Bizagi Limited

Bizagi Studio Collaboration Services

Bizagi Studio Collaboration Services complements Bizagi Studio by providing a Cloud-based, collaborative platform to model, build (automate) and run business process applications in the Cloud. Business process applications can be shared across and built by users anywhere in the world; they can be executed locally or in the Cloud.


  • Collaboration platform (Business/IT) for digital process automation
  • Business process modelling, simulation, documentation, automation, monitoring and optimisation
  • Centralized Cloud process repository: save projects directly in the Cloud
  • Isolated private Cloud based on Azure with custom URL
  • Integrated with Microsoft Azure AD and ADFS with Single Sign-On
  • Data modelling, UI/forms design, business rules engine, work allocation
  • Native integration with Microsoft Office 365 (Exchange, SharePoint, Dynamics, Word/Excel)
  • Native integration with all leading RPA (Robotic Process Automation) vendors
  • Easiest platform to use, highest customer satisfaction with cost/value ratio
  • Model once, run anywhere - native mobility, across all devices


  • Digital Process Automation (DPA) platform to digitise complex, government operations
  • Ready-to-use development environment enabling collaboration without geographical restrictions
  • Efficiency: no infrastructure or centralized repository to manage
  • Flexibility: run your applications locally or in our secure Cloud
  • Agility: rapid, controlled innovation through fast prototyping/experimentation
  • Fast time-to-market to deliver new business applications
  • Intelligent Process Automation (IPA) through combination of DPA and RPA
  • End-to-end process orchestration across systems, devices, people, robots (digital workers)
  • Legacy systems' modernisation, through an agile, connected process orchestration layer
  • True Cloud, 'Cloud first' architecture, native scalability, security, compliance


£9,100 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

4 6 3 2 6 5 0 0 8 3 7 0 4 7 8


Bizagi Limited Tim Weatherall
Telephone: +44 (0) 1753 379270

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
No constraints
System requirements
  • Windows 10/8.1/7SP1, Server 2019/2016/2012R2/2008R2SP1
  • Microsoft Edge v41, IE 11, Chrome 24, Firefox 19
  • (Optional) iOS 9, Android 5.0 for end users only

User support

Email or online ticketing support
Email or online ticketing
Support response times
Typical response times, depending on severity reported, are as below (hrs are working hours): Premium Service - Gold response time between 1 to 8 hrs (24x7). Premium Service - Silver response time between 2 to 16 hrs (8x5). Premium Service - Bronze response time between 3 to 24 hrs (8x5). Bizagi Basic Support service is not subjected to SLAs on response times.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Support levels
Bizagi offers two support levels (please refer to 'Ongoing Support' question): A) Basic Support Service (with no response time SLAs). The cost of the Basic Support is embedded in the Cloud licenses agreement. B) Premium Support Service (with response time SLAs) which you may purchase separately according to your requirements. Our Premium Support service is offered in three modalities - Gold, Silver and Bronze depending on the service level requirements you may have. Our support service provides you with remote assistance for problems with specific symptoms encountered while using Bizagi process automation suite. All interaction with our Support Centre should be done via our ticketing system which is accessed through our secure support site. If a Customer subscribes to either the Premium Gold or Silver support service tier, Bizagi provides the services of a dedicated UK-based Service Delivery Manager and the availability of a telephone number to facilitate the communication of support severity 1 incidences.
Support available to third parties

Onboarding and offboarding

Getting started
Bizagi provides onsite & online training and user documentation to support getting started with Bizagi Studio Collaboration Services. Additionally, our Professional Services team are willing to support your users to start to automate your digital processes using our Spark Methodology which will see you deliver business value in as short a time as possible. Please see our Bizagi Digital Process Automation Implementation Service offering in Lot 3 - Cloud Support.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Upon the expiry of the Term, Customer shall not access or use the Bizagi Studio Collaboration Services, including the Documentation; however, at Customer’s request, and for a period of up to sixty (60) days after the effective date of termination, Bizagi will make available Customer’s Data To be retrieved by the Customer.

At the end of such 60 days’ period, Bizagi will thereafter delete or destroy all copies of Customer’s Data in Bizagi Studio Collaboration Services or otherwise in Bizagi possession or control, unless legally prohibited for doing so. Bizagi will confirm such deletion and/or destruction in writing within ten (10) days of the Customer’s request for such confirmation.
End-of-contract process
Upon the expiry of the Term, Customer shall not access or use the Bizagi Studio Collaboration Services, including the Documentation; however, at Customer’s request, and for a period of up to sixty (60) days after the effective date of termination, Bizagi will make available Customer’s Data To be retrieved by the Customer.

At the end of such 60 days’ period, Bizagi will thereafter delete or destroy all copies of Customer’s Data in Studio Collaboration Services or otherwise in Bizagi possession or control, unless legally prohibited for doing so. Bizagi will confirm such deletion and/or destruction in writing within ten (10) days of the Customer’s request for such confirmation.

Bizagi Studio Collaboration Services relies on a Storage subsystem that makes customer data unavailable upon termination of the contract. All copies of the deleted data item are then garbage collected and the physical bits are overwritten when the associated storage block is reused for storing other data, as is typical with standard computer hard drives.

In addition, Bizagi enforces a Safe disk erase policy, which covers the steps required to safely destroy the information contained in physical disks drives using DBAN software.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
Designed for use on mobile devices
Differences between the mobile and desktop service
Bizagi Studio Collaboration Services supports a ‘model once, run anywhere’ philosophy – when you design your UI forms in the Forms Designer and then run the application (automated business process), forms will be rendered accordingly and optimally for all current mobile devices, with no need for additional configuration or programming. All of the UI widget controls that you can use in your interface design are intelligent – they understand how to render themselves appropriately for each device, whether it is the desktop device or the mobile device.
Service interface
Description of service interface
Bizagi Studio Collaboration Services is accessed through:

1) Bizagi Studio (Windows application), to create and manage a 'project', comprising of one or business process applications. Each business process can be modelled, simulated, documented, automated, monitored and optimised. All of the processes' definitions (metadata) is stored in the Cloud development environment.

2) Bizagi Management Console Web (browser-based), to administer and maintain development environments: manage scheduled jobs, view traces / event logs (including generating service usage metrics) and initiate maintenance windows.

For end users, please see also 'Work Portal' in the service interface description for Bizagi Automation Service.
Accessibility standards
None or don’t know
Description of accessibility
Bizagi provides several display features to configure accessibility options such as enabling bigger fonts or using high-contrast colours. Some of these settings are specific to each field in each form, others are global, others are available as a personal preference for each end user. Bizagi allows the creation of dynamic and flexible electronic forms, following all WCAG guidelines. Widgets like 'Field Narrator', 'Image Zoom', 'Voice Recognition', 'Text Reader" (all freely downloadable) provide addtional 'WCAG - functionality'. These widgets might be adapted to additional needs, and custom widgets can be designed using the browser-based Bizagi Widget Editor.
Accessibility testing
Bizagi is designed by following guidelines that include usability aspects. While currently there is no conformance level to the WCAG guidelines, most aspects that make the Work Portal operable and understandable follow precisely those guidelines.
What users can and can't do using the API
Bizagi natively exposes 3 SOAP Web Services APIs, which external applications can invoke for the purpose of: 1 - Creating/advancing/cancelling cases (business process instances), performing end-user tasks/activities, triggering events. 2 - Accessing/modifying the entities of the data model 3 - Exposing data gathered via custom reports , typically to be processed by an external BI solution. In addition, Bizagi provides programmatic access to the underlying business information in the data model via powerful APIs based on RESTful and OData services, oriented towards "stakeholders", i.e. special classes of end users. There are two types of OData services available: - Data services, providing access to stakeholder-owned data (e.g. all the cases owned by a civil servant), searches, processes, cases, queries and entities. - Metadata services, allowing access to information on configured stakeholders. Access to these OData/REST services is provided via OAuth applications, each with its configured access type (Authorization Code, Client credentials, or all) and allowed scope (full API access and/or Login). Through the SOAP and/or OData/REST APIs, Bizagi Automation Service can be driven programmatically by an external system.
A RAML descriptor is provided for native integration with MuleSoft.
API documentation
API documentation formats
  • HTML
  • PDF
  • Other
API sandbox or test environment
Customisation available
Description of customisation
Bizagi Studio Collaboration Services customers can customise most options of the Work Portal, including, but not limited to:
1) Branding and "theme"
2) Language and locale (date/currency formats)
3) Access control to menus and specific features (e.g. standard users vs. power users)
4) Dedicated user experience for "stakeholders" (special classes of end users)
5) End-user authorisation choice.

Automated business processes (business applications) executed in Bizagi Studio Collaboration Services are built to match the exact requirements from the customer.

Bizagi Studio Collaboration Services process designers / business analysts can customise business applications (individually or collectively) as follows:
1) Organisational structure (locations, departments, roles, positions, skills)
2) Process maps, i.e. sequence of tasks/activities, decisions, events
3) Data fields/attributes
4) Individual UI form/screen for each manual task
5) Business rules and policies
6) Work allocation/distribution criteria for each manual task
7) Integration points with external systems
8) Ready-made or custom-made UI widgets
9) Ready-made or custom-made integration connectors
10) Custom-made software components
11) Tailor-made scripts/expressions.
12) Number and type of "environments" (development / test / UAT / production / etc.)

Please also see the answer to this question under the "Modeler Services" service, as all those options also apply.


Independence of resources
Bizagi Studio Collaboration Services is based on independently deployed modules, each within its own web app. Applications includes middle-ware systems such as interfaces or databases, which process information based on the purpose of the web app. Isolation of each web app from others reduces the load on the whole system, which prioritizes requests based on their destination. For example, Studio Collaboration Services manages synchronization of data between co-developers through a different path than integrations with external systems. This architecture also permits robust controls and administration on each module.


Service usage metrics
Metrics types
Within the Management Console Web (browser-based) that comes with Bizagi Studio Collaboration Services (introduced under 'Service Interface'), administrators can monitor environment's resources (storage and consumption in BPUs - Bizagi Processing Units) through an on-demand PDF report.

A BPU is a unit of measurement for the storage capacity and the performance (processing capacity) of a run-time environment. One BPU encompasses the resources needed for an environment to execute 10,000 BPMN shapes per month.

The on-demand report contains the average BPU use within the last 90 days, broken down per month, process type, and each individual process.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export data from any business process via:
1) Cloud-based datasets populated by completed Bizagi "cases". Consumed via OData/REST connection e.g. from MS PowerBI, Tableau.
2) Web Services call into native SOAP/REST(OData) APIs (inbound)
3) Web Services (SOAP/REST) call into external APIs (outbound)
4) Ready-made/custom-made connector (E.g. Salesforce, MS Exchange) (outbound)
5) Custom-made component (DLL) (outbound)
6) Automatically-generated documents (DOCX/XLSX/PDF), based on custom templates (e.g. a purchase order, an insurance policy).

See the same question under the "Modeler Services" service, as all those options also apply on how to export process' meta-data.
Data export formats
Other data export formats
  • MS Word (DOCX), Excel (XLSX), Visio (VSDX)
  • Adobe PDF
  • HTML
  • XPDL
  • BPMN 2.0 XML
  • Bizagi Modeler (BPM)
  • XML
  • JSON
  • Text file (TXT)
Data import formats
  • CSV
  • Other
Other data import formats
  • MS Visio (VSDX)
  • BPMN 2.0 XML
  • XPDL
  • Bizagi Modeler (BPM)
  • XML
  • JSON
  • MS Excel (XLSX)
  • Text file (TXT)
  • MS Word (DOCX)

Data-in-transit protection

Data protection between buyer and supplier networks
Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Bizagi provides a Monthly Up-time Percentage of 99,9% to the customer.

Expected service availability does not include planned downtime.

If Bizagi does not achieve the SLA Commitment in any given month, you are eligible to receive Service Credits towards a portion of the monthly service fees, as described below:
Monthly Uptime Percentage < 99.9%, Service credit = 10%
Monthly Uptime Percentage < 99%, Service credit = 25%
Regarding Service Credits:
•The parties acknowledge that each Service Credit is a genuine pre-estimate of the loss likely to be suffered by you and not a penalty.
•The provision of a Service Credit set forth herein represents a Customer’s sole and exclusive remedy if Bizagi does not achieve the SLA Commitment. Customers cannot unilaterally offset their Service Fees for any availability issues.
•Service Credits shall be shown as a deduction from the amount due from the Customer to the Supplier in the next invoice due to be issued under the Main Agreement. The Supplier shall not in any circumstances be obliged to pay any money or make any refund to the Customer.
Approach to resilience
Bizagi is committed to delivering 99.9% SLA uptime. To do so, Bizagi keeps backups of databases and servers to protect against hardware failures and increase system reliability. Bizagi conducts 24x7 monitoring on the services and underlying technology and has five data centres around the world ( North Europe, West Europe, Southeast Asia, SoutCentral US, and East US) to provide higher performance and meet data location requirements.​ Bizagi relies on Microsoft Azure as its IaaS. Microsoft is a tier 1 datacentre.
Outage reporting
Bizagi Studio Collaboration Services lies within Azure security Controls, so in case of a service failure, Bizagi's support team will alert the customer via email about the incident.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access to any Bizagi information asset involved in Bizagi Studio Collaboration Services is authenticated using:
▪ Unique identifiers (to insure individual accountability and auditability);
▪ Together with passwords (of approved complexity) or tokens (collectively known as credentials), before it can be accessed.
Authentication methods are appropriate to the classification of the information and/or functionality being accessed.

Available options for user authentication are:
1) SAML authentication: Azure AD / ADFS / NetIQ / Okta / PingFederate
2) Windows Authentication
3) OAuth authentication
4) LDAP Authentication
5) Bizagi Authentication
6) Custom Authentication.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Bureau Veritas – UKAS
ISO/IEC 27001 accreditation date
June 2018
What the ISO/IEC 27001 doesn’t cover
Our ISO/IEC 27001 certification DOES cover planned processes,
procedures and sites. Reviewed documents include: Information Security and Compliance Manual SC-MA-001, Statement of applicability format SC-FO- 027, Security and privacy training and awareness policy, Workforce security policy, Physical and environmental security policy, Access control policy, Information security incident handling policy, Network security policy, Protection from malicious software policy, Event log and monitoring policy, Data backup and restore policy, Mobile working policy, Information classification and handling policy, Cryptography policy, Information security in project management policy, Information security in upplier’s management policy, Vulnerability management policy, Operations security policy, Bussiness Continuity Manual.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • HIPAA (Health Insurance Portability and Accountability Act of 1996)
  • FedRAMP (Federal Risk and Authorization Management Program)

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
​The following specific policies exist to support our Information Security Policy:
• Security and privacy training and awareness policy
• Workforce security policy
• Physical and environmental security policy
• Access control policy
• Information security incident handling policy
• Network security policy
• Protection from malicious software policy
• Event log and monitoring policy
• Data backup and restore policy
• Mobile working policy
• Information classification and handling policy
• Cryptography policy
• Information security in project management policy
• Information security in supplier’s management policy
• Vulnerability management policy
• Operations security policy.

Our Information Security Policy is reviewed on a yearly basis to ensure it remains appropriate for the business and its ability to serve customers in case of influencing changes on the ISMS (Information Security Management System).​

Bizagi enforces security policies at all levels: staff, line managers, senior management.
Periodical reviews are carried out to verify compliance with the security policies. These reviews consider all levels in the organization.
Critical security aspects such as those regarding the Network security policy, Servers security policy, Acceptable use, among others, are being monitored in real-time to raise alarms and take proper actions when violations occur.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our Change Management Procedure defines how to:
1) Create a Request for change (RFC)
2) Verify and analyze RFC
3) Approve RFC
4) Review and implement change
5) Perform Post-implementation review.
The process is initiated when the IT or Cloud department receives a request to perform a change in the systems or platforms, when a schedule change must be performed, or when an emergency contingency plan must be executed. The change initiator defines the type of change (IT, Cloud, or Operations) and the impact of the change (including the downtime in hours), and they assign a change responsible.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our vulnerability management policy (ISO 27001 compliant) defines a vulnerability assessment frequency:
- Common vulnerabilities and critical patch releases are reviewed monthly
- Independent assessments are performed once per year.
- All new information assets to be included as productive are assessed and documented with no critical or high vulnerabilities.
Vulnerability remediation takes into account its severity (Critical/High/Medium/Low/Information) and is deployed either manually or by using available and authorized automated software (e.g. patch distribution systems) . An emergency process defines how to install patches outside of the regular patching schedule when high-risk vulnerabilities are identified.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Bizagi provides Cloud Operations Team with experts taking care of all underlying infrastructure, components and servicesm, including 24/7 monitoring.

A Security Incident Response Team (SIRT) is in established, with effective training, and backed by the Information Security Officer. Incidents are reported to the Information Security Officer.

According to the criticity of the incident, remedy measures (e.g, hotfixes, service packs, patches or updates) undergo immediate action by relying on System Center Configuration Manager.

Whenever any of the above would potentially affect a customer, a bulletin is issued to notify that customers are expected to take actions as well.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our incident handling procedure defines how to report any security incident of a significant risk:
1) Register a security incident report through the Bizagi Help Desk
2) Analyze a potential security incident, based on
- Attack vector: attrition, Web, Email/Phishing, External/Removable Media, Impersonation/Spoofing, Improper Usage, Loss or Theft of Equipment.
- Functional Impact to business functionality or ability to provide services.
- Information Impact: type of information lost, compromised, or corrupted
- Recoverability: scope of resources needed to recover from the incident: Location/Actors involved/Potential impact
3) Define and execute plan to manage the incident, comprising of:
Risk assessment/Containment Mitigation/Recovery.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£9,100 an instance a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.