Bizagi Limited

Bizagi Modeler Services

Bizagi Modeler and Modeler Services provide Cloud-based services to model, document, manage, publish, collaborate on and govern process models.
Modeler Services allow users to create, optimize and publish operational processes to increase efficiency and governance, transforming Bizagi Modeler into a global portal for process governance and compliance.

Features

• Business process modelling (online and offline) and simulation
• Business process documentation and publishing: DOCX, PDF, Web, SharePoint
• Business process sharing: centralized process repository, dedicated Cloud portal
• Collaboration (incl. comments/messaging with real-time notifications)
• Process compliance tracking
• Value chain diagrams
• Cloud storage (diagrams, models, attachments) on Microsoft Azure
• Single-tenant Cloud service with custom sub-domain URL
• Integrated identity provider and Single Sign-On
• Advanced search and activity stream

Benefits

• Model, optimise and publish operational business processes
• Define roles (RACI matrix), risks, business rules and KPIs
• Simulate processes to identify bottlenecks and opportunities for optimisation
• Track all the changes performed on the business processes
• Version business processes to create snapshots and achieve better control
• Create/export process documentation in a variety of formats
• Provide employees with a view of their individual processes
• Track and ensure process governance and compliance
• Model the entire process landscape through value chain diagrams
• Increase efficiency and governance across the entire workforce

£15,000 an instance

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tim.Weatherall@bizagi.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

220152701633036

Contact

Tim Weatherall
+44 (0) 1753 379270
Tim.Weatherall@bizagi.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No constraints
• System requirements:
  • Windows 10/8.1/7, Server 2016/2012 R2
  • Microsoft .NET framework 4.6.1
  • Microsoft Edge, IE 10/11, Chrome 24, Firefox 19

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Typical response times, depending on severity reported, are as below (hrs are working hours): Premium Service - Gold response time between 1 to 8 hrs (24x7). Premium Service - Silver response time between 2 to 16 hrs (8x5). Premium Service - Bronze response time between 3 to 24 hrs (8x5). Bizagi Basic Support service is not subjected to SLAs on response times.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: Bizagi offers two support levels (please refer to 'Ongoing Support' question): A) Basic Support Service (with no response time SLAs). The cost of the Basic Support is embedded in the Cloud licenses agreement. B) Premium Support Service (with response time SLAs) which you may purchase separately according to your requirements. Our Premium Support service is offered in three modalities - Gold, Silver and Bronze depending on the service level requirements you may have. Our support service provides you with remote assistance for problems with specific symptoms encountered while using Bizagi process automation suite. All interaction with our Support Centre should be done via our ticketing system which is accessed through our secure support site. If a Customer subscribes to either the Premium Gold or Silver support service tier, Bizagi provides the services of a dedicated UK-based Service Delivery Manager and the availability of a telephone number to facilitate the communication of support severity 1 incidences.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Bizagi provides onsite & online training and user documentation to support getting started with Bizagi Modeler Services. Additionally, our Professional Services team are willing to support your users to start to use Modeler Services and become proficient in as short a time as possible.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Upon the expiry of the Term, at Customer’s request, and for a period of up to sixty (60) days after the effective date of termination, Bizagi will make available Customer’s Data To be retrieved by the Customer. ; ; At the end of such 60 days’ period, Bizagi will thereafter delete or destroy all copies of Customer’s Data in Bizagi Modeler Services or otherwise in Bizagi possession or control, unless legally prohibited for doing so. Bizagi will confirm such deletion and/or destruction in writing within ten (10) days of the Customer’s request for such confirmation.
• End-of-contract process: Upon the expiry of the Term, Customer shall not access or use the Bizagi Modeler Services, including the Documentation; however, at Customer’s request, and for a period of up to sixty (60) days after the effective date of termination, Bizagi will make available Customer’s Data To be retrieved by the Customer. ; ; At the end of such 60 days’ period, Bizagi will thereafter delete or destroy all copies of Customer’s Data in Bizagi Modeler Services or otherwise in Bizagi possession or control, unless legally prohibited for doing so. Bizagi will confirm such deletion and/or destruction in writing within ten (10) days of the Customer’s request for such confirmation.; ; Bizagi Modeler Services rely on a Storage subsystem that makes customer data unavailable upon termination of the contract. All copies of the deleted data item are then garbage collected and the physical bits are overwritten when the associated storage block is reused for storing other data, as is typical with standard computer hard drives.; ; In addition, Bizagi enforces a Safe disk erase policy, which covers the steps required to safely destroy the information contained in physical disks drives using DBAN software.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Users accessing the Modeler Services portal from a mobile device, through one of the supported Internet browsers, have access to the full set of features available to desktop users, with no difference or restriction in functionality.; Please refer to the "service interface" section for further details.
• Service interface: Yes
• Description of service interface: Modeler Services provides a browser-based portal, accessible with Single Sign-on.; ; Features available to users (depending on their role) include:; - Browsing/navigating the entire process landscape: models, folders/layers, value chain diagrams, processes/sub-processes, activities; - Browsing individual elements/shapes and their associated documentation: description, basic/extended attributes (KPIs/metrics, RACI matrix, tables), embedded/linked documents; - Process sharing and collaboration (comments and notifications); - Advanced search.; ; Navigation is possible in every direction (vertically and horizontally) and is aided by a "breadcrumbs" feature, which displays a hierarchical and clickable path of the current element (model, folder, process/sub-process) at the top of each page.
• Accessibility standards: None or don’t know
• Description of accessibility: Both Bizagi Modeler and the Modeler Services portal are designed following guidelines that include usability aspects. Features that can be used to improve the usability of the system are:; - IntelliSense (auto complete) when dragging & dropping diagram shapes; - Definition of default/ad-hoc sizes/fonts for BPMN shapes; - Definition of detailed shape layout, such as outline/border and background colour; - Spell checker; - Grid with smart alignment; - Definition of ad hoc artefacts: Bizagi provides the ability to expand the palette of symbols via custom artefacts, which users can create, as well as manage (edit/remove) directly from the tool.
• Accessibility testing: The Modeler Sevices portal is designed by following guidelines that include usability aspects. Currently, there is no conformance level to the WCAG guidelines, however most aspects that make the portal operable and understandable are implemented.; ; Bizagi Modeler is fully drag-and-drop. The Modeler’s IntelliSense coupled with its unique look and feel allows users to quickly and easily map and document business processes. ; ; With IntelliSense (auto-complete), each time a shape in dropped onto the canvas, the user is presented with the selection of shapes allowed at that point (from a BPMN point of view), thereby guaranteeing the semantic integrity of the process model.
• API: No
• Customisation available: Yes
• Description of customisation: Bizagi Modeler and Modeler Services users can customise:; 1) Branding, look and feel of the Modeler Services collaboration portal; 2) Language of the Modeler and the Modeler Services portal ; 3) Definition of default or ad-hoc sizes/fonts for BPMN shapes; 4) Definition of detailed shape layout, such as outline/border and background colour; 5) Definition of ad hoc artefacts to expand the palette of symbols via custom artefacts; 6) Choice of document template (.DOT) and structure to use when publishing documentation; 7) Choice of diagrams and their shapes to publish for sharing purposes; 8) Access control for individual users and groups of users, to individual process models and each folder, process/sub-process and value chain diagram ; 9) Roles and RACI matrix for individual tasks and whole processes; 10) KPIs for individual tasks and whole processes; 11) Process hierarchy as folders and sub-folders; 12) Job titles/roles for individual users; 13) Definition of user groups for the purpose of process or tasks ownership (RACI); 14) Look and feel of notification emails for users invited to collaborate and/or approve/review changes to process diagrams (compliance); 15) Timing, cost and resources allocated to tasks, for simulation purposes.

Scaling

• Independence of resources: Each customer relies on a dedicated instance with private storage and a personalised URL. These environments are entirely independent of each other. Additionally, each one of them is set up to handle the number of users acquired with the subscription. Their requirements are specifically tailored to optimise their load.

Analytics

• Service usage metrics: Yes
• Metrics types: Real-time dashboards are generated, for the selected/configured time range, on any of the following metrics:; ; Total portal visits, Unique portal visits, Total diagram visits, Unique diagram visits, Total element visits, Unique element visits, Comments, Comment replies.; ; They can be filtered on any combination of the following user properties: Job title, Location, Device used.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export data via the following options:; 1) Export/save the process model(s) and its/their diagrams(s); 2) Publish the process model(s)/diagrams(s) and all the documentation/data, in a generated document (DOCX, PDF) or onto a server (HTML, Wiki, SharePoint); 3) Export attributes/KPIs (XML).; ; See next category for further details.; Please see "Data export formats" for further details on any of the options above and supported formats.
• Data export formats: Other
• Other data export formats:
  • MS Word (DOCX), Excel (XLSX), Visio (VSDX)
  • Adobe PDF
  • HTML (generic Web or Wiki), SharePoint
  • XPDL
  • BPMN 2.0 XML
  • PNG, BPM, SVG, JPG
  • Bizagi Modeler (BPM)
  • XML (for extended attributes/KPIs)
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • MS Visio (VSDX)
  • BPMN 2.0 XML
  • XPDL
  • Bizagi Modeler (BPM)

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Bizagi provides a Monthly Up-time Percentage of 99,9% to the customer.; ; Expected service availability does not include planned downtime.; ; If Bizagi does not achieve the SLA Commitment in any given month, you are eligible to receive Service Credits towards a portion of the monthly service fees, as described below:; Monthly Uptime Percentage < 99.9%, Service credit = 10%; Monthly Uptime Percentage < 99%, Service credit = 25%; Regarding Service Credits:; •The parties acknowledge that each Service Credit is a genuine pre-estimate of the loss likely to be suffered by you and not a penalty.; •The provision of a Service Credit set forth herein represents a Customer’s sole and exclusive remedy if Bizagi does not achieve the SLA Commitment. Customers cannot unilaterally offset their Service Fees for any availability issues.; •Service Credits shall be shown as a deduction from the amount due from the Customer to the Supplier in the next invoice due to be issued under the Main Agreement. The Supplier shall not in any circumstances be obliged to pay any money or make any refund to the Customer.
• Approach to resilience: Bizagi is committed to delivering 99.9% SLA uptime. To do so, Bizagi keeps backups of databases and servers to protect against hardware failures and increase system reliability. Bizagi conducts 24x7 monitoring on the services and underlying technology and has five data centres around the world ( North Europe, West Europe, Southeast Asia, SoutCentral US, and East US) to provide higher performance and meet data location requirements.​ Bizagi relies on Microsoft Azure as its IaaS. Microsoft is a tier 1 datacentre.
• Outage reporting: Bizagi Modeler Services lies in Azure security Controls, so in case of a service failure, Bizagi's support team will alert via email about the incident.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to any Bizagi information asset involved in Cloud Operations Services is authenticated using:; ▪ Unique identifiers (to insure individual accountability and auditability);; ▪ Together with passwords (of approved complexity) or tokens (collectively known as credentials), before it can be accessed.; Authentication methods are appropriate to the classification of the information and/or functionality being accessed.; ; Available options for user authentication are:; 1) SAML authentication: Azure AD / ADFS ; 2) Google; 3) Microsoft Live; 4) Bizagi.com.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas – UKAS
• ISO/IEC 27001 accreditation date: June 2018
• What the ISO/IEC 27001 doesn’t cover: Our ISO/IEC 27001 certification DOES cover planned processes,; procedures and sites. Reviewed documents include: Information Security and Compliance Manual SC-MA-001, Statement of applicability format SC-FO- 027, Security and privacy training and awareness policy, Workforce security policy, Physical and environmental security policy, Access control policy, Information security incident handling policy, Network security policy, Protection from malicious software policy, Event log and monitoring policy, Data backup and restore policy, Mobile working policy, Information classification and handling policy, Cryptography policy, Information security in project management policy, Information security in upplier’s management policy, Vulnerability management policy, Operations security policy, Bussiness Continuity Manual.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications:
  • HIPAA (Health Insurance Portability and Accountability Act of 1996)
  • FedRAMP (Federal Risk and Authorization Management Program)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ​The following specific policies exist to support our Information Security Policy:; • Security and privacy training and awareness policy; • Workforce security policy; • Physical and environmental security policy; • Access control policy; • Information security incident handling policy; • Network security policy; • Protection from malicious software policy; • Event log and monitoring policy; • Data backup and restore policy; • Mobile working policy; • Information classification and handling policy; • Cryptography policy; • Information security in project management policy; • Information security in supplier’s management policy; • Vulnerability management policy; • Operations security policy.; ; Our Information Security Policy is reviewed on a yearly basis to ensure it remains appropriate for the business and its ability to serve customers in case of influencing changes on the ISMS (Information Security Management System).​; ; Bizagi enforces security policies at all levels: staff, line managers, senior management.; Periodical reviews are carried out to verify compliance with the security policies. These reviews consider all levels in the organization.; Critical security aspects such as those regarding the Network security policy, Servers security policy, Acceptable use, among others, are being monitored in real-time to raise alarms and take proper actions when violations occur.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our Change Management Procedure defines how to:; 1) Create a Request for change (RFC); 2) Verify and analyze RFC; 3) Approve RFC; 4) Review and implement change; 5) Perform Post-implementation review.; The process is initiated when the IT or Cloud department receives a request to perform a change in the systems or platforms, when a schedule change must be performed, or when an emergency contingency plan must be executed. The change initiator defines the type of change (IT, Cloud, or Operations) and the impact of the change (including the downtime in hours), and they assign a change responsible.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management policy (ISO 27001 compliant) defines a vulnerability assessment frequency:; - Common vulnerabilities and critical patch releases are reviewed monthly; - Independent assessments are performed once per year.; - All new information assets to be included as productive are assessed and documented with no critical or high vulnerabilities.; Vulnerability remediation takes into account its severity (Critical/High/Medium/Low/Information) and is deployed either manually or by using available and authorized automated software (e.g. patch distribution systems) . An emergency process defines how to install patches outside of the regular patching schedule when high-risk vulnerabilities are identified.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Bizagi provides Cloud Operations Team with experts taking care of all underlying infrastructure, components and servicesm, including 24/7 monitoring.; ; A Security Incident Response Team (SIRT) is in established, with effective training, and backed by the Information Security Officer. Incidents are reported to the Information Security Officer.; ; According to the criticity of the incident, remedy measures (e.g, hotfixes, service packs, patches or updates) undergo immediate action by relying on System Center Configuration Manager.; ; Whenever any of the above would potentially affect a customer, a bulletin is issued to notify that customers are expected to take actions as well.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident handling procedure defines how to report any security incident of a significant risk:; 1) Register a security incident report through the Bizagi Help Desk; 2) Analyze a potential security incident, based on; - Attack vector: attrition, Web, Email/Phishing, External/Removable Media, Impersonation/Spoofing, Improper Usage, Loss or Theft of Equipment.; - Functional Impact to business functionality or ability to provide services.; - Information Impact: type of information lost, compromised, or corrupted; - Recoverability: scope of resources needed to recover from the incident: Location/Actors involved/Potential impact; 3) Define and execute plan to manage the incident, comprising of:; Risk assessment/Containment Mitigation/Recovery.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £15,000 an instance
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Bizagi Modeler, our powerful BPMN standard process design tool is available as a free download with limited features. Our Modeler Services product allows teams within organisations to collaborate across process definitions to arrive at your company's standards.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tim.Weatherall@bizagi.com. Tell them what format you need. It will help if you say what assistive technology you use.