication: Azure AD / ADFS
2) Google
3) Microsoft Live
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Bureau Veritas – UKAS
ISO/IEC 27001 accreditation date
June 2018
What the ISO/IEC 27001 doesn’t cover
Our ISO/IEC 27001 certification DOES cover planned processes,
procedures and sites. Reviewed documents include: Information Security and Compliance Manual SC-MA-001, Statement of applicability format SC-FO- 027, Security and privacy training and awareness policy, Workforce security policy, Physical and environmental security policy, Access control policy, Information security incident handling policy, Network security policy, Protection from malicious software policy, Event log and monitoring policy, Data backup and restore policy, Mobile working policy, Information classification and handling policy, Cryptography policy, Information security in project management policy, Information security in upplier’s management policy, Vulnerability management policy, Operations security policy, Bussiness Continuity Manual.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • HIPAA (Health Insurance Portability and Accountability Act of 1996)
  • FedRAMP (Federal Risk and Authorization Management Program)

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
​The following specific policies exist to support our Information Security Policy:
• Security and privacy training and awareness policy
• Workforce security policy
• Physical and environmental security policy
• Access control policy
• Information security incident handling policy
• Network security policy
• Protection from malicious software policy
• Event log and monitoring policy
• Data backup and restore policy
• Mobile working policy
• Information classification and handling policy
• Cryptography policy
• Information security in project management policy
• Information security in supplier’s management policy
• Vulnerability management policy
• Operations security policy.

Our Information Security Policy is reviewed on a yearly basis to ensure it remains appropriate for the business and its ability to serve customers in case of influencing changes on the ISMS (Information Security Management System).​

Bizagi enforces security policies at all levels: staff, line managers, senior management.
Periodical reviews are carried out to verify compliance with the security policies. These reviews consider all levels in the organization.
Critical security aspects such as those regarding the Network security policy, Servers security policy, Acceptable use, among others, are being monitored in real-time to raise alarms and take proper actions when violations occur.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our Change Management Procedure defines how to:
1) Create a Request for change (RFC)
2) Verify and analyze RFC
3) Approve RFC
4) Review and implement change
5) Perform Post-implementation review.
The process is initiated when the IT or Cloud department receives a request to perform a change in the systems or platforms, when a schedule change must be performed, or when an emergency contingency plan must be executed. The change initiator defines the type of change (IT, Cloud, or Operations) and the impact of the change (including the downtime in hours), and they assign a change responsible.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our vulnerability management policy (ISO 27001 compliant) defines a vulnerability assessment frequency:
- Common vulnerabilities and critical patch releases are reviewed monthly
- Independent assessments are performed once per year.
- All new information assets to be included as productive are assessed and documented with no critical or high vulnerabilities.
Vulnerability remediation takes into account its severity (Critical/High/Medium/Low/Information) and is deployed either manually or by using available and authorized automated software (e.g. patch distribution systems) . An emergency process defines how to install patches outside of the regular patching schedule when high-risk vulnerabilities are identified.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Bizagi provides Cloud Operations Team with experts taking care of all underlying infrastructure, components and servicesm, including 24/7 monitoring.

A Security Incident Response Team (SIRT) is in established, with effective training, and backed by the Information Security Officer. Incidents are reported to the Information Security Officer.

According to the criticity of the incident, remedy measures (e.g, hotfixes, service packs, patches or updates) undergo immediate action by relying on System Center Configuration Manager.

Whenever any of the above would potentially affect a customer, a bulletin is issued to notify that customers are expected to take actions as well.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our incident handling procedure defines how to report any security incident of a significant risk:
1) Register a security incident report through the Bizagi Help Desk
2) Analyze a potential security incident, based on
- Attack vector: attrition, Web, Email/Phishing, External/Removable Media, Impersonation/Spoofing, Improper Usage, Loss or Theft of Equipment.
- Functional Impact to business functionality or ability to provide services.
- Information Impact: type of information lost, compromised, or corrupted
- Recoverability: scope of resources needed to recover from the incident: Location/Actors involved/Potential impact
3) Define and execute plan to manage the incident, comprising of:
Risk assessment/Containment Mitigation/Recovery.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£15,000 an instance
Discount for educational organisations
Free trial available
Description of free trial
Bizagi Modeler, our powerful BPMN standard process design tool is available as a free download with limited features. Our Modeler Services product allows teams within organisations to collaborate across process definitions to arrive at your company's standards.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.